_module.argsAdditional arguments passed to each module in addition to ones
like lib, config,
and pkgs, modulesPath.
This option is also available to all submodules. Submodules do not
inherit args from their parent module, nor do they provide args to
their parent module or sibling submodules. The sole exception to
this is the argument name which is provided by
parent modules to a submodule and contains the attribute name
the submodule is bound to, or a unique generated name if it is
not bound to an attribute.
Some arguments are already passed by default, of which the following cannot be changed with this option:
lib: The nixpkgs library.
config: The results of all options after merging the values from all modules together.
options: The options declared in all modules.
specialArgs: The specialArgs argument passed to evalModules.
All attributes of specialArgs
Whereas option values can generally depend on other option values
thanks to laziness, this does not apply to imports, which
must be computed statically before anything else.
For this reason, callers of the module system can provide specialArgs
which are available during import resolution.
For NixOS, specialArgs includes
modulesPath, which allows you to import
extra modules from the nixpkgs package tree without having to
somehow make the module aware of the location of the
nixpkgs or NixOS directories.
{ modulesPath, ... }: {
imports = [
(modulesPath + "/profiles/minimal.nix")
];
}
For NixOS, the default value for this option includes at least this argument:
pkgs: The nixpkgs package set according to
the nixpkgs.pkgs option.
Type: lazy attribute set of raw value
Declared by:
<nixpkgs/lib/modules.nix>
|
appstream.enableWhether to install files to support the AppStream metadata specification.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/config/appstream.nix>
|
boot.enableContainersWhether to enable support for NixOS containers. Defaults to true (at no cost if containers are not actually used).
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
|
boot.binfmt.emulatedSystemsList of systems to emulate. Will also configure Nix to support your new systems. Warning: the builder can execute all emulated systems within the same build, which introduces impurities in the case of cross compilation.
Type: list of string
Default: [ ]
Example:
[ "wasm32-wasi" "x86_64-windows" "aarch64-linux" ]
Declared by:
<nixpkgs/nixos/modules/system/boot/binfmt.nix>
|
boot.binfmt.registrationsExtra binary formats to register with the kernel. See https://www.kernel.org/doc/html/latest/admin-guide/binfmt-misc.html for more details.
Type: attribute set of (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/system/boot/binfmt.nix>
|
boot.binfmt.registrations.<name>.fixBinaryWhether to open the interpreter file as soon as the registration is loaded, rather than waiting for a relevant file to be invoked.
See the description of the 'F' flag in the kernel docs for more details.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/binfmt.nix>
|
boot.binfmt.registrations.<name>.interpreterThe interpreter to invoke to run the program.
Note that the actual registration will point to /run/binfmt/${name}, so the kernel interpreter length limit doesn't apply.
Type: path
Declared by:
<nixpkgs/nixos/modules/system/boot/binfmt.nix>
|
boot.binfmt.registrations.<name>.magicOrExtensionThe magic number or extension to match on.
Type: string
Declared by:
<nixpkgs/nixos/modules/system/boot/binfmt.nix>
|
boot.binfmt.registrations.<name>.maskA mask to be ANDed with the byte sequence of the file before matching
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/system/boot/binfmt.nix>
|
boot.binfmt.registrations.<name>.matchCredentialsWhether to launch with the credentials and security token of the binary, not the interpreter (e.g. setuid bit).
See the description of the 'C' flag in the kernel docs for more details.
Implies/requires openBinary = true.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/binfmt.nix>
|
boot.binfmt.registrations.<name>.offsetThe byte offset of the magic number used for recognition.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/system/boot/binfmt.nix>
|
boot.binfmt.registrations.<name>.openBinaryWhether to pass the binary to the interpreter as an open file descriptor, instead of a path.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/binfmt.nix>
|
boot.binfmt.registrations.<name>.preserveArgvZeroWhether to pass the original argv[0] to the interpreter.
See the description of the 'P' flag in the kernel docs for more details;
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/binfmt.nix>
|
boot.binfmt.registrations.<name>.recognitionTypeWhether to recognize executables by magic number or extension.
Type: one of "magic", "extension"
Default: "magic"
Declared by:
<nixpkgs/nixos/modules/system/boot/binfmt.nix>
|
boot.binfmt.registrations.<name>.wrapInterpreterInShellWhether to wrap the interpreter in a shell script.
This allows a shell command to be set as the interpreter.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/system/boot/binfmt.nix>
|
boot.blacklistedKernelModulesList of names of kernel modules that should not be loaded automatically by the hardware probing code.
Type: list of string
Default: [ ]
Example:
[ "cirrusfb" "i2c_piix4" ]
Declared by:
<nixpkgs/nixos/modules/system/boot/modprobe.nix>
|
boot.bootspec.enableWhether to enable Enable generation of RFC-0125 bootspec in $system/bootspec, e.g. /run/current-system/bootspec.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/system/activation/bootspec.nix>
|
boot.bootspec.extensionsUser-defined data that extends the bootspec document.
To reduce incompatibility and prevent names from clashing between applications, it is highly recommended to use a unique namespace for your extensions.
Type: attribute set
Default: { }
Declared by:
<nixpkgs/nixos/modules/system/activation/bootspec.nix>
|
boot.cleanTmpDirWhether to delete all files in /tmp during boot.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/tmp.nix>
|
boot.consoleLogLevelThe kernel console loglevel. All Kernel Messages with a log level smaller
than this setting will be printed to the console.
Type: signed integer
Default: 4
Declared by:
<nixpkgs/nixos/modules/system/boot/kernel.nix>
|
boot.crashDump.enableIf enabled, NixOS will set up a kernel that will boot on crash, and leave the user in systemd rescue to be able to save the crashed kernel dump at /proc/vmcore. It also activates the NMI watchdog.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/misc/crashdump.nix>
|
boot.crashDump.kernelParamsParameters that will be passed to the kernel kexec-ed on crash.
Type: list of string
Default:
[ "1" "boot.shell_on_fail" ]
Declared by:
<nixpkgs/nixos/modules/misc/crashdump.nix>
|
boot.crashDump.reservedMemoryThe amount of memory reserved for the crashdump kernel. If you choose a too high value, dmesg will mention "crashkernel reservation failed".
Type: string
Default: "128M"
Declared by:
<nixpkgs/nixos/modules/misc/crashdump.nix>
|
boot.devShmSizeSize limit for the /dev/shm tmpfs. Look at mount(8), tmpfs size option, for the accepted syntax.
Type: string
Default: "50%"
Example: "256m"
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
|
boot.devSizeSize limit for the /dev tmpfs. Look at mount(8), tmpfs size option, for the accepted syntax.
Type: string
Default: "5%"
Example: "32m"
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
|
boot.extraModprobeConfigAny additional configuration to be appended to the generated
modprobe.conf. This is typically used to
specify module options. See
modprobe.d(5) for details.
Type: strings concatenated with "\n"
Default: ""
Example:
'' options parport_pc io=0x378 irq=7 dma=1 ''
Declared by:
<nixpkgs/nixos/modules/system/boot/modprobe.nix>
|
boot.extraModulePackagesA list of additional packages supplying kernel modules.
Type: list of package
Default: [ ]
Example: [ config.boot.kernelPackages.nvidia_x11 ]
Declared by:
<nixpkgs/nixos/modules/system/boot/kernel.nix>
|
boot.extraSystemdUnitPathsAdditional paths that get appended to the SYSTEMD_UNIT_PATH environment variable that can contain mutable unit files.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-2.nix>
|
boot.growPartitionWhether to enable grow the root partition on boot.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/system/boot/grow-partition.nix>
|
boot.hardwareScanWhether to try to load kernel modules for all detected hardware. Usually this does a good job of providing you with the modules you need, but sometimes it can crash the system or cause other nasty effects.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/hardware/udev.nix>
|
boot.initrd.enableWhether to enable the NixOS initial RAM disk (initrd). This may be needed to perform some initialisation tasks (like mounting network/encrypted file systems) before continuing the boot process.
Type: boolean
Default: !config.boot.isContainer
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-1.nix>
|
boot.initrd.availableKernelModulesThe set of kernel modules in the initial ramdisk used during the
boot process. This set must include all modules necessary for
mounting the root device. That is, it should include modules
for the physical device (e.g., SCSI drivers) and for the file
system (e.g., ext3). The set specified here is automatically
closed under the module dependency relation, i.e., all
dependencies of the modules list here are included
automatically. The modules listed here are available in the
initrd, but are only loaded on demand (e.g., the ext3 module is
loaded automatically when an ext3 filesystem is mounted, and
modules for PCI devices are loaded when they match the PCI ID
of a device in your system). To force a module to be loaded,
include it in boot.initrd.kernelModules.
Type: list of string
Default: [ ]
Example:
[ "sata_nv" "ext3" ]
Declared by:
<nixpkgs/nixos/modules/system/boot/kernel.nix>
|
boot.initrd.checkJournalingFSWhether to run fsck on journaling filesystems such as ext3.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-1.nix>
|
boot.initrd.compressorThe compressor to use on the initrd image. May be any of:
The name of one of the predefined compressors, see pkgs/build-support/kernel/initrd-compressor-meta.nix for the definitions.
A function which, given the nixpkgs package set, returns the path to a compressor tool, e.g. pkgs: "${pkgs.pigz}/bin/pigz"
(not recommended, because it does not work when cross-compiling) the full path to a compressor tool, e.g. "${pkgs.pigz}/bin/pigz"
The given program should read data from stdin and write it to stdout compressed.
Type: string or function that evaluates to a(n) string
Default: zstd if the kernel supports it (5.9+), gzip if not
Example: "xz"
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-1.nix>
|
boot.initrd.compressorArgsArguments to pass to the compressor for the initrd image, or null to use the compressor's defaults.
Type: null or (list of string)
Default: null
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-1.nix>
|
boot.initrd.extraFilesExtra files to link and copy in to the initrd.
Type: attribute set of (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-1.nix>
|
boot.initrd.extraFiles.<name>.sourceThe object to make available inside the initrd.
Type: package
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-1.nix>
|
boot.initrd.includeDefaultModulesThis option, if set, adds a collection of default kernel modules
to boot.initrd.availableKernelModules and
boot.initrd.kernelModules.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/system/boot/kernel.nix>
|
boot.initrd.kernelModulesList of modules that are always loaded by the initrd.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/kernel.nix>
|
boot.initrd.luks.cryptoModulesA list of cryptographic kernel modules needed to decrypt the root device(s). The default includes all common modules.
Type: list of string
Default:
[ "aes" "aes_generic" "blowfish" "twofish" "serpent" "cbc" "xts" "lrw" "sha1" "sha256" "sha512" "af_alg" "algif_skcipher" ]
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.devicesThe encrypted disk that should be opened before the root
filesystem is mounted. Both LVM-over-LUKS and LUKS-over-LVM
setups are supported. The unencrypted devices can be accessed as
/dev/mapper/«name».
Type: attribute set of (submodule)
Default: { }
Example:
{
luksroot = {
device = "/dev/disk/by-uuid/430e9eff-d852-4f68-aa3b-2fa3599ebe08";
};
}Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.devices.<name>.allowDiscardsWhether to allow TRIM requests to the underlying device. This option has security implications; please read the LUKS documentation before activating it. This option is incompatible with authenticated encryption (dm-crypt stacked over dm-integrity).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.devices.<name>.bypassWorkqueuesWhether to bypass dm-crypt's internal read and write workqueues. Enabling this should improve performance on SSDs; see here for more information. Needs Linux 5.9 or later.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.devices.<name>.devicePath of the underlying encrypted block device.
Type: string
Example: "/dev/disk/by-uuid/430e9eff-d852-4f68-aa3b-2fa3599ebe08"
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.devices.<name>.fallbackToPasswordWhether to fallback to interactive passphrase prompt if the keyfile cannot be found. This will prevent unattended boot should the keyfile go missing.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.devices.<name>.fido2.credentialThe FIDO2 credential ID.
Type: null or string
Default: null
Example: "f1d00200d8dc783f7fb1e10ace8da27f8312d72692abfca2f7e4960a73f48e82e1f7571f6ebfcee9fb434f9886ccc8fcc52a6614d8d2"
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.devices.<name>.fido2.credentialsList of FIDO2 credential IDs.
Use this if you have multiple FIDO2 keys you want to use for the same luks device.
Type: list of string
Default: [ ]
Example:
[ "f1d00200d8dc783f7fb1e10ace8da27f8312d72692abfca2f7e4960a73f48e82e1f7571f6ebfcee9fb434f9886ccc8fcc52a6614d8d2" ]
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.devices.<name>.fido2.gracePeriodTime in seconds to wait for the FIDO2 key.
Type: signed integer
Default: 10
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.devices.<name>.fido2.passwordLessDefines whatever to use an empty string as a default salt.
Enable only when your device is PIN protected, such as Trezor.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.devices.<name>.gpgCardThe option to use this LUKS device with a GPG encrypted luks password by the GPG Smartcard. If null (the default), GPG-Smartcard will be disabled for this device.
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.devices.<name>.gpgCard.encryptedPassPath to the GPG encrypted passphrase.
Type: path
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.devices.<name>.gpgCard.gracePeriodTime in seconds to wait for the GPG Smartcard.
Type: signed integer
Default: 10
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.devices.<name>.gpgCard.publicKeyPath to the Public Key.
Type: path
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.devices.<name>.headerThe name of the file or block device that should be used as header for the encrypted device.
Type: null or string
Default: null
Example: "/root/header.img"
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.devices.<name>.keyFileThe name of the file (can be a raw device or a partition) that should be used as the decryption key for the encrypted device. If not specified, you will be prompted for a passphrase instead.
Type: null or string
Default: null
Example: "/dev/sdb1"
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.devices.<name>.keyFileOffsetThe offset of the key file. Use this in combination with
keyFileSize to use part of a file as key file
(often the case if a raw device or partition is used as a key file).
If not specified, the key begins at the first byte of
keyFile.
Type: null or signed integer
Default: null
Example: 4096
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.devices.<name>.keyFileSizeThe size of the key file. Use this if only the beginning of the
key file should be used as a key (often the case if a raw device
or partition is used as key file). If not specified, the whole
keyFile will be used decryption, instead of just
the first keyFileSize bytes.
Type: null or signed integer
Default: null
Example: 4096
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.devices.<name>.postOpenCommandsCommands that should be run right after we have mounted our LUKS device.
Type: strings concatenated with "\n"
Default: ""
Example:
'' umount /tmp/persistent ''
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.devices.<name>.preLVMWhether the luksOpen will be attempted before LVM scan or after it.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.devices.<name>.preOpenCommandsCommands that should be run right before we try to mount our LUKS device. This can be useful, if the keys needed to open the drive is on another partion.
Type: strings concatenated with "\n"
Default: ""
Example:
'' mkdir -p /tmp/persistent mount -t zfs rpool/safe/persistent /tmp/persistent ''
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.devices.<name>.yubikeyThe options to use for this LUKS device in YubiKey-PBA. If null (the default), YubiKey-PBA will be disabled for this device.
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.devices.<name>.yubikey.gracePeriodTime in seconds to wait for the YubiKey.
Type: signed integer
Default: 10
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.devices.<name>.yubikey.iterationStepHow much the iteration count for PBKDF2 is increased at each successful authentication.
Type: signed integer
Default: 0
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.devices.<name>.yubikey.keyLengthLength of the LUKS slot key derived with PBKDF2 in byte.
Type: signed integer
Default: 64
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.devices.<name>.yubikey.saltLengthLength of the new salt in byte (64 is the effective maximum).
Type: signed integer
Default: 16
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.devices.<name>.yubikey.slotWhich slot on the YubiKey to challenge.
Type: signed integer
Default: 2
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.devices.<name>.yubikey.storage.deviceAn unencrypted device that will temporarily be mounted in stage-1. Must contain the current salt to create the challenge for this LUKS device.
Type: path
Default: "/dev/sda1"
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.devices.<name>.yubikey.storage.fsTypeThe filesystem of the unencrypted device.
Type: string
Default: "vfat"
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.devices.<name>.yubikey.storage.pathAbsolute path of the salt on the unencrypted device with that device's root directory as "/".
Type: string
Default: "/crypt-storage/default"
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.devices.<name>.yubikey.twoFactorWhether to use a passphrase and a YubiKey (true), or only a YubiKey (false).
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.fido2SupportEnables support for authenticating with FIDO2 devices.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.gpgSupportEnables support for authenticating with a GPG encrypted password.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.mitigateDMAAttacksUnless enabled, encryption keys can be easily recovered by an attacker with physical access to any machine with PCMCIA, ExpressCard, ThunderBolt or FireWire port. More information is available at http://en.wikipedia.org/wiki/DMA_attack.
This option blacklists FireWire drivers, but doesn't remove them. You can manually load the drivers if you need to use a FireWire device, but don't forget to unload them!
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.reusePassphrasesWhen opening a new LUKS device try reusing last successful passphrase.
Useful for mounting a number of devices that use the same passphrase without retyping it several times.
Such setup can be useful if you use cryptsetup luksSuspend. Different LUKS devices will still have different master keys even when using the same passphrase.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.luks.yubikeySupportEnables support for authenticating with a YubiKey on LUKS devices. See the NixOS wiki for information on how to properly setup a LUKS device and a YubiKey to work with this feature.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/luksroot.nix>
|
boot.initrd.network.enableAdd network connectivity support to initrd. The network may be
configured using the ip kernel parameter,
as described in the kernel documentation.
Otherwise, if
networking.useDHCP is enabled, an IP address
is acquired using DHCP.
You should add the module(s) required for your network card to
boot.initrd.availableKernelModules.
lspci -v | grep -iA8 'network\|ethernet'
will tell you which.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/initrd-network.nix>
|
boot.initrd.network.flushBeforeStage2Whether to clear the configuration of the interfaces that were set up in the initrd right before stage 2 takes over. Stage 2 will do the regular network configuration based on the NixOS networking options.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/system/boot/initrd-network.nix>
|
boot.initrd.network.openvpn.enableStarts an OpenVPN client during initrd boot. It can be used to e.g.
remotely accessing the SSH service controlled by
boot.initrd.network.ssh or other network services
included. Service is killed when stage-1 boot is finished.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/initrd-openvpn.nix>
|
boot.initrd.network.openvpn.configurationThe configuration file for OpenVPN.
Unless your bootloader supports initrd secrets, this configuration is stored insecurely in the global Nix store.
Type: path
Example: ./configuration.ovpn
Declared by:
<nixpkgs/nixos/modules/system/boot/initrd-openvpn.nix>
|
boot.initrd.network.postCommandsShell commands to be executed after stage 1 of the boot has initialised the network.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/system/boot/initrd-network.nix>
|
boot.initrd.network.ssh.enableStart SSH service during initrd boot. It can be used to debug failing boot on a remote server, enter pasphrase for an encrypted partition etc. Service is killed when stage-1 boot is finished.
The sshd configuration is largely inherited from
services.openssh.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/initrd-ssh.nix>
|
boot.initrd.network.ssh.authorizedKeysAuthorized keys for the root user on initrd.
Type: list of string
Default: config.users.users.root.openssh.authorizedKeys.keys
Declared by:
<nixpkgs/nixos/modules/system/boot/initrd-ssh.nix>
|
boot.initrd.network.ssh.extraConfigVerbatim contents of sshd_config.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/system/boot/initrd-ssh.nix>
|
boot.initrd.network.ssh.hostKeysSpecify SSH host keys to import into the initrd.
To generate keys, use ssh-keygen(1) as root:
ssh-keygen -t rsa -N "" -f /etc/secrets/initrd/ssh_host_rsa_key ssh-keygen -t ed25519 -N "" -f /etc/secrets/initrd/ssh_host_ed25519_key
Unless your bootloader supports initrd secrets, these keys are stored insecurely in the global Nix store. Do NOT use your regular SSH host private keys for this purpose or you'll expose them to regular users! Additionally, even if your initrd supports secrets, if you're using initrd SSH to unlock an encrypted disk then using your regular host keys exposes the private keys on your unencrypted boot partition.
Type: list of (string or path)
Default: [ ]
Example:
[ "/etc/secrets/initrd/ssh_host_rsa_key" "/etc/secrets/initrd/ssh_host_ed25519_key" ]
Declared by:
<nixpkgs/nixos/modules/system/boot/initrd-ssh.nix>
|
boot.initrd.network.ssh.ignoreEmptyHostKeysAllow leaving config.boot.initrd.network.ssh empty,
to deploy ssh host keys out of band.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/initrd-ssh.nix>
|
boot.initrd.network.ssh.portPort on which SSH initrd service should listen.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 22
Declared by:
<nixpkgs/nixos/modules/system/boot/initrd-ssh.nix>
|
boot.initrd.network.ssh.shellLogin shell of the remote user. Can be used to limit actions user can do.
Type: string
Default: "/bin/ash"
Declared by:
<nixpkgs/nixos/modules/system/boot/initrd-ssh.nix>
|
boot.initrd.network.udhcpc.extraArgsAdditional command-line arguments passed verbatim to udhcpc if
boot.initrd.network.enable and networking.useDHCP
are enabled.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/initrd-network.nix>
|
boot.initrd.postDeviceCommandsShell commands to be executed immediately after stage 1 of the
boot has loaded kernel modules and created device nodes in
/dev.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-1.nix>
|
boot.initrd.postMountCommandsShell commands to be executed immediately after the stage 1 filesystems have been mounted.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-1.nix>
|
boot.initrd.preDeviceCommandsShell commands to be executed before udev is started to create device nodes.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-1.nix>
|
boot.initrd.preFailCommandsShell commands to be executed before the failure prompt is shown.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-1.nix>
|
boot.initrd.preLVMCommandsShell commands to be executed immediately before LVM discovery.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-1.nix>
|
boot.initrd.prependOther initrd files to prepend to the final initrd we are building.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-1.nix>
|
boot.initrd.secretsSecrets to append to the initrd. The attribute name is the path the secret should have inside the initrd, the value is the path it should be copied from (or null for the same path inside and out).
Type: attribute set of (null or path)
Default: { }
Example:
{ "/etc/dropbear/dropbear_rsa_host_key" =
./secret-dropbear-key;
}
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-1.nix>
|
boot.initrd.services.swraid.mdadmConfContents of /etc/mdadm.conf in initrd.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/tasks/swraid.nix>
|
boot.initrd.services.udev.rulesudev rules to include in the initrd
only. They'll be written into file
99-local.rules. Thus they are read and applied
after the essential initrd rules.
Type: strings concatenated with "\n"
Default: ""
Example:
''
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:1D:60:B9:6D:4F", KERNEL=="eth*", NAME="my_fast_network_card"
''Declared by:
<nixpkgs/nixos/modules/services/hardware/udev.nix>
|
boot.initrd.supportedFilesystemsNames of supported filesystem types in the initial ramdisk.
Type: list of string
Default: [ ]
Example:
[ "btrfs" ]
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-1.nix>
|
boot.initrd.systemd.enableWhether to enable systemd in initrd.
Note: This is in very early development and is highly experimental. Most of the features NixOS supports in initrd are not yet supported by the intrd generated with this option.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/initrd.nix>
|
boot.initrd.systemd.extraBinTools to add to /bin
Type: attribute set of path
Default: { }
Example:
{
umount = ${pkgs.util-linux}/bin/umount;
}
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/initrd.nix>
|
boot.initrd.systemd.storePathsStore paths to copy into the initrd as well.
Type: list of ((optionally newline-terminated) single-line string or package)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/initrd.nix>
|
boot.initrd.systemd.stripWhether to completely strip executables and libraries copied to the initramfs.
Setting this to false may save on the order of 30MiB on the machine building the system (by avoiding a binutils reference), at the cost of ~1MiB of initramfs size. This puts this option firmly in the territory of micro-optimisation.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/initrd.nix>
|
boot.initrd.systemd.suppressedStorePathsStore paths specified in the storePaths option that should not be copied.
Type: list of (optionally newline-terminated) single-line string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/initrd.nix>
|
boot.initrd.verboseVerbosity of the initrd. Please note that disabling verbosity removes only the mandatory messages generated by the NixOS scripts. For a completely silent boot, you might also want to set the two following configuration options:
boot.consoleLogLevel = 0;
boot.kernelParams = [ "quiet" "udev.log_level=3" ];
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-1.nix>
|
boot.isContainerWhether this NixOS machine is a lightweight container running in another NixOS system.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
|
boot.iscsi-initiator.discoverPortaliSCSI portal to boot from.
Type: null or string
Default: null
Example: "192.168.1.1:3260"
Declared by:
<nixpkgs/nixos/modules/services/networking/iscsi/root-initiator.nix>
|
boot.iscsi-initiator.extraConfigExtra lines to append to /etc/iscsid.conf
Type: null or strings concatenated with "\n"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/iscsi/root-initiator.nix>
|
boot.iscsi-initiator.extraConfigFileAppend an additional file's contents to /etc/iscsid.conf. Use a non-store path
and store passwords in this file. Note: the file specified here must be available
in the initrd, see: boot.initrd.secrets.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/iscsi/root-initiator.nix>
|
boot.iscsi-initiator.extraIscsiCommandsExtra iscsi commands to run in the initrd.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/iscsi/root-initiator.nix>
|
boot.iscsi-initiator.logLevelHigher numbers elicits more logs.
Type: signed integer
Default: 1
Example: 8
Declared by:
<nixpkgs/nixos/modules/services/networking/iscsi/root-initiator.nix>
|
boot.iscsi-initiator.loginAllDo not log into a specific target on the portal, but to all that we discover. This overrides setting target.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/iscsi/root-initiator.nix>
|
boot.iscsi-initiator.nameName of the iSCSI initiator to boot from. Note, booting from iscsi requires networkd based networking.
Type: null or string
Default: null
Example: "iqn.2020-08.org.linux-iscsi.initiatorhost:example"
Declared by:
<nixpkgs/nixos/modules/services/networking/iscsi/root-initiator.nix>
|
boot.iscsi-initiator.targetName of the iSCSI target to boot from.
Type: null or string
Default: null
Example: "iqn.2020-08.org.linux-iscsi.targethost:example"
Declared by:
<nixpkgs/nixos/modules/services/networking/iscsi/root-initiator.nix>
|
boot.kernel.enableWhether to enable the Linux kernel. This is useful for systemd-like containers which do not require a kernel..
Type: boolean
Default: true
Example: true
Declared by:
<nixpkgs/nixos/modules/system/boot/kernel.nix>
|
boot.kernel.randstructSeedProvides a custom seed for the RANDSTRUCT security
option of the Linux kernel. Note that RANDSTRUCT is
only enabled in NixOS hardened kernels. Using a custom seed requires
building the kernel and dependent packages locally, since this
customization happens at build time.
Type: string
Default: ""
Example: "my secret seed"
Declared by:
<nixpkgs/nixos/modules/system/boot/kernel.nix>
|
boot.kernel.sysctlRuntime parameters of the Linux kernel, as set by
sysctl(8). Note that sysctl
parameters names must be enclosed in quotes
(e.g. "vm.swappiness" instead of
vm.swappiness). The value of each
parameter may be a string, integer, boolean, or null
(signifying the option will not appear at all).
Type: attribute set of (sysctl option value)
Default: { }
Example:
{ "net.ipv4.tcp_syncookies" = false; "vm.swappiness" = 60; }
Declared by:
<nixpkgs/nixos/modules/config/sysctl.nix>
|
boot.kernel.sysctl."net.core.rmem_max"The maximum socket receive buffer size. In case of conflicting values, the highest will be used.
Type: null or unsigned integer, meaning >=0
Default: null
Declared by:
<nixpkgs/nixos/modules/config/sysctl.nix>
|
boot.kernelModulesThe set of kernel modules to be loaded in the second stage of
the boot process. Note that modules that are needed to
mount the root file system should be added to
boot.initrd.availableKernelModules or
boot.initrd.kernelModules.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/kernel.nix>
|
boot.kernelPackagesThis option allows you to override the Linux kernel used by
NixOS. Since things like external kernel module packages are
tied to the kernel you're using, it also overrides those.
This option is a function that takes Nixpkgs as an argument
(as a convenience), and returns an attribute set containing at
the very least an attribute kernel.
Additional attributes may be needed depending on your
configuration. For instance, if you use the NVIDIA X driver,
then it also needs to contain an attribute
nvidia_x11.
Please note that we strictly support kernel versions that are maintained by the Linux developers only. More information on the availability of kernel versions is documented in the Linux section of the manual.
Type: raw value
Default: pkgs.linuxPackages
Example: pkgs.linuxKernel.packages.linux_5_10
Declared by:
<nixpkgs/nixos/modules/system/boot/kernel.nix>
|
boot.kernelParamsParameters added to the kernel command line.
Type: list of string, with spaces inside double quotes
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/kernel.nix>
|
boot.kernelPatchesA list of additional patches to apply to the kernel.
Type: list of (attribute set)
Default: [ ]
Example: [ pkgs.kernelPatches.ubuntu_fan_4_4 ]
Declared by:
<nixpkgs/nixos/modules/system/boot/kernel.nix>
|
boot.loader.efi.canTouchEfiVariablesWhether the installation process is allowed to modify EFI boot variables.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/efi.nix>
|
boot.loader.efi.efiSysMountPointWhere the EFI System Partition is mounted.
Type: string
Default: "/boot"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/efi.nix>
|
boot.loader.external.enableWhether to enable use an external tool to install your bootloader.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/external/external.nix>
|
boot.loader.external.installHookThe full path to a program of your choosing which performs the bootloader installation process.
The program will be called with an argument pointing to the output of the system's toplevel.
Type: path
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/external/external.nix>
|
boot.loader.generationsDir.enableWhether to create symlinks to the system generations under
/boot. When enabled,
/boot/default/kernel,
/boot/default/initrd, etc., are updated to
point to the current generation's kernel image, initial RAM
disk, and other bootstrap files.
This optional is not necessary with boot loaders such as GNU GRUB for which the menu is updated to point to the latest bootstrap files. However, it is needed for U-Boot on platforms where the boot command line is stored in flash memory rather than in a menu file.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/generations-dir/generations-dir.nix>
|
boot.loader.generationsDir.copyKernelsWhether copy the necessary boot files into /boot, so /nix/store is not needed by the boot loader.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/generations-dir/generations-dir.nix>
|
boot.loader.generic-extlinux-compatible.enableWhether to generate an extlinux-compatible configuration file
under /boot/extlinux.conf. For instance,
U-Boot's generic distro boot support uses this file format.
See U-boot's documentation for more information.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/generic-extlinux-compatible>
|
boot.loader.generic-extlinux-compatible.configurationLimitMaximum number of configurations in the boot menu.
Type: signed integer
Default: 20
Example: 10
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/generic-extlinux-compatible>
|
boot.loader.generic-extlinux-compatible.populateCmdContains the builder command used to populate an image,
honoring all options except the -c <path-to-default-configuration>
argument.
Useful to have for sdImage.populateRootCommands
Type: string (read only)
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/generic-extlinux-compatible>
|
boot.loader.generic-extlinux-compatible.useGenerationDeviceTreeWhether to generate Device Tree-related directives in the extlinux configuration.
When enabled, the bootloader will attempt to load the device tree binaries from the generation's kernel.
Note that this affects all generations, regardless of the setting value used in their configurations.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/generic-extlinux-compatible>
|
boot.loader.grub.enableWhether to enable the GNU GRUB boot loader.
Type: boolean
Default: !config.boot.isContainer
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.enableCryptodiskEnable support for encrypted partitions. GRUB should automatically unlock the correct encrypted partition and look for filesystems.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.backgroundColorBackground color to be used for GRUB to fill the areas the image isn't filling.
This options has no effect for GRUB 1.
Type: null or string
Default: null
Example: "#7EBAE4"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.configurationLimitMaximum of configurations in boot menu. GRUB has problems when there are too many entries.
Type: signed integer
Default: 100
Example: 120
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.configurationNameGRUB entry name instead of default.
Type: string
Default: ""
Example: "Stable 2.6.21"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.copyKernelsWhether the GRUB menu builder should copy kernels and initial ramdisks to /boot. This is done automatically if /boot is on a different partition than /.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.defaultIndex of the default menu item to be booted. Can also be set to "saved", which will make GRUB select the menu item that was used at the last boot.
Type: signed integer or string
Default: "0"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.deviceThe device on which the GRUB boot loader will be installed.
The special value nodev means that a GRUB
boot menu will be generated, but GRUB itself will not
actually be installed. To install GRUB on multiple devices,
use boot.loader.grub.devices.
Type: string
Default: ""
Example: "/dev/disk/by-id/wwn-0x500001234567890a"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.devicesThe devices on which the boot loader, GRUB, will be
installed. Can be used instead of device to
install GRUB onto multiple devices.
Type: list of string
Default: [ ]
Example:
[ "/dev/disk/by-id/wwn-0x500001234567890a" ]
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.efiInstallAsRemovableWhether to invoke grub-install with
--removable.
Unless you turn this on, GRUB will install itself somewhere in
boot.loader.efi.efiSysMountPoint (exactly where
depends on other config variables). If you've set
boot.loader.efi.canTouchEfiVariables AND you
are currently booted in UEFI mode, then GRUB will use
efibootmgr to modify the boot order in the
EFI variables of your firmware to include this location. If you are
not booted in UEFI mode at the time GRUB is being installed, the
NVRAM will not be modified, and your system will not find GRUB at
boot time. However, GRUB will still return success so you may miss
the warning that gets printed ("efibootmgr: EFI variables are not supported on this system.").
If you turn this feature on, GRUB will install itself in a
special location within efiSysMountPoint (namely
EFI/boot/boot$arch.efi) which the firmwares
are hardcoded to try first, regardless of NVRAM EFI variables.
To summarize, turn this on if:
You are installing NixOS and want it to boot in UEFI mode, but you are currently booted in legacy mode
You want to make a drive that will boot regardless of the NVRAM state of the computer (like a USB "removable" drive)
You simply dislike the idea of depending on NVRAM state to make your drive bootable
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.efiSupportWhether GRUB should be built with EFI support. EFI support is only available for GRUB v2. This option is ignored for GRUB v1.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.entryOptionsOptions applied to the primary NixOS menu entry.
This options has no effect for GRUB 1.
Type: null or string
Default: "--class nixos --unrestricted"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.extraConfigAdditional GRUB commands inserted in the configuration file just before the menu entries.
Type: strings concatenated with "\n"
Default: ""
Example:
'' serial --unit=0 --speed=115200 --word=8 --parity=no --stop=1 terminal_input --append serial terminal_output --append serial ''
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.extraEntriesAny additional entries you want added to the GRUB boot menu.
Type: strings concatenated with "\n"
Default: ""
Example:
''
# GRUB 1 example (not GRUB 2 compatible)
title Windows
chainloader (hd0,1)+1
# GRUB 2 example
menuentry "Windows 7" {
chainloader (hd0,4)+1
}
# GRUB 2 with UEFI example, chainloading another distro
menuentry "Fedora" {
set root=(hd1,1)
chainloader /efi/fedora/grubx64.efi
}
''Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.extraEntriesBeforeNixOSWhether extraEntries are included before the default option.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.extraFilesA set of files to be copied to /boot.
Each attribute name denotes the destination file name in
/boot, while the corresponding
attribute value specifies the source file.
Type: attribute set of path
Default: { }
Example:
{ "memtest.bin" = "${pkgs.memtest86plus}/memtest.bin"; }
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.extraGrubInstallArgsAdditional arguments passed to grub-install.
A use case for this is to build specific GRUB2 modules
directly into the GRUB2 kernel image, so that they are available
and activated even in the grub rescue shell.
They are also necessary when the BIOS/UEFI is bugged and cannot
correctly read large disks (e.g. above 2 TB), so GRUB2's own
nativedisk and related modules can be used
to use its own disk drivers. The example shows one such case.
This is also useful for booting from USB.
See the
GRUB source code
for which disk modules are available.
The list elements are passed directly as argv
arguments to the grub-install program, in order.
Type: list of string
Default: [ ]
Example:
[ "--modules=nativedisk ahci pata part_gpt part_msdos diskfilter mdraid1x lvm ext2" ]
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.extraInstallCommandsAdditional shell commands inserted in the bootloader installer script after generating menu entries.
Type: strings concatenated with "\n"
Default: ""
Example:
''
# the example below generates detached signatures that GRUB can verify
# https://www.gnu.org/software/grub/manual/grub/grub.html#Using-digital-signatures
''${pkgs.findutils}/bin/find /boot -not -path "/boot/efi/*" -type f -name '*.sig' -delete
old_gpg_home=$GNUPGHOME
export GNUPGHOME="$(mktemp -d)"
''${pkgs.gnupg}/bin/gpg --import ''${priv_key} > /dev/null 2>&1
''${pkgs.findutils}/bin/find /boot -not -path "/boot/efi/*" -type f -exec ''${pkgs.gnupg}/bin/gpg --detach-sign "{}" \; > /dev/null 2>&1
rm -rf $GNUPGHOME
export GNUPGHOME=$old_gpg_home
''Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.extraPerEntryConfigAdditional GRUB commands inserted in the configuration file at the start of each NixOS menu entry.
Type: strings concatenated with "\n"
Default: ""
Example: "root (hd0)"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.extraPrepareConfigAdditional bash commands to be run at the script that prepares the GRUB menu entries.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.fontPath to a TrueType, OpenType, or pf2 font to be used by Grub.
Type: null or path
Default: "${pkgs.grub2}/share/grub/unicode.pf2"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.fontSizeFont size for the grub menu. Ignored unless font
is set to a ttf or otf font.
Type: null or signed integer
Default: null
Example: 16
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.forceInstallWhether to try and forcibly install GRUB even if problems are detected. It is not recommended to enable this unless you know what you are doing.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.forcei686Whether to force the use of a ia32 boot loader on x64 systems. Required to install and run NixOS on 64bit x86 systems with 32bit (U)EFI.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.fsIdentifierDetermines how GRUB will identify devices when generating the configuration file. A value of uuid / label signifies that grub will always resolve the uuid or label of the device before using it in the configuration. A value of provided means that GRUB will use the device name as show in df or mount. Note, zfs zpools / datasets are ignored and will always be mounted using their labels.
Type: one of "uuid", "label", "provided"
Default: "uuid"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.gfxmodeBiosThe gfxmode to pass to GRUB when loading a graphical boot interface under BIOS.
Type: string
Default: "1024x768"
Example: "auto"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.gfxmodeEfiThe gfxmode to pass to GRUB when loading a graphical boot interface under EFI.
Type: string
Default: "auto"
Example: "1024x768"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.gfxpayloadBiosThe gfxpayload to pass to GRUB when loading a graphical boot interface under BIOS.
Type: string
Default: "text"
Example: "keep"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.gfxpayloadEfiThe gfxpayload to pass to GRUB when loading a graphical boot interface under EFI.
Type: string
Default: "keep"
Example: "text"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.ipxeSet of iPXE scripts available for booting from the GRUB boot menu.
Type: attribute set of (path or string)
Default: { }
Example:
{ demo = ''
#!ipxe
dhcp
chain http://boot.ipxe.org/demo/boot.php
'';
}
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/ipxe.nix>
|
boot.loader.grub.memtest86.enableMake Memtest86+ (or MemTest86 if EFI support is enabled),
a memory testing program, available from the
GRUB boot menu. MemTest86 is an unfree program, so
this requires allowUnfree to be set to
true.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/memtest.nix>
|
boot.loader.grub.memtest86.paramsParameters added to the Memtest86+ command line. As of memtest86+ 5.01 the following list of (apparently undocumented) parameters are accepted:
console=..., set up a serial console.
Examples:
console=ttyS0,
console=ttyS0,9600 or
console=ttyS0,115200n8.
btrace, enable boot trace.
maxcpus=N, limit number of CPUs.
onepass, run one pass and exit if there
are no errors.
tstlist=..., list of tests to run.
Example: 0,1,2.
cpumask=..., set a CPU mask, to select CPUs
to use for testing.
This list of command line options was obtained by reading the Memtest86+ source code.
Type: list of string
Default: [ ]
Example:
[ "console=ttyS0,115200" ]
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/memtest.nix>
|
boot.loader.grub.mirroredBootsMirror the boot configuration to multiple partitions and install grub to the respective devices corresponding to those partitions.
Type: list of (submodule)
Default: [ ]
Example:
[
{
devices = [
"/dev/disk/by-id/wwn-0x500001234567890a"
];
path = "/boot1";
}
{
devices = [
"/dev/disk/by-id/wwn-0x500009876543210a"
];
path = "/boot2";
}
]Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.mirroredBoots.*.devicesThe path to the devices which will have the GRUB MBR written. Note these are typically device paths and not paths to partitions.
Type: list of string
Default: [ ]
Example:
[ "/dev/disk/by-id/wwn-0x500001234567890a" "/dev/disk/by-id/wwn-0x500009876543210a" ]
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.mirroredBoots.*.efiBootloaderIdThe id of the bootloader to store in efi nvram.
The default is to name it NixOS and append the path or efiSysMountPoint.
This is only used if boot.loader.efi.canTouchEfiVariables is true.
Type: null or string
Default: null
Example: "NixOS-fsid"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.mirroredBoots.*.efiSysMountPointThe path to the efi system mount point. Usually this is the same partition as the above path and can be left as null.
Type: null or string
Default: null
Example: "/boot1/efi"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.mirroredBoots.*.pathThe path to the boot directory where GRUB will be written. Generally this boot path should double as an EFI path.
Type: string
Example: "/boot1"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.splashImageBackground image used for GRUB.
Set to null to run GRUB in text mode.
For grub 1: It must be a 640x480, 14-colour image in XPM format, optionally compressed with gzip or bzip2.
For grub 2: File must be one of .png, .tga, .jpg, or .jpeg. JPEG images must not be progressive. The image will be scaled if necessary to fit the screen.
Type: null or path
Example: ./my-background.png
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.splashModeWhether to stretch the image or show the image in the top-left corner unstretched.
This options has no effect for GRUB 1.
Type: one of "normal", "stretch"
Default: "stretch"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.storePathPath to the Nix store when looking for kernels at boot. Only makes sense when copyKernels is false.
Type: string
Default: "/nix/store"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.subEntryOptionsOptions applied to the secondary NixOS submenu entry.
This options has no effect for GRUB 1.
Type: null or string
Default: "--class nixos"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.themeGrub theme to be used.
This options has no effect for GRUB 1.
Type: null or path
Default: null
Example: pkgs.nixos-grub2-theme
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.trustedBoot.enableEnable trusted boot. GRUB will measure all critical components during the boot process to offer TCG (TPM) support.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.trustedBoot.isHPLaptopUse a special version of TrustedGRUB that is needed by some HP laptops and works only for the HP laptops.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.trustedBoot.systemHasTPMAssertion that the target system has an activated TPM. It is a safety check before allowing the activation of 'trustedBoot.enable'. TrustedBoot WILL FAIL TO BOOT YOUR SYSTEM if no TPM is available.
Type: string
Default: ""
Example: "YES_TPM_is_activated"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.useOSProberIf set to true, append entries for other OSs detected by os-prober.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.usersUser accounts for GRUB. When specified, the GRUB command line and all boot options except the default are password-protected. All passwords and hashes provided will be stored in /boot/grub/grub.cfg, and will be visible to any local user who can read this file. Additionally, any passwords and hashes provided directly in a Nix configuration (as opposed to external files) will be copied into the Nix store, and will be visible to all local users.
Type: attribute set of (submodule)
Default: { }
Example:
{
root = {
hashedPasswordFile = "/path/to/file";
};
}Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.users.<name>.hashedPasswordSpecifies the password hash for the account, generated with grub-mkpasswd-pbkdf2. This hash will be copied to the Nix store, and will be visible to all local users.
Type: null or string
Default: null
Example: "grub.pbkdf2.sha512.10000.674DFFDEF76E13EA...2CC972B102CF4355"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.users.<name>.hashedPasswordFileSpecifies the path to a file containing the password hash for the account, generated with grub-mkpasswd-pbkdf2. This hash will be stored in /boot/grub/grub.cfg, and will be visible to any local user who can read this file.
Type: null or string
Default: null
Example: "/path/to/file"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.users.<name>.passwordSpecifies the clear text password for the account. This password will be copied to the Nix store, and will be visible to all local users.
Type: null or string
Default: null
Example: "Pa$$w0rd!"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.users.<name>.passwordFileSpecifies the path to a file containing the clear text password for the account. This password will be stored in /boot/grub/grub.cfg, and will be visible to any local user who can read this file.
Type: null or string
Default: null
Example: "/path/to/file"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.versionThe version of GRUB to use: 1 for GRUB
Legacy (versions 0.9x), or 2 (the
default) for GRUB 2.
Type: signed integer
Default: 2
Example: 1
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.grub.zfsSupportWhether GRUB should be built against libzfs. ZFS support is only available for GRUB v2. This option is ignored for GRUB v1.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/grub/grub.nix>
|
boot.loader.initScript.enableSome systems require a /sbin/init script which is started. Or having it makes starting NixOS easier. This applies to some kind of hosting services and user mode linux.
Additionally this script will create /boot/init-other-configurations-contents.txt containing contents of remaining configurations. You can copy paste them into /sbin/init manually running a rescue system or such.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/init-script/init-script.nix>
|
boot.loader.raspberryPi.enableWhether to create files with the system generations in
/boot.
/boot/old will hold files from old generations.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/raspberrypi/raspberrypi.nix>
|
boot.loader.raspberryPi.firmwareConfigExtra options that will be appended to /boot/config.txt file.
For possible values, see: https://www.raspberrypi.com/documentation/computers/config_txt.html
Type: null or strings concatenated with "\n"
Default: null
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/raspberrypi/raspberrypi.nix>
|
boot.loader.raspberryPi.uboot.enableEnable using uboot as bootmanager for the raspberry pi.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/raspberrypi/raspberrypi.nix>
|
boot.loader.raspberryPi.uboot.configurationLimitMaximum number of configurations in the boot menu.
Type: signed integer
Default: 20
Example: 10
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/raspberrypi/raspberrypi.nix>
|
boot.loader.raspberryPi.version
Type: one of 0, 1, 2, 3, 4
Default: 2
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/raspberrypi/raspberrypi.nix>
|
boot.loader.systemd-boot.enableWhether to enable the systemd-boot (formerly gummiboot) EFI boot manager
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix>
|
boot.loader.systemd-boot.configurationLimitMaximum number of latest generations in the boot menu. Useful to prevent boot partition running out of disk space.
null means no limit i.e. all generations
that were not garbage collected yet.
Type: null or signed integer
Default: null
Example: 120
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix>
|
boot.loader.systemd-boot.consoleModeThe resolution of the console. The following values are valid:
"0": Standard UEFI 80x25 mode
"1": 80x50 mode, not supported by all devices
"2": The first non-standard mode provided by the device firmware, if any
"auto": Pick a suitable mode automatically using heuristics
"max": Pick the highest-numbered available mode
"keep": Keep the mode selected by firmware (the default)
Type: one of "0", "1", "2", "auto", "max", "keep"
Default: "keep"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix>
|
boot.loader.systemd-boot.editorWhether to allow editing the kernel command-line before boot. It is recommended to set this to false, as it allows gaining root access by passing init=/bin/sh as a kernel parameter. However, it is enabled by default for backwards compatibility.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix>
|
boot.loader.systemd-boot.extraEntriesAny additional entries you want added to the systemd-boot menu.
These entries will be copied to /boot/loader/entries.
Each attribute name denotes the destination file name,
and the corresponding attribute value is the contents of the entry.
systemd-boot orders the menu entries by the config file names,
so if you want something to appear after all the NixOS entries,
it should start with o or onwards.
Type: attribute set of strings concatenated with "\n"
Default: { }
Example:
{ "memtest86.conf" = ''
title MemTest86
efi /efi/memtest86/memtest86.efi
''; }
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix>
|
boot.loader.systemd-boot.extraFilesA set of files to be copied to /boot.
Each attribute name denotes the destination file name in
/boot, while the corresponding
attribute value specifies the source file.
Type: attribute set of path
Default: { }
Example:
{ "efi/memtest86/memtest86.efi" = "${pkgs.memtest86-efi}/BOOTX64.efi"; }
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix>
|
boot.loader.systemd-boot.extraInstallCommandsAdditional shell commands inserted in the bootloader installer
script after generating menu entries. It can be used to expand
on extra boot entries that cannot incorporate certain pieces of
information (such as the resulting init= kernel parameter).
Type: strings concatenated with "\n"
Default: ""
Example:
''
default_cfg=$(cat /boot/loader/loader.conf | grep default | awk '{print $2}')
init_value=$(cat /boot/loader/entries/$default_cfg | grep init= | awk '{print $2}')
sed -i "s|@INIT@|$init_value|g" /boot/custom/config_with_placeholder.conf
''Declared by:
<nixpkgs/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix>
|
boot.loader.systemd-boot.gracefulInvoke bootctl install with the --graceful option,
which ignores errors when EFI variables cannot be written or when the EFI System Partition
cannot be found. Currently only applies to random seed operations.
Only enable this option if systemd-boot otherwise fails to install, as the
scope or implication of the --graceful option may change in the future.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix>
|
boot.loader.systemd-boot.memtest86.enableMake MemTest86 available from the systemd-boot menu. MemTest86 is a
program for testing memory. MemTest86 is an unfree program, so
this requires allowUnfree to be set to
true.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix>
|
boot.loader.systemd-boot.memtest86.entryFilenamesystemd-boot orders the menu entries by the config file names,
so if you want something to appear after all the NixOS entries,
it should start with o or onwards.
Type: string
Default: "memtest86.conf"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix>
|
boot.loader.systemd-boot.netbootxyz.enableMake netboot.xyz available from the
systemd-boot menu. netboot.xyz
is a menu system that allows you to boot OS installers and
utilities over the network.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix>
|
boot.loader.systemd-boot.netbootxyz.entryFilenamesystemd-boot orders the menu entries by the config file names,
so if you want something to appear after all the NixOS entries,
it should start with o or onwards.
Type: string
Default: "o_netbootxyz.conf"
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix>
|
boot.loader.timeoutTimeout (in seconds) until loader boots the default menu item. Use null if the loader menu should be displayed indefinitely.
Type: null or signed integer
Default: 5
Declared by:
<nixpkgs/nixos/modules/system/boot/loader/loader.nix>
|
boot.modprobeConfig.enableWhether to enable modprobe config. This is useful for systemds like containers which do not require a kernel..
Type: boolean
Default: true
Example: true
Declared by:
<nixpkgs/nixos/modules/system/boot/modprobe.nix>
|
boot.plymouth.enableWhether to enable Plymouth boot splash screen.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/system/boot/plymouth.nix>
|
boot.plymouth.extraConfigLiteral string to append to configFile
and the config file generated by the plymouth module.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/system/boot/plymouth.nix>
|
boot.plymouth.fontFont file made available for displaying text on the splash screen.
Type: path
Default: "${pkgs.dejavu_fonts.minimal}/share/fonts/truetype/DejaVuSans.ttf"
Declared by:
<nixpkgs/nixos/modules/system/boot/plymouth.nix>
|
boot.plymouth.logoLogo which is displayed on the splash screen.
Type: path
Default:
pkgs.fetchurl {
url = "https://nixos.org/logo/nixos-hires.png";
sha256 = "1ivzgd7iz0i06y36p8m5w48fd8pjqwxhdaavc0pxs7w1g7mcy5si";
}Declared by:
<nixpkgs/nixos/modules/system/boot/plymouth.nix>
|
boot.plymouth.themeSplash screen theme.
Type: string
Default: "bgrt"
Declared by:
<nixpkgs/nixos/modules/system/boot/plymouth.nix>
|
boot.plymouth.themePackagesExtra theme packages for plymouth.
Type: list of package
Default: A NixOS branded variant of the breeze theme when
config.boot.plymouth.theme == "breeze", otherwise
[ ].
Declared by:
<nixpkgs/nixos/modules/system/boot/plymouth.nix>
|
boot.postBootCommandsShell commands to be executed just before systemd is started.
Type: strings concatenated with "\n"
Default: ""
Example: "rm -f /var/log/messages"
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-2.nix>
|
boot.readOnlyNixStoreIf set, NixOS will enforce the immutability of the Nix store
by making /nix/store a read-only bind
mount. Nix will automatically make the store writable when
needed.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-2.nix>
|
boot.resumeDeviceDevice for manual resume attempt during boot. This should be used primarily
if you want to resume from file. If left empty, the swap partitions are used.
Specify here the device where the file resides.
You should also use boot.kernelParams to specify
«resume_offset».
Type: string
Default: ""
Example: "/dev/sda3"
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-1.nix>
|
boot.runSizeSize limit for the /run tmpfs. Look at mount(8), tmpfs size option, for the accepted syntax.
Type: string
Default: "25%"
Example: "256m"
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
|
boot.specialFileSystems.<name>.dependsList of paths that should be mounted before this one. This filesystem's
device and mountPoint are always
checked and do not need to be included explicitly. If a path is added
to this list, any other filesystem whose mount point is a parent of
the path will be mounted before this filesystem. The paths do not need
to actually be the mountPoint of some other filesystem.
Type: list of string (with check: non-empty without trailing slash)
Default: [ ]
Example:
[ "/persist" ]
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
|
boot.specialFileSystems.<name>.deviceLocation of the device.
Type: null or string (with check: non-empty)
Default: null
Example: "/dev/sda"
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
|
boot.specialFileSystems.<name>.fsTypeType of the file system.
Type: string (with check: non-empty)
Default: "auto"
Example: "ext3"
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
|
boot.specialFileSystems.<name>.mountPointLocation of the mounted file system.
Type: string (with check: non-empty without trailing slash)
Example: "/mnt/usb"
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
|
boot.specialFileSystems.<name>.optionsOptions used to mount the file system.
Type: list of string (with check: non-empty)
Default:
[ "defaults" ]
Example:
[ "data=journal" ]
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
|
boot.supportedFilesystemsNames of supported filesystem types.
Type: list of string
Default: [ ]
Example:
[ "btrfs" ]
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
|
boot.systemdExecutableThe program to execute to start systemd.
Type: string
Default: "/run/current-system/systemd/lib/systemd/systemd"
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-2.nix>
|
boot.tmpOnTmpfsWhether to mount a tmpfs on /tmp during boot.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/tmp.nix>
|
boot.tmpOnTmpfsSizeSize of tmpfs in percentage. Percentage is defined by systemd.
Type: string or positive integer, meaning >0
Default: "50%"
Declared by:
<nixpkgs/nixos/modules/system/boot/tmp.nix>
|
boot.uvesafb.enableWhether to enable uvesafb.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/system/boot/uvesafb.nix>
|
boot.uvesafb.gfx-modeScreen resolution in modedb format. See uvesafb and modedb documentation for more details. The default value is a sensible default but may be not ideal for all setups.
Type: string
Default: "1024x768-32"
Declared by:
<nixpkgs/nixos/modules/system/boot/uvesafb.nix>
|
boot.uvesafb.v86d.packageWhich v86d package to use with uvesafb
Type: package
Default:
''
config.boot.kernelPackages.v86d.overrideAttrs (old: {
hardeningDisable = [ "all" ];
})''Declared by:
<nixpkgs/nixos/modules/system/boot/uvesafb.nix>
|
boot.vesa(Deprecated) This option, if set, activates the VESA 800x600 video
mode on boot and disables kernel modesetting. It is equivalent to
specifying [ "vga=0x317" "nomodeset" ] in the
boot.kernelParams option. This option is
deprecated as of 2020: Xorg now works better with modesetting, and
you might want a different VESA vga setting, anyway.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/kernel.nix>
|
boot.zfs.enableUnstableUse the unstable zfs package. This might be an option, if the latest kernel is not yet supported by a published release of ZFS. Enabling this option will install a development version of ZFS on Linux. The version will have already passed an extensive test suite, but it is more likely to hit an undiscovered bug compared to running a released version of ZFS on Linux.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
|
boot.zfs.enabledTrue if ZFS filesystem support is enabled
Type: boolean (read only)
Default: true if ZFS filesystem support is enabled
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
|
boot.zfs.packageConfigured ZFS userland tools package.
Type: package (read only)
Default: if config.boot.zfs.enableUnstable then pkgs.zfsUnstable else pkgs.zfs
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
|
boot.zfs.allowHibernationAllow hibernation support, this may be a unsafe option depending on your setup. Make sure to NOT use Swap on ZFS.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
|
boot.zfs.devNodesName of directory from which to import ZFS devices.
This should be a path under /dev containing stable names for all devices needed, as import may fail if device nodes are renamed concurrently with a device failing.
Type: path
Default: "/dev/disk/by-id"
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
|
boot.zfs.extraPoolsName or GUID of extra ZFS pools that you wish to import during boot.
Usually this is not necessary. Instead, you should set the mountpoint property
of ZFS filesystems to legacy and add the ZFS filesystems to
NixOS's fileSystems option, which makes NixOS automatically
import the associated pool.
However, in some cases (e.g. if you have many filesystems) it may be preferable to exclusively use ZFS commands to manage filesystems. If so, since NixOS/systemd will not be managing those filesystems, you will need to specify the ZFS pool here so that NixOS automatically imports it on every boot.
Type: list of string
Default: [ ]
Example:
[ "tank" "data" ]
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
|
boot.zfs.forceImportAllForcibly import all ZFS pool(s).
If you set this option to false and NixOS subsequently fails to
import your non-root ZFS pool(s), you should manually import each pool with
"zpool import -f <pool-name>", and then reboot. You should only need to do
this once.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
|
boot.zfs.forceImportRootForcibly import the ZFS root pool(s) during early boot.
This is enabled by default for backwards compatibility purposes, but it is highly recommended to disable this option, as it bypasses some of the safeguards ZFS uses to protect your ZFS pools.
If you set this option to false and NixOS subsequently fails to
boot because it cannot import the root pool, you should boot with the
zfs_force=1 option as a kernel parameter (e.g. by manually
editing the kernel params in grub during boot). You should only need to do this
once.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
|
boot.zfs.requestEncryptionCredentialsIf true on import encryption keys or passwords for all encrypted datasets are requested. To only decrypt selected datasets supply a list of dataset names instead. For root pools the encryption key can be supplied via both an interactive prompt (keylocation=prompt) and from a file (keylocation=file://).
Type: boolean or list of string
Default: true
Example:
[ "tank" "data" ]
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
|
console.enableWhether to enable virtual console.
Type: boolean
Default: true
Example: true
Declared by:
<nixpkgs/nixos/modules/config/console.nix>
|
console.packagesList of additional packages that provide console fonts, keymaps and other resources for virtual consoles use.
Type: list of package
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/config/console.nix>
|
console.colorsThe 16 colors palette used by the virtual consoles. Leave empty to use the default colors. Colors must be in hexadecimal format and listed in order from color 0 to color 15.
Type: list of string matching the pattern [[:xdigit:]]{6}
Default: [ ]
Example:
[ "002b36" "dc322f" "859900" "b58900" "268bd2" "d33682" "2aa198" "eee8d5" "002b36" "cb4b16" "586e75" "657b83" "839496" "6c71c4" "93a1a1" "fdf6e3" ]
Declared by:
<nixpkgs/nixos/modules/config/console.nix>
|
console.earlySetupEnable setting virtual console options as early as possible (in initrd).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/config/console.nix>
|
console.fontThe font used for the virtual consoles. Leave empty to use whatever the setfont program considers the default font. Can be either a font name or a path to a PSF font file.
Type: string or path
Default: "Lat2-Terminus16"
Example: "LatArCyrHeb-16"
Declared by:
<nixpkgs/nixos/modules/config/console.nix>
|
console.keyMapThe keyboard mapping table for the virtual consoles.
Type: string or path
Default: "us"
Example: "fr"
Declared by:
<nixpkgs/nixos/modules/config/console.nix>
|
console.useXkbConfigIf set, configure the virtual console keymap from the xserver keyboard settings.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/config/console.nix>
|
containersA set of NixOS system configurations to be run as lightweight
containers. Each container appears as a service
container-«name»
on the host system, allowing it to be started and stopped via
systemctl.
Type: attribute set of (submodule)
Default: { }
Example:
{ webserver =
{ path = "/nix/var/nix/profiles/webserver";
};
database =
{ config =
{ config, pkgs, ... }:
{ services.postgresql.enable = true;
services.postgresql.package = pkgs.postgresql_14;
system.stateVersion = "21.05";
};
};
}
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
|
containers.<name>.enableTunAllows the container to create and setup tunnel interfaces
by granting the NET_ADMIN capability and
enabling access to /dev/net/tun.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
|
containers.<name>.additionalCapabilitiesGrant additional capabilities to the container. See the capabilities(7) and systemd-nspawn(1) man pages for more information.
Type: list of string
Default: [ ]
Example:
[ "CAP_NET_ADMIN" "CAP_MKNOD" ]
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
|
containers.<name>.allowedDevicesA list of device nodes to which the containers has access to.
Type: list of (submodule)
Default: [ ]
Example:
[
{
modifier = "rw";
node = "/dev/net/tun";
}
]Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
|
containers.<name>.allowedDevices.*.modifierDevice node access modifier. Takes a combination
r (read), w (write), and
m (mknod). See the
systemd.resource-control(5) man page for more
information.
Type: string
Example: "rw"
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
|
containers.<name>.allowedDevices.*.nodePath to device node
Type: string
Example: "/dev/net/tun"
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
|
containers.<name>.autoStartWhether the container is automatically started at boot-time.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
|
containers.<name>.bindMountsAn extra list of directories that is bound to the container.
Type: attribute set of (submodule)
Default: { }
Example:
{ "/home" = { hostPath = "/home/alice";
isReadOnly = false; };
}
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
|
containers.<name>.bindMounts.<name>.hostPathLocation of the host path to be mounted.
Type: null or string
Default: null
Example: "/home/alice"
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
|
containers.<name>.bindMounts.<name>.isReadOnlyDetermine whether the mounted path will be accessed in read-only mode.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
|
containers.<name>.bindMounts.<name>.mountPointMount point on the container file system.
Type: string
Example: "/mnt/usb"
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
|
containers.<name>.configA specification of the desired configuration of this container, as a NixOS module.
Type: Toplevel NixOS config
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
|
containers.<name>.ephemeralRuns container in ephemeral mode with the empty root filesystem at boot. This way container will be bootstrapped from scratch on each boot and will be cleaned up on shutdown leaving no traces behind. Useful for completely stateless, reproducible containers.
Note that this option might require to do some adjustments to the container configuration,
e.g. you might want to set
systemd.network.networks.$interface.dhcpV4Config.ClientIdentifier to "mac"
if you use macvlans option.
This way dhcp client identifier will be stable between the container restarts.
Note that the container journal will not be linked to the host if this option is enabled.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
|
containers.<name>.extraFlagsExtra flags passed to the systemd-nspawn command. See systemd-nspawn(1) for details.
Type: list of string
Default: [ ]
Example:
[ "--drop-capability=CAP_SYS_CHROOT" ]
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
|
containers.<name>.extraVethsExtra veth-pairs to be created for the container.
Type: attribute set of (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
|
containers.<name>.extraVeths.<name>.forwardPortsList of forwarded ports from host to container. Each forwarded port is specified by protocol, hostPort and containerPort. By default, protocol is tcp and hostPort and containerPort are assumed to be the same if containerPort is not explicitly given.
Type: list of (submodule)
Default: [ ]
Example:
[
{
containerPort = 80;
hostPort = 8080;
protocol = "tcp";
}
]Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
|
containers.<name>.extraVeths.<name>.forwardPorts.*.containerPortTarget port of container
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
|
containers.<name>.extraVeths.<name>.forwardPorts.*.hostPortSource port of the external interface on host
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
|
containers.<name>.extraVeths.<name>.forwardPorts.*.protocolThe protocol specifier for port forwarding between host and container
Type: string
Default: "tcp"
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
|
containers.<name>.extraVeths.<name>.hostAddressThe IPv4 address assigned to the host interface. (Not used when hostBridge is set.)
Type: null or string
Default: null
Example: "10.231.136.1"
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
|
containers.<name>.extraVeths.<name>.hostAddress6The IPv6 address assigned to the host interface. (Not used when hostBridge is set.)
Type: null or string
Default: null
Example: "fc00::1"
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
|
containers.<name>.extraVeths.<name>.hostBridgePut the host-side of the veth-pair into the named bridge. Only one of hostAddress* or hostBridge can be given.
Type: null or string
Default: null
Example: "br0"
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
|
containers.<name>.extraVeths.<name>.localAddressThe IPv4 address assigned to the interface in the container. If a hostBridge is used, this should be given with netmask to access the whole network. Otherwise the default netmask is /32 and routing is set up from localAddress to hostAddress and back.
Type: null or string
Default: null
Example: "10.231.136.2"
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
|
containers.<name>.extraVeths.<name>.localAddress6The IPv6 address assigned to the interface in the container. If a hostBridge is used, this should be given with netmask to access the whole network. Otherwise the default netmask is /128 and routing is set up from localAddress6 to hostAddress6 and back.
Type: null or string
Default: null
Example: "fc00::2"
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
|
containers.<name>.forwardPortsList of forwarded ports from host to container. Each forwarded port is specified by protocol, hostPort and containerPort. By default, protocol is tcp and hostPort and containerPort are assumed to be the same if containerPort is not explicitly given.
Type: list of (submodule)
Default: [ ]
Example:
[
{
containerPort = 80;
hostPort = 8080;
protocol = "tcp";
}
]Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
|
containers.<name>.forwardPorts.*.containerPortTarget port of container
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
|
containers.<name>.forwardPorts.*.hostPortSource port of the external interface on host
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
|
containers.<name>.forwardPorts.*.protocolThe protocol specifier for port forwarding between host and container
Type: string
Default: "tcp"
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
|
containers.<name>.hostAddressThe IPv4 address assigned to the host interface. (Not used when hostBridge is set.)
Type: null or string
Default: null
Example: "10.231.136.1"
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
|
containers.<name>.hostAddress6The IPv6 address assigned to the host interface. (Not used when hostBridge is set.)
Type: null or string
Default: null
Example: "fc00::1"
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
|
containers.<name>.hostBridgePut the host-side of the veth-pair into the named bridge. Only one of hostAddress* or hostBridge can be given.
Type: null or string
Default: null
Example: "br0"
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
|
containers.<name>.interfacesThe list of interfaces to be moved into the container.
Type: list of string
Default: [ ]
Example:
[ "eth1" "eth2" ]
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
|
containers.<name>.localAddressThe IPv4 address assigned to the interface in the container. If a hostBridge is used, this should be given with netmask to access the whole network. Otherwise the default netmask is /32 and routing is set up from localAddress to hostAddress and back.
Type: null or string
Default: null
Example: "10.231.136.2"
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
|
containers.<name>.localAddress6The IPv6 address assigned to the interface in the container. If a hostBridge is used, this should be given with netmask to access the whole network. Otherwise the default netmask is /128 and routing is set up from localAddress6 to hostAddress6 and back.
Type: null or string
Default: null
Example: "fc00::2"
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
|
containers.<name>.macvlansThe list of host interfaces from which macvlans will be created. For each interface specified, a macvlan interface will be created and moved to the container.
Type: list of string
Default: [ ]
Example:
[ "eth1" "eth2" ]
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
|
containers.<name>.nixpkgsA path to the nixpkgs that provide the modules, pkgs and lib for evaluating the container.
To only change the pkgs argument used inside the container modules,
set the nixpkgs.* options in the container config.
Setting config.nixpkgs.pkgs = pkgs speeds up the container evaluation
by reusing the system pkgs, but the nixpkgs.config option in the
container config is ignored in this case.
Type: path
Default: pkgs.path
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
|
containers.<name>.pathAs an alternative to specifying
config, you can specify the path to
the evaluated NixOS system configuration, typically a
symlink to a system profile.
Type: path
Example: "/nix/var/nix/profiles/per-container/webserver"
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
|
containers.<name>.privateNetworkWhether to give the container its own private virtual
Ethernet interface. The interface is called
eth0, and is hooked up to the interface
ve-«container-name»
on the host. If this option is not set, then the
container shares the network interfaces of the host,
and can bind to any port on any interface.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
|
containers.<name>.timeoutStartSecTime for the container to start. In case of a timeout, the container processes get killed. See systemd.time(7) for more information about the format.
Type: string
Default: "1min"
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
|
containers.<name>.tmpfsMounts a set of tmpfs file systems into the container. Multiple paths can be specified. Valid items must conform to the --tmpfs argument of systemd-nspawn. See systemd-nspawn(1) for details.
Type: list of string
Default: [ ]
Example:
[ "/var" ]
Declared by:
<nixpkgs/nixos/modules/virtualisation/nixos-containers.nix>
|
documentation.enableWhether to install documentation of packages from
environment.systemPackages into the generated system path.
See "Multiple-output packages" chapter in the nixpkgs manual for more info.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/misc/documentation.nix>
|
documentation.dev.enableWhether to install documentation targeted at developers.
This includes man pages targeted at developers if documentation.man.enable is
set (this also includes "devman" outputs).
This includes info pages targeted at developers if documentation.info.enable
is set (this also includes "devinfo" outputs).
This includes other pages targeted at developers if documentation.doc.enable
is set (this also includes "devdoc" outputs).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/misc/documentation.nix>
|
documentation.doc.enableWhether to install documentation distributed in packages' /share/doc.
Usually plain text and/or HTML.
This also includes "doc" outputs.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/misc/documentation.nix>
|
documentation.info.enableWhether to install info pages and the info command. This also includes "info" outputs.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/misc/documentation.nix>
|
documentation.man.enableWhether to install manual pages.
This also includes man outputs.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/misc/documentation.nix>
|
documentation.man.generateCachesWhether to generate the manual page index caches.
This allows searching for a page or
keyword using utilities like apropos(1)
and the -k option of
man(1).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/misc/documentation.nix>
|
documentation.man.man-db.enableWhether to enable man-db as the default man page viewer.
Type: boolean
Default: config.documentation.man.enable
Example: false
Declared by:
<nixpkgs/nixos/modules/misc/man-db.nix>
|
documentation.man.man-db.packageThe man-db derivation to use. Useful to override
configuration options used for the package.
Type: package
Default: pkgs.man-db
Declared by:
<nixpkgs/nixos/modules/misc/man-db.nix>
|
documentation.man.man-db.manualPagesThe manual pages to generate caches for if documentation.man.generateCaches
is enabled. Must be a path to a directory with man pages under
/share/man; see the source for an example.
Advanced users can make this a content-addressed derivation to save a few rebuilds.
Type: path
Default: all man pages in config.environment.systemPackages
Declared by:
<nixpkgs/nixos/modules/misc/man-db.nix>
|
documentation.man.mandoc.enableWhether to enable mandoc as the default man page viewer.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/misc/mandoc.nix>
|
documentation.man.mandoc.packageThe mandoc derivation to use. Useful to override
configuration options used for the package.
Type: package
Default: pkgs.mandoc
Declared by:
<nixpkgs/nixos/modules/misc/mandoc.nix>
|
documentation.man.mandoc.manPathChange the manpath, i. e. the directories where man(1) looks for section-specific directories of man pages. You only need to change this setting if you want extra man pages (e. g. in non-english languages). All values must be strings that are a valid path from the target prefix (without including it). The first value given takes priority.
Type: list of string
Default:
[ "share/man" ]
Example: [ "share/man" "share/man/fr" ]
Declared by:
<nixpkgs/nixos/modules/misc/mandoc.nix>
|
documentation.nixos.enableWhether to install NixOS's own documentation.
This includes man pages like
configuration.nix(5) if documentation.man.enable is
set.
This includes the HTML manual and the nixos-help command if
documentation.doc.enable is set.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/misc/documentation.nix>
|
documentation.nixos.extraModuleSourcesWhich extra NixOS module paths the generated NixOS's documentation should strip from options.
Type: list of (path or string)
Default: [ ]
Example:
# e.g. with options from modules in ${pkgs.customModules}/nix:
[ pkgs.customModules ]
Declared by:
<nixpkgs/nixos/modules/misc/documentation.nix>
|
documentation.nixos.extraModulesModules for which to show options even when not imported.
Type: list of raw value
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/misc/documentation.nix>
|
documentation.nixos.includeAllModulesWhether the generated NixOS's documentation should include documentation for all
the options from all the NixOS modules included in the current
configuration.nix. Disabling this will make the manual
generator to ignore options defined outside of baseModules.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/misc/documentation.nix>
|
documentation.nixos.options.allowDocBookWhether to allow DocBook option docs. When set to false all option using
DocBook documentation will cause a manual build error; additionally a new
renderer may be used.
The false setting for this option is not yet fully supported. While it
should work fine and produce the same output as the previous toolchain
using DocBook it may not work in all circumstances. Whether markdown option
documentation is allowed is independent of this option.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/misc/documentation.nix>
|
documentation.nixos.options.splitBuildWhether to split the option docs build into a cacheable and an uncacheable part. Splitting the build can substantially decrease the amount of time needed to build the manual, but some user modules may be incompatible with this splitting.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/misc/documentation.nix>
|
documentation.nixos.options.warningsAreErrorsTreat warning emitted during the option documentation build (eg for missing option descriptions) as errors.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/misc/documentation.nix>
|
dysnomia.enableWhether to enable Dysnomia
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/dysnomia.nix>
|
dysnomia.enableAuthenticationWhether to publish privacy-sensitive authentication credentials
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/dysnomia.nix>
|
dysnomia.enableLegacyModulesWhether to enable Dysnomia legacy process and wrapper modules
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/misc/dysnomia.nix>
|
dysnomia.packageThe Dysnomia package
Type: path
Declared by:
<nixpkgs/nixos/modules/services/misc/dysnomia.nix>
|
dysnomia.componentsAn attribute set in which each key represents a container and each value an attribute set in which each key represents a component and each value a derivation constructing its initial state
Type: attribute set of (attribute set)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/misc/dysnomia.nix>
|
dysnomia.containersAn attribute set in which each key represents a container and each value an attribute set providing its configuration properties
Type: attribute set of (attribute set)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/misc/dysnomia.nix>
|
dysnomia.extraContainerPathsA list of paths containing additional container configurations that are added to the search folders
Type: list of path
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/misc/dysnomia.nix>
|
dysnomia.extraContainerPropertiesAn attribute set providing additional container settings in addition to the default properties
Type: attribute set
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/misc/dysnomia.nix>
|
dysnomia.extraModulePathsA list of paths containing additional modules that are added to the search folders
Type: list of path
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/misc/dysnomia.nix>
|
dysnomia.propertiesAn attribute set in which each attribute represents a machine property. Optionally, these values can be shell substitutions.
Type: attribute set
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/misc/dysnomia.nix>
|
ec2.zfs.datasetsDatasets to create under the tank and boot zpools.
NOTE: This option is used only at image creation time, and does not attempt to declaratively create or manage datasets on an existing system.
Type: attribute set of (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/virtualisation/amazon-options.nix>
|
ec2.zfs.datasets.<name>.mountWhere to mount this dataset.
Type: null or Concatenated string
Default: null
Declared by:
<nixpkgs/nixos/modules/virtualisation/amazon-options.nix>
|
ec2.zfs.datasets.<name>.propertiesProperties to set on this dataset.
Type: attribute set of Concatenated string
Default: { }
Declared by:
<nixpkgs/nixos/modules/virtualisation/amazon-options.nix>
|
environment.enableAllTerminfoWhether to install all terminfo outputs
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/config/terminfo.nix>
|
environment.enableDebugInfoSome NixOS packages provide debug symbols. However, these are
not included in the system closure by default to save disk
space. Enabling this option causes the debug symbols to appear
in /run/current-system/sw/lib/debug/.build-id,
where tools such as gdb can find them.
If you need debug symbols for a package that doesn't
provide them by default, you can enable them as follows:
nixpkgs.config.packageOverrides = pkgs: {
hello = pkgs.hello.overrideAttrs (oldAttrs: {
separateDebugInfo = true;
});
};
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/config/debug-info.nix>
|
environment.checkConfigurationOptionsAlias of _module.check.
Type: boolean
Declared by:
<nixpkgs/nixos/modules/rename.nix>
|
environment.cinnamon.excludePackagesWhich packages cinnamon should exclude from the default environment
Type: list of package
Default: [ ]
Example: [ pkgs.cinnamon.blueberry ]
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/cinnamon.nix>
|
environment.defaultPackagesSet of default packages that aren't strictly necessary for a running system, entries can be removed for a more minimal NixOS installation.
Note: If pkgs.nano is removed from this list,
make sure another editor is installed and the
EDITOR environment variable is set to it.
Environment variables can be set using
environment.variables.
Like with systemPackages, packages are installed to
/run/current-system/sw. They are
automatically available to all users, and are
automatically updated every time you rebuild the system
configuration.
Type: list of package
Default: these packages, with their meta.priority numerically increased
(thus lowering their installation priority):
[ pkgs.nano pkgs.perl pkgs.rsync pkgs.strace ]
Example: [ ]
Declared by:
<nixpkgs/nixos/modules/config/system-path.nix>
|
environment.etcSet of files that have to be linked in /etc.
Type: attribute set of (submodule)
Default: { }
Example:
{ example-configuration-file =
{ source = "/nix/store/.../etc/dir/file.conf.example";
mode = "0440";
};
"default/useradd".text = "GROUP=100 ...";
}
Declared by:
<nixpkgs/nixos/modules/system/etc/etc.nix>
|
environment.etc.<name>.enableWhether this /etc file should be generated. This option allows specific /etc files to be disabled.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/system/etc/etc.nix>
|
environment.etc.<name>.gidGID of created file. Only takes effect when the file is copied (that is, the mode is not 'symlink').
Type: signed integer
Default: 0
Declared by:
<nixpkgs/nixos/modules/system/etc/etc.nix>
|
environment.etc.<name>.groupGroup name of created file.
Only takes effect when the file is copied (that is, the mode is not 'symlink').
Changing this option takes precedence over gid.
Type: string
Default: "+0"
Declared by:
<nixpkgs/nixos/modules/system/etc/etc.nix>
|
environment.etc.<name>.modeIf set to something else than symlink,
the file is copied instead of symlinked, with the given
file mode.
Type: string
Default: "symlink"
Example: "0600"
Declared by:
<nixpkgs/nixos/modules/system/etc/etc.nix>
|
environment.etc.<name>.sourcePath of the source file.
Type: path
Declared by:
<nixpkgs/nixos/modules/system/etc/etc.nix>
|
environment.etc.<name>.targetName of symlink (relative to
/etc). Defaults to the attribute
name.
Type: string
Declared by:
<nixpkgs/nixos/modules/system/etc/etc.nix>
|
environment.etc.<name>.textText of the file.
Type: null or strings concatenated with "\n"
Default: null
Declared by:
<nixpkgs/nixos/modules/system/etc/etc.nix>
|
environment.etc.<name>.uidUID of created file. Only takes effect when the file is copied (that is, the mode is not 'symlink').
Type: signed integer
Default: 0
Declared by:
<nixpkgs/nixos/modules/system/etc/etc.nix>
|
environment.etc.<name>.userUser name of created file.
Only takes effect when the file is copied (that is, the mode is not 'symlink').
Changing this option takes precedence over uid.
Type: string
Default: "+0"
Declared by:
<nixpkgs/nixos/modules/system/etc/etc.nix>
|
environment.extraInitShell script code called during global environment initialisation after all variables and profileVariables have been set. This code is assumed to be shell-independent, which means you should stick to pure sh without sh word split.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/config/shells-environment.nix>
|
environment.extraOutputsToInstallList of additional package outputs to be symlinked into /run/current-system/sw.
Type: list of string
Default: [ ]
Example:
[ "doc" "info" "devdoc" ]
Declared by:
<nixpkgs/nixos/modules/config/system-path.nix>
|
environment.extraSetupShell fragments to be run after the system environment has been created. This should only be used for things that need to modify the internals of the environment, e.g. generating MIME caches. The environment being built can be accessed at $out.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/config/system-path.nix>
|
environment.freetdsConfigure freetds database entries. Each attribute denotes a section within freetds.conf, and the value (a string) is the config content for that section. When at least one entry is configured the global environment variables FREETDSCONF, FREETDS and SYBASE will be configured to allow the programs that use freetds to find the library and config.
Type: attribute set of string
Default: { }
Example:
{ MYDATABASE = ''
host = 10.0.2.100
port = 1433
tds version = 7.2
'';
}
Declared by:
<nixpkgs/nixos/modules/programs/freetds.nix>
|
environment.gnome.excludePackagesWhich packages gnome should exclude from the default environment
Type: list of package
Default: [ ]
Example: [ pkgs.gnome.totem ]
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/gnome.nix>
|
environment.homeBinInPathInclude ~/bin/ in $PATH.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/config/shells-environment.nix>
|
environment.interactiveShellInitShell script code called during interactive shell initialisation. This code is assumed to be shell-independent, which means you should stick to pure sh without sh word split.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/config/shells-environment.nix>
|
environment.localBinInPathAdd ~/.local/bin/ to $PATH
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/config/shells-environment.nix>
|
environment.loginShellInitShell script code called during login shell initialisation. This code is assumed to be shell-independent, which means you should stick to pure sh without sh word split.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/config/shells-environment.nix>
|
environment.lxqt.excludePackagesWhich LXQt packages to exclude from the default environment
Type: list of package
Default: [ ]
Example: [ pkgs.lxqt.qterminal ]
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/lxqt.nix>
|
environment.mate.excludePackagesWhich MATE packages to exclude from the default environment
Type: list of package
Default: [ ]
Example: [ pkgs.mate.mate-terminal pkgs.mate.pluma ]
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/mate.nix>
|
environment.memoryAllocator.providerThe system-wide memory allocator.
Briefly, the system-wide memory allocator providers are:
libc: the standard allocator provided by libc
graphene-hardened: An allocator designed to mitigate memory corruption attacks, such as those caused by use-after-free bugs.
jemalloc: A general purpose allocator that emphasizes fragmentation avoidance and scalable concurrency support.
mimalloc: A compact and fast general purpose allocator, which may optionally be built with mitigations against various heap vulnerabilities.
scudo: A user-mode allocator based on LLVM Sanitizer’s CombinedAllocator, which aims at providing additional mitigations against heap based vulnerabilities, while maintaining good performance.
Selecting an alternative allocator (i.e., anything other than
libc) may result in instability, data loss,
and/or service failure.
Type: one of "libc", "graphene-hardened", "jemalloc", "mimalloc", "scudo"
Default: "libc"
Declared by:
<nixpkgs/nixos/modules/config/malloc.nix>
|
environment.noXlibsSwitch off the options in the default configuration that require X11 libraries. This includes client-side font configuration and SSH forwarding of X11 authentication in. Thus, you probably do not want to enable this option if you want to run X11 programs on this machine via SSH.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/config/no-x-libs.nix>
|
environment.pantheon.excludePackagesWhich packages pantheon should exclude from the default environment
Type: list of package
Default: [ ]
Example: [ pkgs.pantheon.elementary-camera ]
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/pantheon.nix>
|
environment.pathsToLinkList of directories to be symlinked in /run/current-system/sw.
Type: list of string
Default: [ ]
Example:
[ "/" ]
Declared by:
<nixpkgs/nixos/modules/config/system-path.nix>
|
environment.profileRelativeEnvVarsAttribute set of environment variable. Each attribute maps to a list
of relative paths. Each relative path is appended to the each profile
of environment.profiles to form the content of the
corresponding environment variable.
Type: attribute set of list of string
Example:
{
MANPATH = [
"/man"
"/share/man"
];
PATH = [
"/bin"
];
}Declared by:
<nixpkgs/nixos/modules/config/shells-environment.nix>
|
environment.profileRelativeSessionVariablesAttribute set of environment variable used in the global environment. These variables will be set by PAM early in the login process.
Variable substitution is available as described in pam_env.conf(5).
Each attribute maps to a list of relative paths. Each relative
path is appended to the each profile of
environment.profiles to form the content of
the corresponding environment variable.
Also, these variables are merged into
environment.profileRelativeEnvVars and it is
therefore not possible to use PAM style variables such as
@{HOME}.
Type: attribute set of list of string
Example:
{
MANPATH = [
"/man"
"/share/man"
];
PATH = [
"/bin"
];
}Declared by:
<nixpkgs/nixos/modules/config/system-environment.nix>
|
environment.profilesA list of profiles used to setup the global environment.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/config/shells-environment.nix>
|
environment.sessionVariablesA set of environment variables used in the global environment. These variables will be set by PAM early in the login process.
The value of each session variable can be either a string or a list of strings. The latter is concatenated, interspersed with colon characters.
Note, due to limitations in the PAM format values may not
contain the " character.
Also, these variables are merged into
environment.variables and it is
therefore not possible to use PAM style variables such as
@{HOME}.
Type: attribute set of (string or list of string)
Default: { }
Declared by:
<nixpkgs/nixos/modules/config/system-environment.nix>
|
environment.shellAliasesAn attribute set that maps aliases (the top level attribute names in
this option) to command strings or directly to build outputs. The
aliases are added to all users' shells.
Aliases mapped to null are ignored.
Type: attribute set of (null or string or path)
Example:
{
l = null;
ll = "ls -l";
}Declared by:
<nixpkgs/nixos/modules/config/shells-environment.nix>
|
environment.shellInitShell script code called during shell initialisation. This code is assumed to be shell-independent, which means you should stick to pure sh without sh word split.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/config/shells-environment.nix>
|
environment.shellsA list of permissible login shells for user accounts.
No need to mention /bin/sh
here, it is placed into this list implicitly.
Type: list of (package or path)
Default: [ ]
Example: [ pkgs.bashInteractive pkgs.zsh ]
Declared by:
<nixpkgs/nixos/modules/config/shells-environment.nix>
|
environment.systemPackagesThe set of packages that appear in
/run/current-system/sw. These packages are
automatically available to all users, and are
automatically updated every time you rebuild the system
configuration. (The latter is the main difference with
installing them in the default profile,
/nix/var/nix/profiles/default.
Type: list of package
Default: [ ]
Example: [ pkgs.firefox pkgs.thunderbird ]
Declared by:
<nixpkgs/nixos/modules/config/system-path.nix>
|
environment.unixODBCDriversSpecifies Unix ODBC drivers to be registered in
/etc/odbcinst.ini. You may also want to
add pkgs.unixODBC to the system path to get
a command line client to connect to ODBC databases.
Type: list of package
Default: [ ]
Example: with pkgs.unixODBCDrivers; [ sqlite psql ]
Declared by:
<nixpkgs/nixos/modules/config/unix-odbc-drivers.nix>
|
environment.variablesA set of environment variables used in the global environment. These variables will be set on shell initialisation (e.g. in /etc/profile). The value of each variable can be either a string or a list of strings. The latter is concatenated, interspersed with colon characters.
Type: attribute set of (string or list of string)
Default: { }
Example:
{
EDITOR = "nvim";
VISUAL = "nvim";
}Declared by:
<nixpkgs/nixos/modules/config/shells-environment.nix>
|
environment.wordlist.enableWhether to enable environment variables for lists of words.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/misc/wordlist.nix>
|
environment.wordlist.listsA set with the key names being the environment variable you'd like to set and the values being a list of paths to text documents containing lists of words. The various files will be merged, sorted, duplicates removed, and extraneous spacing removed.
If you have a handful of words that you want to add to an already
existing wordlist, you may find builtins.toFile useful for this
task.
Type: attribute set of non-empty (list of path)
Default:
{
WORDLIST = [ "${pkgs.scowl}/share/dict/words.txt" ];
}
Example:
{
WORDLIST = [ "${pkgs.scowl}/share/dict/words.txt" ];
AUGMENTED_WORDLIST = [
"${pkgs.scowl}/share/dict/words.txt"
"${pkgs.scowl}/share/dict/words.variants.txt"
(builtins.toFile "extra-words" ''
desynchonization
oobleck'')
];
}
Declared by:
<nixpkgs/nixos/modules/misc/wordlist.nix>
|
fileSystemsThe file systems to be mounted. It must include an entry for
the root directory (mountPoint = "/"). Each
entry in the list is an attribute set with the following fields:
mountPoint, device,
fsType (a file system type recognised by
mount; defaults to
"auto"), and options
(the mount options passed to mount using the
-o flag; defaults to [ "defaults" ]).
Instead of specifying device, you can also
specify a volume label (label) for file
systems that support it, such as ext2/ext3 (see mke2fs -L).
Type: attribute set of (submodule)
Default: { }
Example:
{
"/".device = "/dev/hda1";
"/data" = {
device = "/dev/hda2";
fsType = "ext3";
options = [ "data=journal" ];
};
"/bigdisk".label = "bigdisk";
}
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
|
<nixpkgs/nixos/modules/tasks/encrypted-devices.nix>
|
<nixpkgs/nixos/modules/system/boot/stage-1.nix>
|
fileSystems.<name>.autoFormatIf the device does not currently contain a filesystem (as
determined by blkid, then automatically
format it with the filesystem type specified in
fsType. Use with caution.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
|
fileSystems.<name>.autoResizeIf set, the filesystem is grown to its maximum size before being mounted. (This is typically the size of the containing partition.) This is currently only supported for ext2/3/4 filesystems that are mounted during early boot.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
|
fileSystems.<name>.dependsList of paths that should be mounted before this one. This filesystem's
device and mountPoint are always
checked and do not need to be included explicitly. If a path is added
to this list, any other filesystem whose mount point is a parent of
the path will be mounted before this filesystem. The paths do not need
to actually be the mountPoint of some other filesystem.
Type: list of string (with check: non-empty without trailing slash)
Default: [ ]
Example:
[ "/persist" ]
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
|
fileSystems.<name>.deviceLocation of the device.
Type: null or string (with check: non-empty)
Default: null
Example: "/dev/sda"
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
|
fileSystems.<name>.encrypted.enableThe block device is backed by an encrypted one, adds this device as a initrd luks entry.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/tasks/encrypted-devices.nix>
|
fileSystems.<name>.encrypted.blkDevLocation of the backing encrypted device.
Type: null or string
Default: null
Example: "/dev/sda1"
Declared by:
<nixpkgs/nixos/modules/tasks/encrypted-devices.nix>
|
fileSystems.<name>.encrypted.keyFilePath to a keyfile used to unlock the backing encrypted
device. At the time this keyfile is accessed, the
neededForBoot filesystems (see
fileSystems.<name?>.neededForBoot)
will have been mounted under /mnt-root,
so the keyfile path should usually start with "/mnt-root/".
Type: null or string
Default: null
Example: "/mnt-root/root/.swapkey"
Declared by:
<nixpkgs/nixos/modules/tasks/encrypted-devices.nix>
|
fileSystems.<name>.encrypted.labelLabel of the unlocked encrypted device. Set fileSystems.<name?>.device to /dev/mapper/<label> to mount the unlocked device.
Type: null or string
Default: null
Example: "rootfs"
Declared by:
<nixpkgs/nixos/modules/tasks/encrypted-devices.nix>
|
fileSystems.<name>.formatOptionsIf autoFormat option is set specifies
extra options passed to mkfs.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
|
fileSystems.<name>.fsTypeType of the file system.
Type: string (with check: non-empty)
Default: "auto"
Example: "ext3"
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
|
fileSystems.<name>.labelLabel of the device (if any).
Type: null or string (with check: non-empty)
Default: null
Example: "root-partition"
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
|
fileSystems.<name>.mountPointLocation of the mounted file system.
Type: string (with check: non-empty without trailing slash)
Example: "/mnt/usb"
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
|
fileSystems.<name>.neededForBootIf set, this file system will be mounted in the initial ramdisk.
Note that the file system will always be mounted in the initial
ramdisk if its mount point is one of the following:
/, /nix, /nix/store, /var, /var/log, /var/lib, /var/lib/nixos, /etc, /usr.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-1.nix>
|
fileSystems.<name>.noCheckDisable running fsck on this filesystem.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
|
fileSystems.<name>.optionsOptions used to mount the file system.
Type: list of string (with check: non-empty)
Default:
[ "defaults" ]
Example:
[ "data=journal" ]
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
|
fonts.enableDefaultFontsEnable a basic set of fonts providing several font styles and families and reasonable coverage of Unicode.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/config/fonts/fonts.nix>
|
fonts.enableGhostscriptFontsWhether to add the fonts provided by Ghostscript (such as various URW fonts and the “Base-14” Postscript fonts) to the list of system fonts, making them available to X11 applications.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/config/fonts/ghostscript.nix>
|
fonts.fontDir.enableWhether to create a directory with links to all fonts in
/run/current-system/sw/share/X11/fonts.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/config/fonts/fontdir.nix>
|
fonts.fontDir.decompressFontsWhether to decompress fonts in
/run/current-system/sw/share/X11/fonts.
Type: boolean
Default: config.programs.xwayland.enable
Declared by:
<nixpkgs/nixos/modules/config/fonts/fontdir.nix>
|
fonts.fontconfig.enableIf enabled, a Fontconfig configuration file will be built pointing to a set of default fonts. If you don't care about running X11 applications or any other program that uses Fontconfig, you can turn this option off and prevent a dependency on all those fonts.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
|
fonts.fontconfig.allowBitmapsAllow bitmap fonts. Set to false to ban all
bitmap fonts.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
|
fonts.fontconfig.allowType1Allow Type-1 fonts. Default is false because of
poor rendering.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
|
fonts.fontconfig.antialiasEnable font antialiasing. At high resolution (> 200 DPI), antialiasing has no visible effect; users of such displays may want to disable this option.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
|
fonts.fontconfig.cache32BitGenerate system fonts cache for 32-bit applications.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
|
fonts.fontconfig.defaultFonts.emojiSystem-wide default emoji font(s). Multiple fonts may be listed in case a font does not support all emoji.
Note that fontconfig matches color emoji fonts preferentially, so if you want to use a black and white font while having a color font installed (eg. Noto Color Emoji installed alongside Noto Emoji), fontconfig will still choose the color font even when it is later in the list.
Type: list of string
Default:
[ "Noto Color Emoji" ]
Declared by:
<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
|
fonts.fontconfig.defaultFonts.monospaceSystem-wide default monospace font(s). Multiple fonts may be listed in case multiple languages must be supported.
Type: list of string
Default:
[ "DejaVu Sans Mono" ]
Declared by:
<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
|
fonts.fontconfig.defaultFonts.sansSerifSystem-wide default sans serif font(s). Multiple fonts may be listed in case multiple languages must be supported.
Type: list of string
Default:
[ "DejaVu Sans" ]
Declared by:
<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
|
fonts.fontconfig.defaultFonts.serifSystem-wide default serif font(s). Multiple fonts may be listed in case multiple languages must be supported.
Type: list of string
Default:
[ "DejaVu Serif" ]
Declared by:
<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
|
fonts.fontconfig.hinting.enableEnable font hinting. Hinting aligns glyphs to pixel boundaries to improve rendering sharpness at low resolution. At high resolution (> 200 dpi) hinting will do nothing (at best); users of such displays may want to disable this option.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
|
fonts.fontconfig.hinting.autohintEnable the autohinter in place of the default interpreter. The results are usually lower quality than correctly-hinted fonts, but better than unhinted fonts.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
|
fonts.fontconfig.hinting.styleHintstyle is the amount of font reshaping done to line up to the grid.
hintslight will make the font more fuzzy to line up to the grid but will be better in retaining font shape, while hintfull will be a crisp font that aligns well to the pixel grid but will lose a greater amount of font shape.
Type: one of "hintnone", "hintslight", "hintmedium", "hintfull"
Default: "hintslight"
Declared by:
<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
|
fonts.fontconfig.includeUserConfInclude the user configuration from
~/.config/fontconfig/fonts.conf or
~/.config/fontconfig/conf.d.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
|
fonts.fontconfig.localConfSystem-wide customization file contents, has higher priority than
defaultFonts settings.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
|
fonts.fontconfig.subpixel.lcdfilterFreeType LCD filter. At high resolution (> 200 DPI), LCD filtering
has no visible effect; users of such displays may want to select
none.
Type: one of "none", "default", "light", "legacy"
Default: "default"
Declared by:
<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
|
fonts.fontconfig.subpixel.rgbaSubpixel order. The overwhelming majority of displays are
rgb in their normal orientation. Select
vrgb for mounting such a display 90 degrees
clockwise from its normal orientation or vbgr
for mounting 90 degrees counter-clockwise. Select
bgr in the unlikely event of mounting 180
degrees from the normal orientation. Reverse these directions in
the improbable event that the display's native subpixel order is
bgr.
Type: one of "rgb", "bgr", "vrgb", "vbgr", "none"
Default: "rgb"
Declared by:
<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
|
fonts.fontconfig.useEmbeddedBitmapsUse embedded bitmaps in fonts like Calibri.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/config/fonts/fontconfig.nix>
|
fonts.fontsList of primary font paths.
Type: list of path
Default: [ ]
Example: [ pkgs.dejavu_fonts ]
Declared by:
<nixpkgs/nixos/modules/config/fonts/fonts.nix>
|
gnuWhen enabled, GNU software is chosen by default whenever a there is a choice between GNU and non-GNU software (e.g., GNU lsh vs. OpenSSH).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/config/gnu.nix>
|
gtk.iconCache.enableWhether to build icon theme caches for GTK applications.
Type: boolean
Default: config.services.xserver.enable
Declared by:
<nixpkgs/nixos/modules/config/gtk/gtk-icon-cache.nix>
|
hardware.enableAllFirmwareTurn on this option if you want to enable all the firmware.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/hardware/all-firmware.nix>
|
hardware.enableRedistributableFirmwareTurn on this option if you want to enable all the firmware with a license allowing redistribution.
Type: boolean
Default: config.hardware.enableAllFirmware
Declared by:
<nixpkgs/nixos/modules/hardware/all-firmware.nix>
|
hardware.acpilight.enableEnable acpilight. This will allow brightness control via xbacklight from users in the video group
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/hardware/acpilight.nix>
|
hardware.bladeRF.enableEnables udev rules for BladeRF devices. By default grants access to users in the "bladerf" group. You may want to install the libbladeRF package.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/hardware/bladeRF.nix>
|
hardware.bluetooth.enableWhether to enable support for Bluetooth.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/hardware/bluetooth.nix>
|
hardware.bluetooth.packageWhich BlueZ package to use.
Type: package
Default: pkgs.bluez
Declared by:
<nixpkgs/nixos/modules/services/hardware/bluetooth.nix>
|
hardware.bluetooth.disabledPluginsBuilt-in plugins to disable
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/hardware/bluetooth.nix>
|
hardware.bluetooth.hsphfpd.enableWhether to enable support for hsphfpd[-prototype] implementation.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/hardware/bluetooth.nix>
|
hardware.bluetooth.powerOnBootWhether to power up the default Bluetooth controller on boot.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/hardware/bluetooth.nix>
|
hardware.bluetooth.settingsSet configuration for system-wide bluetooth (/etc/bluetooth/main.conf).
Type: attribute set of attribute set of (INI atom (null, bool, int, float or string))
Default: { }
Example:
{
General = {
ControllerMode = "bredr";
};
}Declared by:
<nixpkgs/nixos/modules/services/hardware/bluetooth.nix>
|
hardware.brillo.enableWhether to enable brillo in userspace. This will allow brightness control from users in the video group .
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/hardware/brillo.nix>
|
hardware.bumblebee.enableEnable the bumblebee daemon to manage Optimus hybrid video cards. This should power off secondary GPU until its use is requested by running an application with optirun.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/hardware/video/bumblebee.nix>
|
hardware.bumblebee.connectDisplaySet to true if you intend to connect your discrete card to a monitor. This option will set up your Nvidia card for EDID discovery and to turn on the monitor signal.
Only nvidia driver is supported so far.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/hardware/video/bumblebee.nix>
|
hardware.bumblebee.driverSet driver used by bumblebeed. Supported are nouveau and nvidia.
Type: one of "nvidia", "nouveau"
Default: "nvidia"
Declared by:
<nixpkgs/nixos/modules/hardware/video/bumblebee.nix>
|
hardware.bumblebee.groupGroup for bumblebee socket
Type: string
Default: "wheel"
Example: "video"
Declared by:
<nixpkgs/nixos/modules/hardware/video/bumblebee.nix>
|
hardware.bumblebee.pmMethodSet preferred power management method for unused card.
Type: one of "auto", "bbswitch", "switcheroo", "none"
Default: "auto"
Declared by:
<nixpkgs/nixos/modules/hardware/video/bumblebee.nix>
|
hardware.ckb-next.enableWhether to enable the Corsair keyboard/mouse driver.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/hardware/ckb-next.nix>
|
hardware.ckb-next.packageThe package implementing the Corsair keyboard/mouse driver.
Type: package
Default: pkgs.ckb-next
Declared by:
<nixpkgs/nixos/modules/hardware/ckb-next.nix>
|
hardware.ckb-next.gidLimit access to the ckb daemon to a particular group.
Type: null or signed integer
Default: null
Example: 100
Declared by:
<nixpkgs/nixos/modules/hardware/ckb-next.nix>
|
hardware.cpu.amd.sev.enableWhether to enable access to the AMD SEV device.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/hardware/cpu/amd-sev.nix>
|
hardware.cpu.amd.sev.groupGroup to assign to the SEV device.
Type: string
Default: "sev"
Declared by:
<nixpkgs/nixos/modules/hardware/cpu/amd-sev.nix>
|
hardware.cpu.amd.sev.modeMode to set for the SEV device.
Type: string
Default: "0660"
Declared by:
<nixpkgs/nixos/modules/hardware/cpu/amd-sev.nix>
|
hardware.cpu.amd.sev.userOwner to assign to the SEV device.
Type: string
Default: "root"
Declared by:
<nixpkgs/nixos/modules/hardware/cpu/amd-sev.nix>
|
hardware.cpu.amd.updateMicrocodeUpdate the CPU microcode for AMD processors.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/hardware/cpu/amd-microcode.nix>
|
hardware.cpu.intel.sgx.enableDcapCompatWhether to enable backward compatibility for SGX software build for the out-of-tree Intel SGX DCAP driver.
Creates symbolic links for the SGX devices /dev/sgx_enclave
and /dev/sgx_provision to make them available as
/dev/sgx/enclave and /dev/sgx/provision,
respectively.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/hardware/cpu/intel-sgx.nix>
|
hardware.cpu.intel.sgx.provision.enableWhether to enable access to the Intel SGX provisioning device.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/hardware/cpu/intel-sgx.nix>
|
hardware.cpu.intel.sgx.provision.groupGroup to assign to the SGX provisioning device.
Type: string
Default: "sgx_prv"
Declared by:
<nixpkgs/nixos/modules/hardware/cpu/intel-sgx.nix>
|
hardware.cpu.intel.sgx.provision.modeMode to set for the SGX provisioning device.
Type: string
Default: "0660"
Declared by:
<nixpkgs/nixos/modules/hardware/cpu/intel-sgx.nix>
|
hardware.cpu.intel.sgx.provision.userOwner to assign to the SGX provisioning device.
Type: string
Default: "root"
Declared by:
<nixpkgs/nixos/modules/hardware/cpu/intel-sgx.nix>
|
hardware.cpu.intel.updateMicrocodeUpdate the CPU microcode for Intel processors.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/hardware/cpu/intel-microcode.nix>
|
hardware.deviceTree.enableBuild device tree files. These are used to describe the non-discoverable hardware of a system.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/hardware/device-tree.nix>
|
hardware.deviceTree.filterOnly include .dtb files matching glob expression.
Type: null or string
Default: null
Example: "*rpi*.dtb"
Declared by:
<nixpkgs/nixos/modules/hardware/device-tree.nix>
|
hardware.deviceTree.kernelPackageKernel package containing the base device-tree (.dtb) to boot. Uses device trees bundled with the Linux kernel by default.
Type: path
Default: config.boot.kernelPackages.kernel
Example: pkgs.linux_latest
Declared by:
<nixpkgs/nixos/modules/hardware/device-tree.nix>
|
hardware.deviceTree.nameThe name of an explicit dtb to be loaded, relative to the dtb base. Useful in extlinux scenarios if the bootloader doesn't pick the right .dtb file from FDTDIR.
Type: null or string
Default: null
Example: "some-dtb.dtb"
Declared by:
<nixpkgs/nixos/modules/hardware/device-tree.nix>
|
hardware.deviceTree.overlaysList of overlays to apply to base device-tree (.dtb) files.
Type: list of ((submodule) or path convertible to it)
Default: [ ]
Example:
[
{ name = "pps"; dtsFile = ./dts/pps.dts; }
{ name = "spi";
dtsText = "...";
}
{ name = "precompiled"; dtboFile = ./dtbos/example.dtbo; }
]
Declared by:
<nixpkgs/nixos/modules/hardware/device-tree.nix>
|
hardware.deviceTree.overlays.*.dtboFilePath to .dtbo compiled overlay file.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/hardware/device-tree.nix>
|
hardware.deviceTree.overlays.*.dtsFilePath to .dts overlay file, overlay is applied to each .dtb file matching "compatible" of the overlay.
Type: null or path
Default: null
Example: ./dts/overlays.dts
Declared by:
<nixpkgs/nixos/modules/hardware/device-tree.nix>
|
hardware.deviceTree.overlays.*.dtsTextLiteral DTS contents, overlay is applied to each .dtb file matching "compatible" of the overlay.
Type: null or string
Default: null
Example:
''
/dts-v1/;
/plugin/;
/ {
compatible = "raspberrypi";
};
&{/soc} {
pps {
compatible = "pps-gpio";
status = "okay";
};
};
''Declared by:
<nixpkgs/nixos/modules/hardware/device-tree.nix>
|
hardware.deviceTree.overlays.*.filterOnly apply to .dtb files matching glob expression.
Type: null or string
Default: null
Example: "*rpi*.dtb"
Declared by:
<nixpkgs/nixos/modules/hardware/device-tree.nix>
|
hardware.deviceTree.overlays.*.nameName of this overlay
Type: string
Declared by:
<nixpkgs/nixos/modules/hardware/device-tree.nix>
|
hardware.digitalbitbox.enableEnables udev rules for Digital Bitbox devices.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/hardware/digitalbitbox.nix>
|
hardware.digitalbitbox.packageThe Digital Bitbox package to use. This can be used to install a package with udev rules that differ from the defaults.
Type: package
Default: pkgs.digitalbitbox
Declared by:
<nixpkgs/nixos/modules/hardware/digitalbitbox.nix>
|
hardware.facetimehd.enableWhether to enable facetimehd kernel module.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/hardware/video/webcam/facetimehd.nix>
|
hardware.facetimehd.withCalibrationWhether to include sensor calibration files for facetimehd. This makes colors look much better but is experimental, see https://github.com/patjak/facetimehd/wiki/Extracting-the-sensor-calibration-files for details.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/hardware/video/webcam/facetimehd.nix>
|
hardware.fancontrol.enableWhether to enable software fan control (requires fancontrol.config).
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/hardware/fancontrol.nix>
|
hardware.fancontrol.configRequired fancontrol configuration file content. See pwmconfig(8) from the lm_sensors package.
Type: strings concatenated with "\n"
Example:
'' # Configuration file generated by pwmconfig INTERVAL=10 DEVPATH=hwmon3=devices/virtual/thermal/thermal_zone2 hwmon4=devices/platform/f71882fg.656 DEVNAME=hwmon3=soc_dts1 hwmon4=f71869a FCTEMPS=hwmon4/device/pwm1=hwmon3/temp1_input FCFANS=hwmon4/device/pwm1=hwmon4/device/fan1_input MINTEMP=hwmon4/device/pwm1=35 MAXTEMP=hwmon4/device/pwm1=65 MINSTART=hwmon4/device/pwm1=150 MINSTOP=hwmon4/device/pwm1=0 ''
Declared by:
<nixpkgs/nixos/modules/services/hardware/fancontrol.nix>
|
hardware.firmwareList of packages containing firmware files. Such files will be loaded automatically if the kernel asks for them (i.e., when it has detected specific hardware that requires firmware to function). If multiple packages contain firmware files with the same name, the first package in the list takes precedence. Note that you must rebuild your system if you add files to any of these directories.
Type: list of package
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/hardware/udev.nix>
|
hardware.flirc.enableWhether to enable software to configure a Flirc USB device.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/hardware/flirc.nix>
|
hardware.gkraken.enableWhether to enable gkraken's udev rules for NZXT AIO liquid coolers.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/hardware/gkraken.nix>
|
hardware.gpgSmartcards.enableWhether to enable udev rules for gnupg smart cards.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/hardware/gpgsmartcards.nix>
|
hardware.hackrf.enableEnables hackrf udev rules and ensures 'plugdev' group exists. This is a prerequisite to using HackRF devices without being root, since HackRF USB descriptors will be owned by plugdev through udev.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/hardware/hackrf.nix>
|
hardware.i2c.enableWhether to enable i2c devices support. By default access is granted to users in the "i2c" group (will be created if non-existent) and any user with a seat, meaning logged on the computer locally. .
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/hardware/i2c.nix>
|
hardware.i2c.groupGrant access to i2c devices (/dev/i2c-*) to users in this group.
Type: string
Default: "i2c"
Declared by:
<nixpkgs/nixos/modules/hardware/i2c.nix>
|
hardware.keyboard.teck.enableWhether to enable non-root access to the firmware of TECK keyboards.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/hardware/keyboard/teck.nix>
|
hardware.keyboard.uhk.enableWhether to enable non-root access to the firmware of UHK keyboards. You need it when you want to flash a new firmware on the keyboard. Access to the keyboard is granted to users in the "input" group. You may want to install the uhk-agent package. .
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/hardware/keyboard/uhk.nix>
|
hardware.keyboard.zsa.enableEnables udev rules for keyboards from ZSA like the ErgoDox EZ, Planck EZ and Moonlander Mark I. You need it when you want to flash a new configuration on the keyboard or use their live training in the browser. You may want to install the wally-cli package.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/hardware/keyboard/zsa.nix>
|
hardware.ksm.enableWhether to enable Kernel Same-Page Merging.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/hardware/ksm.nix>
|
hardware.ksm.sleepHow many milliseconds ksmd should sleep between scans.
Setting it to null uses the kernel's default time.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/hardware/ksm.nix>
|
hardware.ledger.enableWhether to enable udev rules for Ledger devices.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/hardware/ledger.nix>
|
hardware.logitech.lcd.enableWhether to enable Logitech LCD Devices.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/hardware/logitech.nix>
|
hardware.logitech.lcd.devicesList of USB device ids supported by g15daemon.
You most likely do not need to change this.
Type: list of string
Default:
[ "0a07" "c222" "c225" "c227" "c251" ]
Declared by:
<nixpkgs/nixos/modules/hardware/logitech.nix>
|
hardware.logitech.lcd.startWhenNeededOnly run the service when an actual supported device is plugged.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/hardware/logitech.nix>
|
hardware.logitech.wireless.enableWhether to enable Logitech Wireless Devices.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/hardware/logitech.nix>
|
hardware.logitech.wireless.enableGraphicalEnable graphical support applications.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/hardware/logitech.nix>
|
hardware.mcelog.enableEnable the Machine Check Exception logger.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/hardware/mcelog.nix>
|
hardware.mwProCapture.enableWhether to enable Magewell Pro Capture family kernel module.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/hardware/video/capture/mwprocapture.nix>
|
hardware.new-lg4ff.enableEnables improved Linux module drivers for Logitech driving wheels. This will replace the existing in-kernel hid-logitech modules. Works most notably on the Logitech G25, G27, G29 and Driving Force (GT).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/hardware/new-lg4ff.nix>
|
hardware.nitrokey.enableEnables udev rules for Nitrokey devices. By default grants access to users in the "nitrokey" group. You may want to install the nitrokey-app package, depending on your device and needs.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/hardware/nitrokey.nix>
|
hardware.nvidia.packageThe NVIDIA X11 derivation to use.
Type: package
Default: config.boot.kernelPackages.nvidiaPackages.stable
Example: config.boot.kernelPackages.nvidiaPackages.legacy_340
Declared by:
<nixpkgs/nixos/modules/hardware/video/nvidia.nix>
|
hardware.nvidia.forceFullCompositionPipelineWhether to force-enable the full composition pipeline. This sometimes fixes screen tearing issues. This has been reported to reduce the performance of some OpenGL applications and may produce issues in WebGL. It also drastically increases the time the driver needs to clock down after load.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/hardware/video/nvidia.nix>
|
hardware.nvidia.modesetting.enableEnable kernel modesetting when using the NVIDIA proprietary driver.
Enabling this fixes screen tearing when using Optimus via PRIME (see
hardware.nvidia.prime.sync.enable. This is not enabled
by default because it is not officially supported by NVIDIA and would not
work with SLI.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/hardware/video/nvidia.nix>
|
hardware.nvidia.nvidiaPersistencedUpdate for NVIDA GPU headless mode, i.e. nvidia-persistenced. It ensures all GPUs stay awake even during headless mode.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/hardware/video/nvidia.nix>
|
hardware.nvidia.nvidiaSettingsWhether to add nvidia-settings, NVIDIA's GUI configuration tool, to systemPackages.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/hardware/video/nvidia.nix>
|
hardware.nvidia.openWhether to use the open source kernel module
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/hardware/video/nvidia.nix>
|
hardware.nvidia.powerManagement.enableExperimental power management through systemd. For more information, see the NVIDIA docs, on Chapter 21. Configuring Power Management Support.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/hardware/video/nvidia.nix>
|
hardware.nvidia.powerManagement.finegrainedExperimental power management of PRIME offload. For more information, see the NVIDIA docs, chapter 22. PCI-Express runtime power management.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/hardware/video/nvidia.nix>
|
hardware.nvidia.prime.amdgpuBusIdBus ID of the AMD APU. You can find it using lspci; for example if lspci shows the AMD APU at "04:00.0", set this option to "PCI:4:0:0".
Type: string matching the pattern ([[:print:]]+[:@][0-9]{1,3}:[0-9]{1,2}:[0-9])?
Default: ""
Example: "PCI:4:0:0"
Declared by:
<nixpkgs/nixos/modules/hardware/video/nvidia.nix>
|
hardware.nvidia.prime.intelBusIdBus ID of the Intel GPU. You can find it using lspci; for example if lspci shows the Intel GPU at "00:02.0", set this option to "PCI:0:2:0".
Type: string matching the pattern ([[:print:]]+[:@][0-9]{1,3}:[0-9]{1,2}:[0-9])?
Default: ""
Example: "PCI:0:2:0"
Declared by:
<nixpkgs/nixos/modules/hardware/video/nvidia.nix>
|
hardware.nvidia.prime.nvidiaBusIdBus ID of the NVIDIA GPU. You can find it using lspci; for example if lspci shows the NVIDIA GPU at "01:00.0", set this option to "PCI:1:0:0".
Type: string matching the pattern ([[:print:]]+[:@][0-9]{1,3}:[0-9]{1,2}:[0-9])?
Default: ""
Example: "PCI:1:0:0"
Declared by:
<nixpkgs/nixos/modules/hardware/video/nvidia.nix>
|
hardware.nvidia.prime.offload.enableEnable render offload support using the NVIDIA proprietary driver via PRIME.
If this is enabled, then the bus IDs of the NVIDIA and Intel GPUs have to be
specified (hardware.nvidia.prime.nvidiaBusId and
hardware.nvidia.prime.intelBusId).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/hardware/video/nvidia.nix>
|
hardware.nvidia.prime.sync.enableEnable NVIDIA Optimus support using the NVIDIA proprietary driver via PRIME. If enabled, the NVIDIA GPU will be always on and used for all rendering, while enabling output to displays attached only to the integrated Intel GPU without a multiplexer.
Note that this option only has any effect if the "nvidia" driver is specified
in services.xserver.videoDrivers, and it should preferably
be the only driver there.
If this is enabled, then the bus IDs of the NVIDIA and Intel GPUs have to be
specified (hardware.nvidia.prime.nvidiaBusId and
hardware.nvidia.prime.intelBusId).
If you enable this, you may want to also enable kernel modesetting for the
NVIDIA driver (hardware.nvidia.modesetting.enable) in order
to prevent tearing.
Note that this configuration will only be successful when a display manager
for which the services.xserver.displayManager.setupCommands
option is supported is used.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/hardware/video/nvidia.nix>
|
hardware.nvidia.prime.sync.allowExternalGpuConfigure X to allow external NVIDIA GPUs when using optimus.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/hardware/video/nvidia.nix>
|
hardware.nvidiaOptimus.disableCompletely disable the NVIDIA graphics card and use the integrated graphics processor instead.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/hardware/nvidia-optimus.nix>
|
hardware.onlykey.enableEnable OnlyKey device (https://crp.to/p/) support.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/hardware/onlykey/default.nix>
|
hardware.opengl.enableWhether to enable OpenGL drivers. This is needed to enable OpenGL support in X11 systems, as well as for Wayland compositors like sway and Weston. It is enabled by default by the corresponding modules, so you do not usually have to set it yourself, only if there is no module for your wayland compositor of choice. See services.xserver.enable and programs.sway.enable.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/hardware/opengl.nix>
|
hardware.opengl.driSupportWhether to enable accelerated OpenGL rendering through the Direct Rendering Interface (DRI).
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/hardware/opengl.nix>
|
hardware.opengl.driSupport32BitOn 64-bit systems, whether to support Direct Rendering for
32-bit applications (such as Wine). This is currently only
supported for the nvidia as well as
Mesa.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/hardware/opengl.nix>
|
hardware.opengl.extraPackagesAdditional packages to add to OpenGL drivers. This can be used to add OpenCL drivers, VA-API/VDPAU drivers etc.
Type: list of package
Default: [ ]
Example: with pkgs; [ vaapiIntel libvdpau-va-gl vaapiVdpau intel-ocl ]
Declared by:
<nixpkgs/nixos/modules/hardware/opengl.nix>
|
hardware.opengl.extraPackages32Additional packages to add to 32-bit OpenGL drivers on
64-bit systems. Used when driSupport32Bit is
set. This can be used to add OpenCL drivers, VA-API/VDPAU drivers etc.
Type: list of package
Default: [ ]
Example: with pkgs.pkgsi686Linux; [ vaapiIntel libvdpau-va-gl vaapiVdpau ]
Declared by:
<nixpkgs/nixos/modules/hardware/opengl.nix>
|
hardware.openrazer.enableWhether to enable OpenRazer drivers and userspace daemon. .
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/hardware/openrazer.nix>
|
hardware.openrazer.devicesOffOnScreensaverTurn off the devices when the systems screensaver kicks in.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/hardware/openrazer.nix>
|
hardware.openrazer.keyStatisticsCollects number of keypresses per hour per key used to generate a heatmap.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/hardware/openrazer.nix>
|
hardware.openrazer.mouseBatteryNotifierMouse battery notifier.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/hardware/openrazer.nix>
|
hardware.openrazer.syncEffectsEnabledSet the sync effects flag to true so any assignment of effects will work across devices.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/hardware/openrazer.nix>
|
hardware.openrazer.usersUsernames to be added to the "openrazer" group, so that they can start and interact with the OpenRazer userspace daemon.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/hardware/openrazer.nix>
|
hardware.openrazer.verboseLoggingWhether to enable verbose logging. Logs debug messages.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/hardware/openrazer.nix>
|
hardware.opentabletdriver.enableEnable OpenTabletDriver udev rules, user service and blacklist kernel modules known to conflict with OpenTabletDriver.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/hardware/opentabletdriver.nix>
|
hardware.opentabletdriver.packageOpenTabletDriver derivation to use.
Type: package
Default: pkgs.opentabletdriver
Declared by:
<nixpkgs/nixos/modules/hardware/opentabletdriver.nix>
|
hardware.opentabletdriver.blacklistedKernelModulesBlacklist of kernel modules known to conflict with OpenTabletDriver.
Type: list of string
Default:
[ "hid-uclogic" "wacom" ]
Declared by:
<nixpkgs/nixos/modules/hardware/opentabletdriver.nix>
|
hardware.opentabletdriver.daemon.enableWhether to start OpenTabletDriver daemon as a systemd user service.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/hardware/opentabletdriver.nix>
|
hardware.parallels.enableThis enables Parallels Tools for Linux guests, along with provided video, mouse and other hardware drivers.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/virtualisation/parallels-guest.nix>
|
hardware.parallels.packageDefines which package to use for prl-tools. Override to change the version.
Type: null or package
Default: "config.boot.kernelPackages.prl-tools"
Example: config.boot.kernelPackages.prl-tools
Declared by:
<nixpkgs/nixos/modules/virtualisation/parallels-guest.nix>
|
hardware.parallels.autoMountSharesControl prlfsmountd service. When this service is running, shares can not be manually
mounted through mount -t prl_fs ... as this service will remount and trample any set options.
Recommended to enable for simple file sharing, but extended share use such as for code should
disable this to manually mount shares.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/virtualisation/parallels-guest.nix>
|
hardware.pcmcia.enableEnable this option to support PCMCIA card.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/hardware/pcmcia.nix>
|
hardware.pcmcia.configPath to the configuration file which maps the memory, IRQs and ports used by the PCMCIA hardware.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/hardware/pcmcia.nix>
|
hardware.pcmcia.firmwareList of firmware used to handle specific PCMCIA card.
Type: list of path
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/hardware/pcmcia.nix>
|
hardware.printers.ensureDefaultPrinterEnsures the named printer is the default CUPS printer / printer queue.
Type: null or printable string without spaces, # and /
Default: null
Declared by:
<nixpkgs/nixos/modules/hardware/printers.nix>
|
hardware.printers.ensurePrintersWill regularly ensure that the given CUPS printers are configured as declared here. If a printer's options are manually changed afterwards, they will be overwritten eventually. This option will never delete any printer, even if removed from this list. You can check existing printers with lpstat -s and remove printers with lpadmin -x <printer-name>. Printers not listed here can still be manually configured.
Type: list of (submodule)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/hardware/printers.nix>
|
hardware.printers.ensurePrinters.*.descriptionOptional human-readable description.
Type: null or string
Default: null
Example: "Brother HL-5140"
Declared by:
<nixpkgs/nixos/modules/hardware/printers.nix>
|
hardware.printers.ensurePrinters.*.deviceUriHow to reach the printer. lpinfo -v shows a list of supported device URIs and schemes.
Type: string
Example:
"ipp://printserver.local/printers/BrotherHL_Workroom" "usb://HP/DESKJET%20940C?serial=CN16E6C364BH"
Declared by:
<nixpkgs/nixos/modules/hardware/printers.nix>
|
hardware.printers.ensurePrinters.*.locationOptional human-readable location.
Type: null or string
Default: null
Example: "Workroom"
Declared by:
<nixpkgs/nixos/modules/hardware/printers.nix>
|
hardware.printers.ensurePrinters.*.modelLocation of the ppd driver file for the printer. lpinfo -m shows a list of supported models.
Type: string
Example:
"gutenprint.${lib.versions.majorMinor (lib.getVersion pkgs.gutenprint)}://brother-hl-5140/expert"
Declared by:
<nixpkgs/nixos/modules/hardware/printers.nix>
|
hardware.printers.ensurePrinters.*.nameName of the printer / printer queue. May contain any printable characters except "/", "#", and space.
Type: printable string without spaces, # and /
Example: "BrotherHL_Workroom"
Declared by:
<nixpkgs/nixos/modules/hardware/printers.nix>
|
hardware.printers.ensurePrinters.*.ppdOptionsSets PPD options for the printer. lpoptions [-p printername] -l shows supported PPD options for the given printer.
Type: attribute set of string
Default: { }
Example:
{
Duplex = "DuplexNoTumble";
PageSize = "A4";
}Declared by:
<nixpkgs/nixos/modules/hardware/printers.nix>
|
hardware.pulseaudio.enableWhether to enable the PulseAudio sound server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/config/pulseaudio.nix>
|
hardware.pulseaudio.packageThe PulseAudio derivation to use. This can be used to enable
features (such as JACK support, Bluetooth) via the
pulseaudioFull package.
Type: package
Default: pkgs.pulseaudio
Example: pkgs.pulseaudioFull
Declared by:
<nixpkgs/nixos/modules/config/pulseaudio.nix>
|
hardware.pulseaudio.configFileThe path to the default configuration options the PulseAudio server should use. By default, the "default.pa" configuration from the PulseAudio distribution is used.
Type: null or path
Declared by:
<nixpkgs/nixos/modules/config/pulseaudio.nix>
|
hardware.pulseaudio.daemon.configConfig of the pulse daemon. See man pulse-daemon.conf.
Type: attribute set of unspecified value
Default: { }
Example: { realtime-scheduling = "yes"; }
Declared by:
<nixpkgs/nixos/modules/config/pulseaudio.nix>
|
hardware.pulseaudio.daemon.logLevelThe log level that the system-wide pulseaudio daemon should use, if activated.
Type: string
Default: "notice"
Declared by:
<nixpkgs/nixos/modules/config/pulseaudio.nix>
|
hardware.pulseaudio.extraClientConfExtra configuration appended to pulse/client.conf file.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/config/pulseaudio.nix>
|
hardware.pulseaudio.extraConfigLiteral string to append to configFile
and the config file generated by the pulseaudio module.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/config/pulseaudio.nix>
|
hardware.pulseaudio.extraModulesExtra pulseaudio modules to use. This is intended for out-of-tree pulseaudio modules like extra bluetooth codecs.
Extra modules take precedence over built-in pulseaudio modules.
Type: list of package
Default: [ ]
Example: [ pkgs.pulseaudio-modules-bt ]
Declared by:
<nixpkgs/nixos/modules/config/pulseaudio.nix>
|
hardware.pulseaudio.support32BitWhether to include the 32-bit pulseaudio libraries in the system or not. This is only useful on 64-bit systems and currently limited to x86_64-linux.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/config/pulseaudio.nix>
|
hardware.pulseaudio.systemWideIf false, a PulseAudio server is launched automatically for each user that tries to use the sound system. The server runs with user privileges. If true, one system-wide PulseAudio server is launched on boot, running as the user "pulse", and only users in the "pulse-access" group will have access to the server. Please read the PulseAudio documentation for more details.
Don't enable this option unless you know what you are doing.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/config/pulseaudio.nix>
|
hardware.pulseaudio.tcp.enableWhether to enable tcp streaming support.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/config/pulseaudio.nix>
|
hardware.pulseaudio.tcp.anonymousClients.allowAllWhether to enable all anonymous clients to stream to the server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/config/pulseaudio.nix>
|
hardware.pulseaudio.tcp.anonymousClients.allowedIpRangesA list of IP subnets that are allowed to stream to the server.
Type: list of string
Default: [ ]
Example: [ "127.0.0.1" "192.168.1.0/24" ]
Declared by:
<nixpkgs/nixos/modules/config/pulseaudio.nix>
|
hardware.pulseaudio.zeroconf.discovery.enableWhether to enable discovery of pulseaudio sinks in the local network.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/config/pulseaudio.nix>
|
hardware.pulseaudio.zeroconf.publish.enableWhether to enable publishing the pulseaudio sink in the local network.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/config/pulseaudio.nix>
|
hardware.raid.HPSmartArray.enableWhether to enable HP Smart Array kernel modules and CLI utility.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/hardware/raid/hpsa.nix>
|
hardware.rasdaemon.enableWhether to enable RAS logging daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/hardware/rasdaemon.nix>
|
hardware.rasdaemon.configrasdaemon configuration, currently only used for CE PFA for details, read rasdaemon.outPath/etc/sysconfig/rasdaemon's comments
Type: strings concatenated with "\n"
Default: ""
Example:
'' # defaults from included config PAGE_CE_REFRESH_CYCLE="24h" PAGE_CE_THRESHOLD="50" PAGE_CE_ACTION="soft" ''
Declared by:
<nixpkgs/nixos/modules/services/hardware/rasdaemon.nix>
|
hardware.rasdaemon.extraModulesextra kernel modules to load
Type: list of string
Default: [ ]
Example:
[ "i7core_edac" ]
Declared by:
<nixpkgs/nixos/modules/services/hardware/rasdaemon.nix>
|
hardware.rasdaemon.labelsAdditional memory module label descriptions to be placed in /etc/ras/dimm_labels.d/labels
Type: strings concatenated with "\n"
Default: ""
Example:
''
# vendor and model may be shown by 'ras-mc-ctl --mainboard'
vendor: ASRock
product: To Be Filled By O.E.M.
model: B450M Pro4
# these labels are names for the motherboard slots
# the numbers may be shown by `ras-mc-ctl --error-count`
# they are mc:csrow:channel
DDR4_A1: 0.2.0; DDR4_B1: 0.2.1;
DDR4_A2: 0.3.0; DDR4_B2: 0.3.1;
''Declared by:
<nixpkgs/nixos/modules/services/hardware/rasdaemon.nix>
|
hardware.rasdaemon.mainboardCustom mainboard description, see ras-mc-ctl(8) for more details.
Type: strings concatenated with "\n"
Default: ""
Example:
'' vendor = ASRock model = B450M Pro4 # it should default to such values from # /sys/class/dmi/id/board_[vendor|name] # alternatively one can supply a script # that returns the same format as above script = <path to script> ''
Declared by:
<nixpkgs/nixos/modules/services/hardware/rasdaemon.nix>
|
hardware.rasdaemon.recordrecord events via sqlite3, required for ras-mc-ctl
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/hardware/rasdaemon.nix>
|
hardware.rasdaemon.testingWhether to enable error injection infrastructure.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/hardware/rasdaemon.nix>
|
hardware.rtl-sdr.enableEnables rtl-sdr udev rules, ensures 'plugdev' group exists, and blacklists DVB kernel modules. This is a prerequisite to using devices supported by rtl-sdr without being root, since rtl-sdr USB descriptors will be owned by plugdev through udev.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/hardware/rtl-sdr.nix>
|
hardware.saleae-logic.enableWhether to enable udev rules for Saleae Logic devices.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/hardware/saleae-logic.nix>
|
hardware.saleae-logic.packageSaleae Logic package to use.
Type: package
Default: pkgs.saleae-logic-2
Declared by:
<nixpkgs/nixos/modules/hardware/saleae-logic.nix>
|
hardware.sane.enableEnable support for SANE scanners.
Users in the "scanner" group will gain access to the scanner, or the "lp" group if it's also a printer.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/hardware/sane.nix>
|
hardware.sane.brscan4.enableWhen enabled, will automatically register the "brscan4" sane backend and bring configuration files to their expected location.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/hardware/sane_extra_backends/brscan4.nix>
|
hardware.sane.brscan4.netDevicesThe list of network devices that will be registered against the brscan4 sane backend.
Type: attribute set of (submodule)
Default: { }
Example:
{
office1 = {
ip = "192.168.1.2";
model = "MFC-7860DW";
};
office2 = {
model = "MFC-7860DW";
nodename = "BRW0080927AFBCE";
};
}Declared by:
<nixpkgs/nixos/modules/services/hardware/sane_extra_backends/brscan4.nix>
|
hardware.sane.brscan4.netDevices.<name>.ipThe ip address of the device. If undefined, you will have to provide a nodename.
Type: null or string
Default: null
Example: "192.168.1.2"
Declared by:
<nixpkgs/nixos/modules/services/hardware/sane_extra_backends/brscan4.nix>
|
hardware.sane.brscan4.netDevices.<name>.modelThe model of the network device.
Type: string
Example: "MFC-7860DW"
Declared by:
<nixpkgs/nixos/modules/services/hardware/sane_extra_backends/brscan4.nix>
|
hardware.sane.brscan4.netDevices.<name>.nameThe friendly name you give to the network device. If undefined, the name of attribute will be used.
Type: string
Example: "office1"
Declared by:
<nixpkgs/nixos/modules/services/hardware/sane_extra_backends/brscan4.nix>
|
hardware.sane.brscan4.netDevices.<name>.nodenameThe node name of the device. If undefined, you will have to provide an ip.
Type: null or string
Default: null
Example: "BRW0080927AFBCE"
Declared by:
<nixpkgs/nixos/modules/services/hardware/sane_extra_backends/brscan4.nix>
|
hardware.sane.brscan5.enableWhether to enable the Brother brscan5 sane backend.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/hardware/sane_extra_backends/brscan5.nix>
|
hardware.sane.brscan5.netDevicesThe list of network devices that will be registered against the brscan5 sane backend.
Type: attribute set of (submodule)
Default: { }
Example:
{
office1 = {
ip = "192.168.1.2";
model = "MFC-7860DW";
};
office2 = {
model = "MFC-7860DW";
nodename = "BRW0080927AFBCE";
};
}Declared by:
<nixpkgs/nixos/modules/services/hardware/sane_extra_backends/brscan5.nix>
|
hardware.sane.brscan5.netDevices.<name>.ipThe ip address of the device. If undefined, you will have to provide a nodename.
Type: null or string
Default: null
Example: "192.168.1.2"
Declared by:
<nixpkgs/nixos/modules/services/hardware/sane_extra_backends/brscan5.nix>
|
hardware.sane.brscan5.netDevices.<name>.modelThe model of the network device.
Type: string
Example: "ADS-1200"
Declared by:
<nixpkgs/nixos/modules/services/hardware/sane_extra_backends/brscan5.nix>
|
hardware.sane.brscan5.netDevices.<name>.nameThe friendly name you give to the network device. If undefined, the name of attribute will be used.
Type: string
Example: "office1"
Declared by:
<nixpkgs/nixos/modules/services/hardware/sane_extra_backends/brscan5.nix>
|
hardware.sane.brscan5.netDevices.<name>.nodenameThe node name of the device. If undefined, you will have to provide an ip.
Type: null or string
Default: null
Example: "BRW0080927AFBCE"
Declared by:
<nixpkgs/nixos/modules/services/hardware/sane_extra_backends/brscan5.nix>
|
hardware.sane.disabledDefaultBackendsNames of backends which are enabled by default but should be disabled.
See $SANE_CONFIG_DIR/dll.conf for the list of possible names.
Type: list of string
Default: [ ]
Example:
[ "v4l" ]
Declared by:
<nixpkgs/nixos/modules/services/hardware/sane.nix>
|
hardware.sane.drivers.scanSnap.enableWhether to enable drivers for the Fujitsu ScanSnap scanners.
The driver files are unfree and extracted from the Windows driver image.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/hardware/sane.nix>
|
hardware.sane.drivers.scanSnap.packageEpjitsu driver package to use. Useful if you want to extract the driver files yourself.
The process is described in the /etc/sane.d/epjitsu.conf file in
the sane-backends package.
Type: package
Default: pkgs.sane-drivers.epjitsu
Declared by:
<nixpkgs/nixos/modules/services/hardware/sane.nix>
|
hardware.sane.dsseries.enableWhen enabled, will automatically register the "dsseries" SANE backend.
This supports the Brother DSmobile scanner series, including the DS-620, DS-720D, DS-820W, and DS-920DW scanners.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/hardware/sane_extra_backends/dsseries.nix>
|
hardware.sane.extraBackendsPackages providing extra SANE backends to enable.
The example contains the package for HP scanners, and the package for Apple AirScan and Microsoft WSD support (supports many vendors/devices).
Type: list of path
Default: [ ]
Example: [ pkgs.hplipWithPlugin pkgs.sane-airscan ]
Declared by:
<nixpkgs/nixos/modules/services/hardware/sane.nix>
|
hardware.sane.netConfNetwork hosts that should be probed for remote scanners.
Type: strings concatenated with "\n"
Default: ""
Example: "192.168.0.16"
Declared by:
<nixpkgs/nixos/modules/services/hardware/sane.nix>
|
hardware.sane.openFirewallOpen ports needed for discovery of scanners on the local network, e.g. needed for Canon scanners (BJNP protocol).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/hardware/sane.nix>
|
hardware.sane.snapshotUse a development snapshot of SANE scanner drivers.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/hardware/sane.nix>
|
hardware.sata.timeout.enableWhether to enable SATA drive timeouts.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/hardware/sata.nix>
|
hardware.sata.timeout.deciSecondsSet SCT Error Recovery Control timeout in deciseconds for use in RAID configurations.
Values are as follows: 0 = disable SCT ERT 70 = default in consumer drives (7 seconds)
Maximum is disk dependant but probably 60 seconds.
Type: signed integer
Example: 70
Declared by:
<nixpkgs/nixos/modules/hardware/sata.nix>
|
hardware.sata.timeout.drivesList of drives for which to configure the timeout.
Type: list of (submodule)
Declared by:
<nixpkgs/nixos/modules/hardware/sata.nix>
|
hardware.sata.timeout.drives.*.idByThe method to identify the drive.
Type: one of "path", "wwn"
Default: "path"
Declared by:
<nixpkgs/nixos/modules/hardware/sata.nix>
|
hardware.sata.timeout.drives.*.nameDrive name without the full path.
Type: string
Declared by:
<nixpkgs/nixos/modules/hardware/sata.nix>
|
hardware.sensor.hddtemp.enableEnable this option to support HDD/SSD temperature sensors.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/hardware/sensor/hddtemp.nix>
|
hardware.sensor.hddtemp.dbEntriesAdditional DB entries
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/hardware/sensor/hddtemp.nix>
|
hardware.sensor.hddtemp.drivesList of drives to monitor. If you pass /dev/disk/by-path/* entries the symlinks will be resolved as hddtemp doesn't like names with colons.
Type: list of string
Declared by:
<nixpkgs/nixos/modules/hardware/sensor/hddtemp.nix>
|
hardware.sensor.hddtemp.extraArgsAdditional arguments passed to the daemon.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/hardware/sensor/hddtemp.nix>
|
hardware.sensor.hddtemp.unitCelcius or Fahrenheit
Type: one of "C", "F"
Default: "C"
Declared by:
<nixpkgs/nixos/modules/hardware/sensor/hddtemp.nix>
|
hardware.sensor.iio.enableEnable this option to support IIO sensors with iio-sensor-proxy.
IIO sensors are used for orientation and ambient light sensors on some mobile devices.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/hardware/sensor/iio.nix>
|
hardware.spacenavd.enableWhether to enable spacenavd to support 3DConnexion devices.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/hardware/spacenavd.nix>
|
hardware.steam-hardware.enableEnable udev rules for Steam hardware such as the Steam Controller, other supported controllers and the HTC Vive
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/hardware/steam-hardware.nix>
|
hardware.system76.enableAllWhether to enable all recommended configuration for system76 systems.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/hardware/system-76.nix>
|
hardware.system76.firmware-daemon.enableWhether to enable the system76 firmware daemon
Type: boolean
Default: config.hardware.system76.enableAll
Example: true
Declared by:
<nixpkgs/nixos/modules/hardware/system-76.nix>
|
hardware.system76.kernel-modules.enableWhether to make the system76 out-of-tree kernel modules available
Type: boolean
Default: config.hardware.system76.enableAll
Example: true
Declared by:
<nixpkgs/nixos/modules/hardware/system-76.nix>
|
hardware.system76.power-daemon.enableWhether to enable the system76 power daemon
Type: boolean
Default: config.hardware.system76.enableAll
Example: true
Declared by:
<nixpkgs/nixos/modules/hardware/system-76.nix>
|
hardware.trackpoint.enableEnable sensitivity and speed configuration for trackpoints.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/tasks/trackpoint.nix>
|
hardware.trackpoint.deviceThe device name of the trackpoint. You can check with xinput. Some newer devices (example x1c6) use "TPPS/2 Elan TrackPoint".
Type: string
Default: "TPPS/2 IBM TrackPoint"
Declared by:
<nixpkgs/nixos/modules/tasks/trackpoint.nix>
|
hardware.trackpoint.emulateWheelEnable scrolling while holding the middle mouse button.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/tasks/trackpoint.nix>
|
hardware.trackpoint.fakeButtonsSwitch to "bare" PS/2 mouse support in case Trackpoint buttons are not recognized properly. This can happen for example on models like the L430, T450, T450s, on which the Trackpoint buttons are actually a part of the Synaptics touchpad.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/tasks/trackpoint.nix>
|
hardware.trackpoint.sensitivityConfigure the trackpoint sensitivity. By default, the kernel configures 128.
Type: signed integer
Default: 128
Example: 255
Declared by:
<nixpkgs/nixos/modules/tasks/trackpoint.nix>
|
hardware.trackpoint.speedConfigure the trackpoint speed. By default, the kernel configures 97.
Type: signed integer
Default: 97
Example: 255
Declared by:
<nixpkgs/nixos/modules/tasks/trackpoint.nix>
|
hardware.tuxedo-keyboard.enableWhether to enable Enables the tuxedo-keyboard driver.
To configure the driver, pass the options to the boot.kernelParams configuration.
There are several parameters you can change. It's best to check at the source code description which options are supported.
You can find all the supported parameters at: https://github.com/tuxedocomputers/tuxedo-keyboard#kernelparam
In order to use the custom lighting with the maximumg brightness and a color of 0xff0a0a one would put pass boot.kernelParams like this:
boot.kernelParams = [ "tuxedo_keyboard.mode=0" "tuxedo_keyboard.brightness=255" "tuxedo_keyboard.color_left=0xff0a0a" ];
.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/hardware/tuxedo-keyboard.nix>
|
hardware.ubertooth.enableWhether to enable Ubertooth software and its udev rules.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/hardware/ubertooth.nix>
|
hardware.ubertooth.groupGroup for Ubertooth's udev rules.
Type: string
Default: "ubertooth"
Example: "wheel"
Declared by:
<nixpkgs/nixos/modules/hardware/ubertooth.nix>
|
hardware.uinput.enableWhether to enable uinput support.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/hardware/uinput.nix>
|
hardware.usbStorage.manageStartStopEnable this option to gracefully spin-down external storage during shutdown.
If you suspect improper head parking after poweroff, install smartmontools and check
for the Power-Off_Retract_Count field for an increment.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/hardware/usb-storage.nix>
|
hardware.usbWwan.enableEnable this option to support USB WWAN adapters.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/hardware/usb-wwan.nix>
|
hardware.video.hidpi.enableWhether to enable Font/DPI configuration optimized for HiDPI displays.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/hardware/video/hidpi.nix>
|
hardware.wirelessRegulatoryDatabaseLoad the wireless regulatory database at boot.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/hardware/all-firmware.nix>
|
hardware.wooting.enableWhether to enable support for Wooting keyboards.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/hardware/wooting.nix>
|
hardware.xone.enableWhether to enable the xone driver for Xbox One and Xbobx Series X|S accessories.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/hardware/xone.nix>
|
hardware.xpadneo.enableWhether to enable the xpadneo driver for Xbox One wireless controllers.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/hardware/xpadneo.nix>
|
i18n.defaultLocaleThe default locale. It determines the language for program messages, the format for dates and times, sort order, and so on. It also determines the character set, such as UTF-8.
Type: string
Default: "en_US.UTF-8"
Example: "nl_NL.UTF-8"
Declared by:
<nixpkgs/nixos/modules/config/i18n.nix>
|
i18n.extraLocaleSettingsA set of additional system-wide locale settings other than
LANG which can be configured with
i18n.defaultLocale.
Type: attribute set of string
Default: { }
Example:
{
LC_MESSAGES = "en_US.UTF-8";
LC_TIME = "de_DE.UTF-8";
}Declared by:
<nixpkgs/nixos/modules/config/i18n.nix>
|
i18n.glibcLocalesCustomized pkg.glibcLocales package.
Changing this option can disable handling of i18n.defaultLocale and supportedLocale.
Type: path
Default:
pkgs.glibcLocales.override {
allLocales = any (x: x == "all") config.i18n.supportedLocales;
locales = config.i18n.supportedLocales;
}
Example: pkgs.glibcLocales
Declared by:
<nixpkgs/nixos/modules/config/i18n.nix>
|
i18n.inputMethod.enabledSelect the enabled input method. Input methods is a software to input symbols that are not available on standard input devices.
Input methods are specially used to input Chinese, Japanese and Korean characters.
Currently the following input methods are available in NixOS:
ibus: The intelligent input bus, extra input engines can be added using i18n.inputMethod.ibus.engines.
fcitx: A customizable lightweight input method, extra input engines can be added using i18n.inputMethod.fcitx.engines.
fcitx5: The next generation of fcitx, addons (including engines, dictionaries, skins) can be added using i18n.inputMethod.fcitx5.addons.
nabi: A Korean input method based on XIM. Nabi doesn't support Qt 5.
uim: The universal input method, is a library with a XIM bridge. uim mainly support Chinese, Japanese and Korean.
hime: An extremely easy-to-use input method framework.
kime: Koream IME.
Type: null or one of "ibus", "fcitx", "fcitx5", "nabi", "uim", "hime", "kime"
Default: null
Example: "fcitx"
Declared by:
<nixpkgs/nixos/modules/i18n/input-method/default.nix>
|
i18n.inputMethod.fcitx.enginesEnabled Fcitx engines. Available engines are: anthy, chewing, cloudpinyin, hangul, libpinyin, m17n, mozc, rime, skk, table-extra, table-other, unikey.
Type: list of package
Default: [ ]
Example: with pkgs.fcitx-engines; [ mozc hangul ]
Declared by:
<nixpkgs/nixos/modules/i18n/input-method/fcitx.nix>
|
i18n.inputMethod.fcitx5.enableRimeDataWhether to enable default rime-data with fcitx5-rime.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/i18n/input-method/fcitx5.nix>
|
i18n.inputMethod.fcitx5.addonsEnabled Fcitx5 addons.
Type: list of package
Default: [ ]
Example: with pkgs; [ fcitx5-rime ]
Declared by:
<nixpkgs/nixos/modules/i18n/input-method/fcitx5.nix>
|
i18n.inputMethod.ibus.enginesEnabled IBus engines. Available engines are: anthy, bamboo, hangul, kkc, libpinyin, libthai, m17n, mozc, rime, table, table-chinese, table-others, typing-booster, typing-booster-unwrapped, uniemoji.
Type: list of package
Default: [ ]
Example: with pkgs.ibus-engines; [ mozc hangul ]
Declared by:
<nixpkgs/nixos/modules/i18n/input-method/ibus.nix>
|
i18n.inputMethod.ibus.panelReplace the IBus panel with another panel.
Type: null or path
Default: null
Example: "${pkgs.plasma5Packages.plasma-desktop}/lib/libexec/kimpanel-ibus-panel"
Declared by:
<nixpkgs/nixos/modules/i18n/input-method/ibus.nix>
|
i18n.inputMethod.kime.configkime configuration. Refer to https://github.com/Riey/kime/blob/v2.5.6/docs/CONFIGURATION.md for details on supported values.
Type: YAML value
Default: { }
Example:
{
daemon = {
modules = ["Xim" "Indicator"];
};
indicator = {
icon_color = "White";
};
engine = {
hangul = {
layout = "dubeolsik";
};
};
}
Declared by:
<nixpkgs/nixos/modules/i18n/input-method/kime.nix>
|
i18n.inputMethod.uim.toolbarselected UIM toolbar.
Type: one of "gtk", "gtk3", "gtk-systray", "gtk3-systray", "qt4"
Default: "gtk"
Example: "gtk-systray"
Declared by:
<nixpkgs/nixos/modules/i18n/input-method/uim.nix>
|
i18n.supportedLocalesList of locales that the system should support. The value
"all" means that all locales supported by
Glibc will be installed. A full list of supported locales
can be found at https://sourceware.org/git/?p=glibc.git;a=blob;f=localedata/SUPPORTED.
Type: list of string
Default:
unique
(builtins.map (l: (replaceStrings [ "utf8" "utf-8" "UTF8" ] [ "UTF-8" "UTF-8" "UTF-8" ] l) + "/UTF-8") (
[
"C.UTF-8"
config.i18n.defaultLocale
] ++ (attrValues (filterAttrs (n: v: n != "LANGUAGE") config.i18n.extraLocaleSettings))
))
Example:
[ "en_US.UTF-8/UTF-8" "nl_NL.UTF-8/UTF-8" "nl_NL/ISO-8859-1" ]
Declared by:
<nixpkgs/nixos/modules/config/i18n.nix>
|
krb5.enableWhether to enable building krb5.conf, configuration file for Kerberos V.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/config/krb5/default.nix>
|
krb5.appdefaultsSettings used by some Kerberos V5 applications.
Type: (attribute set) or strings concatenated with "\n"
Default: { }
Example:
{
pam = {
debug = false;
ticket_lifetime = 36000;
renew_lifetime = 36000;
max_timeout = 30;
timeout_shift = 2;
initial_timeout = 1;
};
};
Declared by:
<nixpkgs/nixos/modules/config/krb5/default.nix>
|
krb5.capathsAuthentication paths for non-hierarchical cross-realm authentication.
Type: (attribute set) or strings concatenated with "\n"
Default: { }
Example:
{
"ATHENA.MIT.EDU" = {
"EXAMPLE.COM" = ".";
};
"EXAMPLE.COM" = {
"ATHENA.MIT.EDU" = ".";
};
};
Declared by:
<nixpkgs/nixos/modules/config/krb5/default.nix>
|
krb5.configVerbatim krb5.conf configuration. Note that this
is mutually exclusive with configuration via
libdefaults, realms,
domain_realm, capaths,
appdefaults, plugins and
extraConfig configuration options. Consult
man krb5.conf for documentation.
Type: null or strings concatenated with "\n"
Default: null
Example:
''
[libdefaults]
default_realm = EXAMPLE.COM
[realms]
EXAMPLE.COM = {
admin_server = kerberos.example.com
kdc = kerberos.example.com
default_principal_flags = +preauth
}
[domain_realm]
example.com = EXAMPLE.COM
.example.com = EXAMPLE.COM
[logging]
kdc = SYSLOG:NOTICE
admin_server = SYSLOG:NOTICE
default = SYSLOG:NOTICE
''Declared by:
<nixpkgs/nixos/modules/config/krb5/default.nix>
|
krb5.defaultRealmDEPRECATED, please use
krb5.libdefaults.default_realm.
Type: null or string
Default: null
Example: "ATHENA.MIT.EDU"
Declared by:
<nixpkgs/nixos/modules/config/krb5/default.nix>
|
krb5.domainRealmDEPRECATED, please create a map of server hostnames to Kerberos realms
in krb5.domain_realm.
Type: null or string
Default: null
Example: "athena.mit.edu"
Declared by:
<nixpkgs/nixos/modules/config/krb5/default.nix>
|
krb5.domain_realmMap of server hostnames to Kerberos realms.
Type: (attribute set) or strings concatenated with "\n"
Default: { }
Example:
{
"example.com" = "EXAMPLE.COM";
".example.com" = "EXAMPLE.COM";
};
Declared by:
<nixpkgs/nixos/modules/config/krb5/default.nix>
|
krb5.extraConfigThese lines go to the end of krb5.conf verbatim.
krb5.conf may include any of the relations that are
valid for kdc.conf (see man kdc.conf),
but it is not a recommended practice.
Type: null or strings concatenated with "\n"
Default: null
Example:
''
[logging]
kdc = SYSLOG:NOTICE
admin_server = SYSLOG:NOTICE
default = SYSLOG:NOTICE
''Declared by:
<nixpkgs/nixos/modules/config/krb5/default.nix>
|
krb5.kdcDEPRECATED, please pass a kdc attribute to a realm
in krb5.realms.
Type: null or string
Default: null
Example: "kerberos.mit.edu"
Declared by:
<nixpkgs/nixos/modules/config/krb5/default.nix>
|
krb5.kerberosThe Kerberos implementation that will be present in
environment.systemPackages after enabling this
service.
Type: package
Default: pkgs.krb5
Example: pkgs.heimdal
Declared by:
<nixpkgs/nixos/modules/config/krb5/default.nix>
|
krb5.kerberosAdminServerDEPRECATED, please pass an admin_server attribute
to a realm in krb5.realms.
Type: null or string
Default: null
Example: "kerberos.mit.edu"
Declared by:
<nixpkgs/nixos/modules/config/krb5/default.nix>
|
krb5.libdefaultsSettings used by the Kerberos V5 library.
Type: (attribute set) or strings concatenated with "\n"
Default: { }
Example:
{
default_realm = "ATHENA.MIT.EDU";
};
Declared by:
<nixpkgs/nixos/modules/config/krb5/default.nix>
|
krb5.pluginsControls plugin module registration.
Type: (attribute set) or strings concatenated with "\n"
Default: { }
Example:
{
ccselect = {
disable = "k5identity";
};
};
Declared by:
<nixpkgs/nixos/modules/config/krb5/default.nix>
|
krb5.realmsRealm-specific contact information and settings.
Type: (attribute set) or strings concatenated with "\n"
Default: { }
Example:
{
"ATHENA.MIT.EDU" = {
admin_server = "athena.mit.edu";
kdc = [
"athena01.mit.edu"
"athena02.mit.edu"
];
};
};
Declared by:
<nixpkgs/nixos/modules/config/krb5/default.nix>
|
libThis option allows modules to define helper functions, constants, etc.
Type: attribute set of (attribute set)
Default: { }
Declared by:
<nixpkgs/nixos/modules/misc/lib.nix>
|
location.latitudeYour current latitude, between
-90.0 and 90.0. Must be provided
along with longitude.
Type: floating point number
Declared by:
<nixpkgs/nixos/modules/config/locale.nix>
|
location.longitudeYour current longitude, between
between -180.0 and 180.0. Must be
provided along with latitude.
Type: floating point number
Declared by:
<nixpkgs/nixos/modules/config/locale.nix>
|
location.providerThe location provider to use for determining your location. If set to
manual you must also provide latitude/longitude.
Type: one of "manual", "geoclue2"
Default: "manual"
Declared by:
<nixpkgs/nixos/modules/config/locale.nix>
|
networking.enableB43FirmwareTurn on this option if you want firmware for the NICs supported by the b43 module.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/hardware/network/b43.nix>
|
networking.enableIPv6Whether to enable support for IPv6.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.enableIntel2200BGFirmwareTurn on this option if you want firmware for the Intel PRO/Wireless 2200BG to be loaded automatically. This is required if you want to use this device.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/hardware/network/intel-2200bg.nix>
|
networking.bondsThis option allows you to define bond devices that aggregate multiple, underlying networking interfaces together. The value of this option is an attribute set. Each attribute specifies a bond, with the attribute name specifying the name of the bond's network interface
Type: attribute set of (submodule)
Default: { }
Example:
{
bond0 = {
interfaces = [ "eth0" "wlan0" ];
driverOptions = {
miimon = "100";
mode = "active-backup";
}
;
};
anotherBond.interfaces = [ "enp4s0f0" "enp4s0f1" "enp5s0f0" "enp5s0f1" ];
}
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.bonds.<name>.driverOptionsOptions for the bonding driver. Documentation can be found in https://www.kernel.org/doc/Documentation/networking/bonding.txt
Type: attribute set of string
Default: { }
Example:
{
miimon = "100";
mode = "active-backup";
}
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.bonds.<name>.interfacesThe interfaces to bond together
Type: list of string
Example:
[ "enp4s0f0" "enp4s0f1" "wlan0" ]
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.bonds.<name>.lacp_rateDEPRECATED, use driverOptions.
Option specifying the rate in which we'll ask our link partner
to transmit LACPDU packets in 802.3ad mode.
Type: null or string
Default: null
Example: "fast"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.bonds.<name>.miimonDEPRECATED, use driverOptions.
Miimon is the number of millisecond in between each round of polling
by the device driver for failed links. By default polling is not
enabled and the driver is trusted to properly detect and handle
failure scenarios.
Type: null or signed integer
Default: null
Example: 100
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.bonds.<name>.modeDEPRECATED, use driverOptions.
The mode which the bond will be running. The default mode for
the bonding driver is balance-rr, optimizing for throughput.
More information about valid modes can be found at
https://www.kernel.org/doc/Documentation/networking/bonding.txt
Type: null or string
Default: null
Example: "active-backup"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.bonds.<name>.xmit_hash_policyDEPRECATED, use driverOptions.
Selects the transmit hash policy to use for slave selection in
balance-xor, 802.3ad, and tlb modes.
Type: null or string
Default: null
Example: "layer2+3"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.bridgesThis option allows you to define Ethernet bridge devices that connect physical networks together. The value of this option is an attribute set. Each attribute specifies a bridge, with the attribute name specifying the name of the bridge's network interface.
Type: attribute set of (submodule)
Default: { }
Example:
{
br0 = {
interfaces = [
"eth0"
"eth1"
];
};
br1 = {
interfaces = [
"eth2"
"wlan0"
];
};
}Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.bridges.<name>.interfacesThe physical network interfaces connected by the bridge.
Type: list of string
Example:
[ "eth0" "eth1" ]
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.bridges.<name>.rstpWhether the bridge interface should enable rstp.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.defaultGatewayThe default gateway. It can be left empty if it is auto-detected through DHCP. It can be specified as a string or an option set along with a network interface.
Type: null or ((submodule) or string convertible to it)
Default: null
Example:
{
address = "131.211.84.1";
interface = "enp3s0";
}Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.defaultGateway.addressThe default gateway address.
Type: string
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.defaultGateway.interfaceThe default gateway interface.
Type: null or string
Default: null
Example: "enp0s3"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.defaultGateway.metricThe default gateway metric/preference.
Type: null or signed integer
Default: null
Example: 42
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.defaultGateway6The default ipv6 gateway. It can be left empty if it is auto-detected through DHCP. It can be specified as a string or an option set along with a network interface.
Type: null or ((submodule) or string convertible to it)
Default: null
Example:
{
address = "2001:4d0:1e04:895::1";
interface = "enp3s0";
}Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.defaultGateway6.addressThe default gateway address.
Type: string
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.defaultGateway6.interfaceThe default gateway interface.
Type: null or string
Default: null
Example: "enp0s3"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.defaultGateway6.metricThe default gateway metric/preference.
Type: null or signed integer
Default: null
Example: 42
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.defaultGatewayWindowSizeThe window size of the default gateway. It limits maximal data bursts that TCP peers are allowed to send to us.
Type: null or signed integer
Default: null
Example: 524288
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.dhcpcd.enableWhether to enable dhcpcd for device configuration. This is mainly to explicitly disable dhcpcd (for example when using networkd).
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpcd.nix>
|
networking.dhcpcd.allowInterfacesEnable the DHCP client for any interface whose name matches any of the shell glob patterns in this list. Any interface not explicitly matched by this pattern will be denied. This pattern only applies when non-null.
Type: null or (list of string)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpcd.nix>
|
networking.dhcpcd.denyInterfacesDisable the DHCP client for any interface whose name matches any of the shell glob patterns in this list. The purpose of this option is to blacklist virtual interfaces such as those created by Xen, libvirt, LXC, etc.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpcd.nix>
|
networking.dhcpcd.extraConfigLiteral string to append to the config file generated for dhcpcd.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpcd.nix>
|
networking.dhcpcd.persistentWhenever to leave interfaces configured on dhcpcd daemon shutdown. Set to true if you have your root or store mounted over the network or this machine accepts SSH connections through DHCP interfaces and clients should be notified when it shuts down.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpcd.nix>
|
networking.dhcpcd.runHookShell code that will be run after all other hooks. See
man dhcpcd-run-hooks for details on what is possible.
Type: strings concatenated with "\n"
Default: ""
Example: "if [[ $reason =~ BOUND ]]; then echo $interface: Routers are $new_routers - were $old_routers; fi"
Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpcd.nix>
|
networking.dhcpcd.waitThis option specifies when the dhcpcd service will fork to background. If set to "background", dhcpcd will fork to background immediately. If set to "ipv4" or "ipv6", dhcpcd will wait for the corresponding IP address to be assigned. If set to "any", dhcpcd will wait for any type (IPv4 or IPv6) to be assigned. If set to "both", dhcpcd will wait for both an IPv4 and an IPv6 address before forking. The option "if-carrier-up" is equivalent to "any" if either ethernet is plugged nor WiFi is powered, and to "background" otherwise.
Type: one of "background", "any", "ipv4", "ipv6", "both", "if-carrier-up"
Default: "any"
Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpcd.nix>
|
networking.domainThe domain. It can be left empty if it is auto-detected through DHCP.
Type: null or string
Default: null
Example: "home.arpa"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.extraHostsAdditional verbatim entries to be appended to /etc/hosts.
For adding hosts from derivation results, use networking.hostFiles instead.
Type: strings concatenated with "\n"
Default: ""
Example: "192.168.0.1 lanlocalhost"
Declared by:
<nixpkgs/nixos/modules/config/networking.nix>
|
networking.firewall.enableWhether to enable the firewall. This is a simple stateful firewall that blocks connection attempts to unauthorised TCP or UDP ports on this machine. It does not affect packet forwarding.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
|
networking.firewall.packageThe iptables package to use for running the firewall service.
Type: package
Default: pkgs.iptables
Example: pkgs.iptables-legacy
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
|
networking.firewall.allowPingWhether to respond to incoming ICMPv4 echo requests ("pings"). ICMPv6 pings are always allowed because the larger address space of IPv6 makes network scanning much less effective.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
|
networking.firewall.allowedTCPPortRangesA range of TCP ports on which incoming connections are accepted.
Type: list of attribute set of 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: [ ]
Example:
[
{
from = 8999;
to = 9003;
}
]Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
|
networking.firewall.allowedTCPPortsList of TCP ports on which incoming connections are accepted.
Type: list of 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: [ ]
Example:
[ 22 80 ]
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
|
networking.firewall.allowedUDPPortRangesRange of open UDP ports.
Type: list of attribute set of 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: [ ]
Example:
[
{
from = 60000;
to = 61000;
}
]Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
|
networking.firewall.allowedUDPPortsList of open UDP ports.
Type: list of 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: [ ]
Example:
[ 53 ]
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
|
networking.firewall.autoLoadConntrackHelpersWhether to auto-load connection-tracking helpers. See the description at networking.firewall.connectionTrackingModules
(needs kernel 3.5+)
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
|
networking.firewall.checkReversePathPerforms a reverse path filter test on a packet. If a reply to the packet would not be sent via the same interface that the packet arrived on, it is refused.
If using asymmetric routing or other complicated routing, set this option to loose mode or disable it and setup your own counter-measures.
This option can be either true (or "strict"), "loose" (only drop the packet if the source address is not reachable via any interface) or false. Defaults to the value of kernelHasRPFilter.
Type: boolean or one of "strict", "loose"
Default: true if supported by the chosen kernel
Example: "loose"
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
|
networking.firewall.connectionTrackingModulesList of connection-tracking helpers that are auto-loaded. The complete list of possible values is given in the example.
As helpers can pose as a security risk, it is advised to set this to an empty list and disable the setting networking.firewall.autoLoadConntrackHelpers unless you know what you are doing. Connection tracking is disabled by default.
Loading of helpers is recommended to be done through the CT target. More info: https://home.regit.org/netfilter-en/secure-use-of-helpers/
Type: list of string
Default: [ ]
Example:
[ "ftp" "irc" "sane" "sip" "tftp" "amanda" "h323" "netbios_sn" "pptp" "snmp" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
|
networking.firewall.extraCommandsAdditional shell commands executed as part of the firewall initialisation script. These are executed just before the final "reject" firewall rule is added, so they can be used to allow packets that would otherwise be refused.
Type: strings concatenated with "\n"
Default: ""
Example: "iptables -A INPUT -p icmp -j ACCEPT"
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
|
networking.firewall.extraPackagesAdditional packages to be included in the environment of the system as well as the path of networking.firewall.extraCommands.
Type: list of package
Default: [ ]
Example: [ pkgs.ipset ]
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
|
networking.firewall.extraStopCommandsAdditional shell commands executed as part of the firewall shutdown script. These are executed just after the removal of the NixOS input rule, or if the service enters a failed state.
Type: strings concatenated with "\n"
Default: ""
Example: "iptables -P INPUT ACCEPT"
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
|
networking.firewall.interfacesInterface-specific open ports.
Type: attribute set of (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
|
networking.firewall.interfaces.<name>.allowedTCPPortRangesA range of TCP ports on which incoming connections are accepted.
Type: list of attribute set of 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: [ ]
Example:
[
{
from = 8999;
to = 9003;
}
]Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
|
networking.firewall.interfaces.<name>.allowedTCPPortsList of TCP ports on which incoming connections are accepted.
Type: list of 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: [ ]
Example:
[ 22 80 ]
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
|
networking.firewall.interfaces.<name>.allowedUDPPortRangesRange of open UDP ports.
Type: list of attribute set of 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: [ ]
Example:
[
{
from = 60000;
to = 61000;
}
]Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
|
networking.firewall.interfaces.<name>.allowedUDPPortsList of open UDP ports.
Type: list of 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: [ ]
Example:
[ 53 ]
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
|
networking.firewall.logRefusedConnectionsWhether to log rejected or dropped incoming connections. Note: The logs are found in the kernel logs, i.e. dmesg or journalctl -k.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
|
networking.firewall.logRefusedPacketsWhether to log all rejected or dropped incoming packets. This tends to give a lot of log messages, so it's mostly useful for debugging. Note: The logs are found in the kernel logs, i.e. dmesg or journalctl -k.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
|
networking.firewall.logRefusedUnicastsOnlyIf networking.firewall.logRefusedPackets
and this option are enabled, then only log packets
specifically directed at this machine, i.e., not broadcasts
or multicasts.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
|
networking.firewall.logReversePathDropsLogs dropped packets failing the reverse path filter test if the option networking.firewall.checkReversePath is enabled.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
|
networking.firewall.pingLimitIf pings are allowed, this allows setting rate limits on them. If non-null, this option should be in the form of flags like "--limit 1/minute --limit-burst 5"
Type: null or strings concatenated with " "
Default: null
Example: "--limit 1/minute --limit-burst 5"
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
|
networking.firewall.rejectPacketsIf set, refused packets are rejected rather than dropped (ignored). This means that an ICMP "port unreachable" error message is sent back to the client (or a TCP RST packet in case of an existing connection). Rejecting packets makes port scanning somewhat easier.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
|
networking.firewall.trustedInterfacesTraffic coming in from these interfaces will be accepted unconditionally. Traffic from the loopback (lo) interface will always be accepted.
Type: list of string
Default: [ ]
Example:
[ "enp0s2" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/firewall.nix>
|
networking.fooOverUDPThis option allows you to configure Foo Over UDP and Generic UDP Encapsulation endpoints. See ip-fou(8) for details.
Type: attribute set of (submodule)
Default: { }
Example:
{
backup = {
port = 9002;
};
primary = {
local = {
address = "192.0.2.1";
dev = "eth0";
};
port = 9001;
};
}Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.fooOverUDP.<name>.localLocal address (and optionally device) to bind to using the given port.
Type: null or (submodule)
Default: null
Example:
{
address = "203.0.113.22";
}Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.fooOverUDP.<name>.local.addressLocal address to bind to. The address must be available when the FOU
endpoint is created, using the scripted network setup this can be achieved
either by setting dev or adding dependency information to
systemd.services.<name>-fou-encap; it isn't supported
when using networkd.
Type: string
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.fooOverUDP.<name>.local.devNetwork device to bind to.
Type: null or string
Default: null
Example: "eth0"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.fooOverUDP.<name>.portLocal port of the encapsulation UDP socket.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.fooOverUDP.<name>.protocolProtocol number of the encapsulated packets. Specifying null
(the default) creates a GUE endpoint, specifying a protocol number will create
a FOU endpoint.
Type: null or integer between 1 and 255 (both inclusive)
Default: null
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.fqdnThe fully qualified domain name (FQDN) of this host. It is the result
of combining networking.hostName and networking.domain. Using this
option will result in an evaluation error if the hostname is empty or
no domain is specified.
Modules that accept a mere networing.hostName but prefer a fully qualified
domain name may use networking.fqdnOrHostName instead.
Type: string (read only)
Default: "${networking.hostName}.${networking.domain}"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.fqdnOrHostNameEither the fully qualified domain name (FQDN), or just the host name if it does not exists.
This is a convenience option for modules to read instead of fqdn when
a mere hostName is also an acceptable value; this option does not
throw an error when domain is unset.
Type: string (read only)
Default:
if cfg.domain == null then cfg.hostName else cfg.fqdn
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.greTunnelsThis option allows you to define Generic Routing Encapsulation (GRE) tunnels.
Type: attribute set of (submodule)
Default: { }
Example:
{
greBridge = {
remote = "10.0.0.1";
local = "10.0.0.22";
dev = "enp4s0f0";
type = "tap";
ttl = 255;
};
gre6Tunnel = {
remote = "fd7a:5634::1";
local = "fd7a:5634::2";
dev = "enp4s0f0";
type = "tun6";
ttl = 255;
};
}
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.greTunnels.<name>.devThe underlying network device on which the tunnel resides.
Type: null or string
Default: null
Example: "enp4s0f0"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.greTunnels.<name>.localThe address of the local endpoint which the remote side should send packets to.
Type: null or string
Default: null
Example: "10.0.0.22"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.greTunnels.<name>.remoteThe address of the remote endpoint to forward traffic over.
Type: null or string
Default: null
Example: "10.0.0.1"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.greTunnels.<name>.ttlThe time-to-live/hoplimit of the connection to the remote tunnel endpoint.
Type: null or signed integer
Default: null
Example: 255
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.greTunnels.<name>.typeWhether the tunnel routes layer 2 (tap) or layer 3 (tun) traffic.
Type: one of "tun", "tap", "tun6", "tap6"
Default: "tap"
Example: "tap"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.hostFilesFiles that should be concatenated together to form /etc/hosts.
Type: list of path
Example: [ "${pkgs.my-blocklist-package}/share/my-blocklist/hosts" ]
Declared by:
<nixpkgs/nixos/modules/config/networking.nix>
|
networking.hostIdThe 32-bit host ID of the machine, formatted as 8 hexadecimal characters.
You should try to make this ID unique among your machines. You can generate a random 32-bit ID using the following commands:
head -c 8 /etc/machine-id
(this derives it from the machine-id that systemd generates) or
head -c4 /dev/urandom | od -A none -t x4
The primary use case is to ensure when using ZFS that a pool isn't imported accidentally on a wrong machine.
Type: null or string
Default: null
Example: "4e98920d"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.hostNameThe name of the machine. Leave it empty if you want to obtain it from a DHCP server (if using DHCP). The hostname must be a valid DNS label (see RFC 1035 section 2.3.1: "Preferred name syntax", RFC 1123 section 2.1: "Host Names and Numbers") and as such must not contain the domain part. This means that the hostname must start with a letter or digit, end with a letter or digit, and have as interior characters only letters, digits, and hyphen. The maximum length is 63 characters. Additionally it is recommended to only use lower-case characters. If (e.g. for legacy reasons) a FQDN is required as the Linux kernel network node hostname (uname --nodename) the option boot.kernel.sysctl."kernel.hostname" can be used as a workaround (but the 64 character limit still applies).
WARNING: Do not use underscores (_) or you may run into unexpected issues.
Type: string matching the pattern ^$|^[[:alnum:]]([[:alnum:]_-]{0,61}[[:alnum:]])?$
Default: "nixos"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.hostsLocally defined maps of hostnames to IP addresses.
Type: attribute set of list of string
Example:
{
"127.0.0.1" = [ "foo.bar.baz" ];
"192.168.0.2" = [ "fileserver.local" "nameserver.local" ];
};
Declared by:
<nixpkgs/nixos/modules/config/networking.nix>
|
networking.interfacesThe configuration for each network interface. If
networking.useDHCP is true, then every
interface not listed here will be configured using DHCP.
Please note that systemd.network.netdevs has more features
and is better maintained. When building new things, it is advised to
use that instead.
Type: attribute set of (submodule)
Default: { }
Example:
{
eth0 = {
ipv4 = {
addresses = [
{
address = "131.211.84.78";
prefixLength = 25;
}
];
};
};
}Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.interfaces.<name>.ipv4.addressesList of IPv4 addresses that will be statically assigned to the interface.
Type: list of (submodule)
Default: [ ]
Example:
[
{
address = "10.0.0.1";
prefixLength = 16;
}
{
address = "192.168.1.1";
prefixLength = 24;
}
]Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.interfaces.<name>.ipv4.addresses.*.addressIPv4 address of the interface. Leave empty to configure the interface using DHCP.
Type: string
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.interfaces.<name>.ipv4.addresses.*.prefixLengthSubnet mask of the interface, specified as the number of
bits in the prefix (24).
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.interfaces.<name>.ipv4.routesList of extra IPv4 static routes that will be assigned to the interface.
If the route type is the default unicast, then the scope
is set differently depending on the value of networking.useNetworkd:
the script-based backend sets it to link, while networkd sets
it to global.
If you want consistency between the two implementations,
set the scope of the route manually with
networking.interfaces.eth0.ipv4.routes = [{ options.scope = "global"; }]
for example.
Type: list of (submodule)
Default: [ ]
Example:
[
{
address = "10.0.0.0";
prefixLength = 16;
}
{
address = "192.168.2.0";
prefixLength = 24;
via = "192.168.1.1";
}
]Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.interfaces.<name>.ipv4.routes.*.addressIPv4 address of the network.
Type: string
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.interfaces.<name>.ipv4.routes.*.optionsOther route options. See the symbol OPTIONS
in the ip-route(8) manual page for the details.
You may also specify metric,
src, protocol,
scope, from
and table, which are technically
not route options, in the sense used in the manual.
Type: attribute set of string
Default: { }
Example:
{
mtu = "1492";
window = "524288";
}Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.interfaces.<name>.ipv4.routes.*.prefixLengthSubnet mask of the network, specified as the number of
bits in the prefix (24).
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.interfaces.<name>.ipv4.routes.*.typeType of the route. See the Route types section
in the ip-route(8) manual page for the details.
Note that prohibit, blackhole,
unreachable, and throw cannot
be configured per device, so they are not available here. Similarly,
nat hasn't been supported since kernel 2.6.
Type: null or one of "unicast", "local", "broadcast", "multicast"
Default: null
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.interfaces.<name>.ipv4.routes.*.viaIPv4 address of the next hop.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.interfaces.<name>.ipv6.addressesList of IPv6 addresses that will be statically assigned to the interface.
Type: list of (submodule)
Default: [ ]
Example:
[
{
address = "fdfd:b3f0:482::1";
prefixLength = 48;
}
{
address = "2001:1470:fffd:2098::e006";
prefixLength = 64;
}
]Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.interfaces.<name>.ipv6.addresses.*.addressIPv6 address of the interface. Leave empty to configure the interface using DHCP.
Type: string
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.interfaces.<name>.ipv6.addresses.*.prefixLengthSubnet mask of the interface, specified as the number of
bits in the prefix (64).
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.interfaces.<name>.ipv6.routesList of extra IPv6 static routes that will be assigned to the interface.
Type: list of (submodule)
Default: [ ]
Example:
[
{
address = "fdfd:b3f0::";
prefixLength = 48;
}
{
address = "2001:1470:fffd:2098::";
prefixLength = 64;
via = "fdfd:b3f0::1";
}
]Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.interfaces.<name>.ipv6.routes.*.addressIPv6 address of the network.
Type: string
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.interfaces.<name>.ipv6.routes.*.optionsOther route options. See the symbol OPTIONS
in the ip-route(8) manual page for the details.
You may also specify metric,
src, protocol,
scope, from
and table, which are technically
not route options, in the sense used in the manual.
Type: attribute set of string
Default: { }
Example:
{
mtu = "1492";
window = "524288";
}Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.interfaces.<name>.ipv6.routes.*.prefixLengthSubnet mask of the network, specified as the number of
bits in the prefix (64).
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.interfaces.<name>.ipv6.routes.*.typeType of the route. See the Route types section
in the ip-route(8) manual page for the details.
Note that prohibit, blackhole,
unreachable, and throw cannot
be configured per device, so they are not available here. Similarly,
nat hasn't been supported since kernel 2.6.
Type: null or one of "unicast", "local", "broadcast", "multicast"
Default: null
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.interfaces.<name>.ipv6.routes.*.viaIPv6 address of the next hop.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.interfaces.<name>.macAddressMAC address of the interface. Leave empty to use the default.
Type: null or string
Default: null
Example: "00:11:22:33:44:55"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.interfaces.<name>.mtuMTU size for packets leaving the interface. Leave empty to use the default.
Type: null or signed integer
Default: null
Example: 9000
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.interfaces.<name>.nameName of the interface.
Type: string
Example: "eth0"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.interfaces.<name>.proxyARPTurn on proxy_arp for this device. This is mainly useful for creating pseudo-bridges between a real interface and a virtual network such as VPN or a virtual machine for interfaces that don't support real bridging (most wlan interfaces). As ARP proxying acts slightly above the link-layer, below-ip traffic isn't bridged, so things like DHCP won't work. The advantage above using NAT lies in the fact that no IP addresses are shared, so all hosts are reachable/routeable.
WARNING: turns on ip-routing, so if you have multiple interfaces, you should think of the consequence and setup firewall rules to limit this.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.interfaces.<name>.tempAddressWhen IPv6 is enabled with SLAAC, this option controls the use of temporary address (aka privacy extensions) on this interface. This is used to reduce tracking.
See also the global option
networking.tempAddresses, which
applies to all interfaces where this is not set.
Possible values are:
"default" to generate IPv6 temporary addresses and use these as source addresses in routing;
"disabled" to completely disable IPv6 temporary addresses;
"enabled" to generate IPv6 temporary addresses but still use EUI-64 addresses as source addresses;
Type: one of "default", "disabled", "enabled"
Default: config.networking.tempAddresses
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.interfaces.<name>.useDHCPWhether this interface should be configured with dhcp. Null implies the old behavior which depends on whether ip addresses are specified or not.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.interfaces.<name>.virtualWhether this interface is virtual and should be created by tunctl. This is mainly useful for creating bridges between a host and a virtual network such as VPN or a virtual machine.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.interfaces.<name>.virtualOwnerIn case of a virtual device, the user who owns it.
Type: string
Default: "root"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.interfaces.<name>.virtualTypeThe type of interface to create. The default is TUN for an interface name starting with "tun", otherwise TAP.
Type: one of "tun", "tap"
Default: if hasPrefix "tun" name then "tun" else "tap"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.interfaces.<name>.wakeOnLan.enableWhether to enable wol on this interface.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.iproute2.enableWhether to enable copy IP route configuration files.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/config/iproute2.nix>
|
networking.iproute2.rttablesExtraConfigVerbatim lines to add to /etc/iproute2/rt_tables
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/config/iproute2.nix>
|
networking.localCommandsShell commands to be executed at the end of the
network-setup systemd service. Note that if
you are using DHCP to obtain the network configuration,
interfaces may not be fully configured yet.
Type: strings concatenated with "\n"
Default: ""
Example: "text=anything; echo You can put $text here."
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.macvlansThis option allows you to define macvlan interfaces which should be automatically created.
Type: attribute set of (submodule)
Default: { }
Example:
{
wan = {
interface = "enp2s0";
mode = "vepa";
};
}
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.macvlans.<name>.interfaceThe interface the macvlan will transmit packets through.
Type: string
Example: "enp4s0"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.macvlans.<name>.modeThe mode of the macvlan device.
Type: null or string
Default: null
Example: "vepa"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.nameserversThe list of nameservers. It can be left empty if it is auto-detected through DHCP.
Type: list of string
Default: [ ]
Example:
[ "130.161.158.4" "130.161.33.17" ]
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.nat.enableWhether to enable Network Address Translation (NAT).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/nat.nix>
|
networking.nat.enableIPv6Whether to enable IPv6 NAT.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/nat.nix>
|
networking.nat.dmzHostThe local IP address to which all traffic that does not match any forwarding rule is forwarded.
Type: null or string
Default: null
Example: "10.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/nat.nix>
|
networking.nat.externalIPThe public IP address to which packets from the local network are to be rewritten. If this is left empty, the IP address associated with the external interface will be used.
Type: null or string
Default: null
Example: "203.0.113.123"
Declared by:
<nixpkgs/nixos/modules/services/networking/nat.nix>
|
networking.nat.externalIPv6The public IPv6 address to which packets from the local network are to be rewritten. If this is left empty, the IP address associated with the external interface will be used.
Type: null or string
Default: null
Example: "2001:dc0:2001:11::175"
Declared by:
<nixpkgs/nixos/modules/services/networking/nat.nix>
|
networking.nat.externalInterfaceThe name of the external network interface.
Type: null or string
Default: null
Example: "eth1"
Declared by:
<nixpkgs/nixos/modules/services/networking/nat.nix>
|
networking.nat.extraCommandsAdditional shell commands executed as part of the nat initialisation script.
Type: strings concatenated with "\n"
Default: ""
Example: "iptables -A INPUT -p icmp -j ACCEPT"
Declared by:
<nixpkgs/nixos/modules/services/networking/nat.nix>
|
networking.nat.extraStopCommandsAdditional shell commands executed as part of the nat teardown script.
Type: strings concatenated with "\n"
Default: ""
Example: "iptables -D INPUT -p icmp -j ACCEPT || true"
Declared by:
<nixpkgs/nixos/modules/services/networking/nat.nix>
|
networking.nat.forwardPortsList of forwarded ports from the external interface to internal destinations by using DNAT. Destination can be IPv6 if IPv6 NAT is enabled.
Type: list of (submodule)
Default: [ ]
Example:
[
{
destination = "10.0.0.1:80";
proto = "tcp";
sourcePort = 8080;
}
{
destination = "[fc00::2]:80";
proto = "tcp";
sourcePort = 8080;
}
]Declared by:
<nixpkgs/nixos/modules/services/networking/nat.nix>
|
networking.nat.forwardPorts.*.destinationForward connection to destination ip:port (or [ipv6]:port); to specify a port range, use ip:start-end
Type: string
Example: "10.0.0.1:80"
Declared by:
<nixpkgs/nixos/modules/services/networking/nat.nix>
|
networking.nat.forwardPorts.*.loopbackIPsPublic IPs for NAT reflection; for connections to `loopbackip:sourcePort' from the host itself and from other hosts behind NAT
Type: list of string
Default: [ ]
Example: [ "55.1.2.3" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/nat.nix>
|
networking.nat.forwardPorts.*.protoProtocol of forwarded connection
Type: string
Default: "tcp"
Example: "udp"
Declared by:
<nixpkgs/nixos/modules/services/networking/nat.nix>
|
networking.nat.forwardPorts.*.sourcePortSource port of the external interface; to specify a port range, use a string with a colon (e.g. "60000:61000")
Type: signed integer or string matching the pattern [[:digit:]]+:[[:digit:]]+
Example: 8080
Declared by:
<nixpkgs/nixos/modules/services/networking/nat.nix>
|
networking.nat.internalIPsThe IP address ranges for which to perform NAT. Packets coming from these addresses (on any interface) and destined for the external interface will be rewritten.
Type: list of string
Default: [ ]
Example:
[ "192.168.1.0/24" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/nat.nix>
|
networking.nat.internalIPv6sThe IPv6 address ranges for which to perform NAT. Packets coming from these addresses (on any interface) and destined for the external interface will be rewritten.
Type: list of string
Default: [ ]
Example:
[ "fc00::/64" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/nat.nix>
|
networking.nat.internalInterfacesThe interfaces for which to perform NAT. Packets coming from these interface and destined for the external interface will be rewritten.
Type: list of string
Default: [ ]
Example:
[ "eth0" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/nat.nix>
|
networking.networkmanager.enableWhether to use NetworkManager to obtain an IP address and other
configuration for all network interfaces that are not manually
configured. If enabled, a group networkmanager
will be created. Add all users that should have permission
to change network settings to this group.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
|
networking.networkmanager.enableFccUnlockEnable FCC unlock procedures. Since release 1.18.4, the ModemManager daemon no longer automatically performs the FCC unlock procedure by default. See the docs for more details.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
|
networking.networkmanager.enableStrongSwanEnable the StrongSwan plugin.
If you enable this option the
networkmanager_strongswan plugin will be added to
the networking.networkmanager.plugins option
so you don't need to do that yourself.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
|
networking.networkmanager.appendNameserversA list of name servers that should be appended to the ones configured in NetworkManager or received by DHCP.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
|
networking.networkmanager.connectionConfigConfiguration for the [connection] section of NetworkManager.conf. Refer to https://developer.gnome.org/NetworkManager/stable/NetworkManager.conf.html#id-1.2.3.11 or NetworkManager.conf(5) for more information.
Type: attribute set of (null or boolean or signed integer or string)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
|
networking.networkmanager.dhcpWhich program (or internal library) should be used for DHCP.
Type: one of "dhcpcd", "internal"
Default: "internal"
Declared by:
<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
|
networking.networkmanager.dispatcherScriptsA list of scripts which will be executed in response to network events.
Type: list of (submodule)
Default: [ ]
Example:
[ {
source = pkgs.writeText "upHook" ''
if [ "$2" != "up" ]; then
logger "exit: event $2 != up"
exit
fi
# coreutils and iproute are in PATH too
logger "Device $DEVICE_IFACE coming up"
'';
type = "basic";
} ]Declared by:
<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
|
networking.networkmanager.dispatcherScripts.*.sourcePath to the hook script.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
|
networking.networkmanager.dispatcherScripts.*.typeDispatcher hook type. Look up the hooks described at https://developer.gnome.org/NetworkManager/stable/NetworkManager.html and choose the type depending on the output folder. You should then filter the event type (e.g., "up"/"down") from within your script.
Type: one of "basic", "pre-down", "pre-up"
Default: "basic"
Declared by:
<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
|
networking.networkmanager.dnsSet the DNS (resolv.conf) processing mode.
A description of these modes can be found in the main section of https://developer.gnome.org/NetworkManager/stable/NetworkManager.conf.html or in NetworkManager.conf(5).
Type: one of "default", "dnsmasq", "unbound", "systemd-resolved", "none"
Default: "default"
Declared by:
<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
|
networking.networkmanager.ethernet.macAddressSet the MAC address of the interface.
"XX:XX:XX:XX:XX:XX": MAC address of the interface
"permanent": Use the permanent MAC address of the device
"preserve": Don’t change the MAC address of the device upon activation
"random": Generate a randomized value upon each connect
"stable": Generate a stable, hashed MAC address
Type: string or one of "permanent", "preserve", "random", "stable"
Default: "preserve"
Example: "00:11:22:33:44:55"
Declared by:
<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
|
networking.networkmanager.extraConfigConfiguration appended to the generated NetworkManager.conf. Refer to https://developer.gnome.org/NetworkManager/stable/NetworkManager.conf.html or NetworkManager.conf(5) for more information.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
|
networking.networkmanager.firewallBackendWhich firewall backend should be used for configuring masquerading with shared mode. If set to none, NetworkManager doesn't manage the configuration at all.
Type: one of "iptables", "nftables", "none"
Default: "iptables"
Declared by:
<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
|
networking.networkmanager.insertNameserversA list of name servers that should be inserted before the ones configured in NetworkManager or received by DHCP.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
|
networking.networkmanager.logLevelSet the default logging verbosity level.
Type: one of "OFF", "ERR", "WARN", "INFO", "DEBUG", "TRACE"
Default: "WARN"
Declared by:
<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
|
networking.networkmanager.pluginsList of NetworkManager plug-ins to enable. Some plug-ins are enabled by the NetworkManager module by default.
Type: list of NetworkManager plug-in
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
|
networking.networkmanager.unmanagedList of interfaces that will not be managed by NetworkManager. Interface name can be specified here, but if you need more fidelity, refer to https://developer.gnome.org/NetworkManager/stable/NetworkManager.conf.html#device-spec or the "Device List Format" Appendix of NetworkManager.conf(5).
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
|
networking.networkmanager.wifi.backendSpecify the Wi-Fi backend used for the device.
Currently supported are wpa_supplicant or iwd (experimental).
Type: one of "wpa_supplicant", "iwd"
Default: "wpa_supplicant"
Declared by:
<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
|
networking.networkmanager.wifi.macAddressSet the MAC address of the interface.
"XX:XX:XX:XX:XX:XX": MAC address of the interface
"permanent": Use the permanent MAC address of the device
"preserve": Don’t change the MAC address of the device upon activation
"random": Generate a randomized value upon each connect
"stable": Generate a stable, hashed MAC address
Type: string or one of "permanent", "preserve", "random", "stable"
Default: "preserve"
Example: "00:11:22:33:44:55"
Declared by:
<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
|
networking.networkmanager.wifi.powersaveWhether to enable Wi-Fi power saving.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
|
networking.networkmanager.wifi.scanRandMacAddressWhether to enable MAC address randomization of a Wi-Fi device during scanning.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/networkmanager.nix>
|
networking.nftables.enableWhether to enable nftables. nftables is a Linux-based packet filtering framework intended to replace frameworks like iptables.
This conflicts with the standard networking firewall, so make sure to disable it before using nftables.
Note that if you have Docker enabled you will not be able to use nftables without intervention. Docker uses iptables internally to setup NAT for containers. This module disables the ip_tables kernel module, however Docker automatically loads the module. Please see https://github.com/NixOS/nixpkgs/issues/24318#issuecomment-289216273 for more information.
There are other programs that use iptables internally too, such as libvirt. For information on how the two firewalls interact, see https://wiki.nftables.org/wiki-nftables/index.php/Troubleshooting#Question_4._How_do_nftables_and_iptables_interact_when_used_on_the_same_system.3F.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/nftables.nix>
|
networking.nftables.rulesetThe ruleset to be used with nftables. Should be in a format that can be loaded using "/bin/nft -f". The ruleset is updated atomically.
Type: strings concatenated with "\n"
Default: ""
Example:
''
# Check out https://wiki.nftables.org/ for better documentation.
# Table for both IPv4 and IPv6.
table inet filter {
# Block all incoming connections traffic except SSH and "ping".
chain input {
type filter hook input priority 0;
# accept any localhost traffic
iifname lo accept
# accept traffic originated from us
ct state {established, related} accept
# ICMP
# routers may also want: mld-listener-query, nd-router-solicit
ip6 nexthdr icmpv6 icmpv6 type { destination-unreachable, packet-too-big, time-exceeded, parameter-problem, nd-router-advert, nd-neighbor-solicit, nd-neighbor-advert } accept
ip protocol icmp icmp type { destination-unreachable, router-advertisement, time-exceeded, parameter-problem } accept
# allow "ping"
ip6 nexthdr icmpv6 icmpv6 type echo-request accept
ip protocol icmp icmp type echo-request accept
# accept SSH connections (required for a server)
tcp dport 22 accept
# count and drop any other traffic
counter drop
}
# Allow all outgoing connections.
chain output {
type filter hook output priority 0;
accept
}
chain forward {
type filter hook forward priority 0;
accept
}
}
''Declared by:
<nixpkgs/nixos/modules/services/networking/nftables.nix>
|
networking.nftables.rulesetFileThe ruleset file to be used with nftables. Should be in a format that can be loaded using "nft -f". The ruleset is updated atomically.
Type: path
Default: a file with the contents of networking.nftables.ruleset
Declared by:
<nixpkgs/nixos/modules/services/networking/nftables.nix>
|
networking.openconnect.packageThe openconnect package to use.
Type: package
Default: pkgs.openconnect
Declared by:
<nixpkgs/nixos/modules/services/networking/openconnect.nix>
|
networking.openconnect.interfacesOpenConnect interfaces.
Type: attribute set of (submodule)
Default: { }
Example:
{
openconnect0 = {
gateway = "gateway.example.com";
passwordFile = "/var/lib/secrets/openconnect-passwd";
protocol = "anyconnect";
user = "example-user";
};
}Declared by:
<nixpkgs/nixos/modules/services/networking/openconnect.nix>
|
networking.openconnect.interfaces.<name>.autoStartWhether this VPN connection should be started automatically.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/openconnect.nix>
|
networking.openconnect.interfaces.<name>.certificateCertificate to authenticate with.
Type: null or path or PKCS#11 URI
Default: null
Example: "/var/lib/secrets/openconnect_certificate.pem"
Declared by:
<nixpkgs/nixos/modules/services/networking/openconnect.nix>
|
networking.openconnect.interfaces.<name>.extraOptionsExtra config to be appended to the interface config. It should
contain long-format options as would be accepted on the command
line by openconnect
(see https://www.infradead.org/openconnect/manual.html).
Non-key-value options like deflate can be used by
declaring them as booleans, i. e. deflate = true;.
Type: attribute set of (string or boolean)
Default: { }
Example:
{
compression = "stateless";
no-dtls = true;
no-http-keepalive = true;
}Declared by:
<nixpkgs/nixos/modules/services/networking/openconnect.nix>
|
networking.openconnect.interfaces.<name>.gatewayGateway server to connect to.
Type: string
Example: "gateway.example.com"
Declared by:
<nixpkgs/nixos/modules/services/networking/openconnect.nix>
|
networking.openconnect.interfaces.<name>.passwordFileFile containing the password to authenticate with. This
is passed to openconnect via the
--passwd-on-stdin option.
Type: null or path
Default: null
Example: "/var/lib/secrets/openconnect-passwd"
Declared by:
<nixpkgs/nixos/modules/services/networking/openconnect.nix>
|
networking.openconnect.interfaces.<name>.privateKeyPrivate key to authenticate with.
Type: null or path or PKCS#11 URI
Default: null
Example: "/var/lib/secrets/openconnect_private_key.pem"
Declared by:
<nixpkgs/nixos/modules/services/networking/openconnect.nix>
|
networking.openconnect.interfaces.<name>.protocolProtocol to use.
Type: one of "anyconnect", "array", "nc", "pulse", "gp", "f5", "fortinet"
Example: "anyconnect"
Declared by:
<nixpkgs/nixos/modules/services/networking/openconnect.nix>
|
networking.openconnect.interfaces.<name>.userUsername to authenticate with.
Type: null or string
Example: "example-user"
Declared by:
<nixpkgs/nixos/modules/services/networking/openconnect.nix>
|
networking.proxy.allProxyThis option specifies the all_proxy environment variable.
Type: null or string
Default: config.networking.proxy.default
Example: "http://127.0.0.1:3128"
Declared by:
<nixpkgs/nixos/modules/config/networking.nix>
|
networking.proxy.defaultThis option specifies the default value for httpProxy, httpsProxy, ftpProxy and rsyncProxy.
Type: null or string
Default: null
Example: "http://127.0.0.1:3128"
Declared by:
<nixpkgs/nixos/modules/config/networking.nix>
|
networking.proxy.ftpProxyThis option specifies the ftp_proxy environment variable.
Type: null or string
Default: config.networking.proxy.default
Example: "http://127.0.0.1:3128"
Declared by:
<nixpkgs/nixos/modules/config/networking.nix>
|
networking.proxy.httpProxyThis option specifies the http_proxy environment variable.
Type: null or string
Default: config.networking.proxy.default
Example: "http://127.0.0.1:3128"
Declared by:
<nixpkgs/nixos/modules/config/networking.nix>
|
networking.proxy.httpsProxyThis option specifies the https_proxy environment variable.
Type: null or string
Default: config.networking.proxy.default
Example: "http://127.0.0.1:3128"
Declared by:
<nixpkgs/nixos/modules/config/networking.nix>
|
networking.proxy.noProxyThis option specifies the no_proxy environment variable. If a default proxy is used and noProxy is null, then noProxy will be set to 127.0.0.1,localhost.
Type: null or string
Default: null
Example: "127.0.0.1,localhost,.localdomain"
Declared by:
<nixpkgs/nixos/modules/config/networking.nix>
|
networking.proxy.rsyncProxyThis option specifies the rsync_proxy environment variable.
Type: null or string
Default: config.networking.proxy.default
Example: "http://127.0.0.1:3128"
Declared by:
<nixpkgs/nixos/modules/config/networking.nix>
|
networking.resolvconf.enableWhether DNS configuration is managed by resolvconf.
Type: boolean
Default: !(config.environment.etc ? "resolv.conf")
Declared by:
<nixpkgs/nixos/modules/config/resolvconf.nix>
|
networking.resolvconf.packageThe package that provides the system-wide resolvconf command. Defaults to openresolv
if this module is enabled. Otherwise, can be used by other modules (for example services.resolved) to
provide a compatibility layer.
This option generally shouldn't be set by the user.
Type: package
Default: pkgs.openresolv
Declared by:
<nixpkgs/nixos/modules/config/resolvconf.nix>
|
networking.resolvconf.dnsExtensionMechanismEnable the edns0 option in resolv.conf. With
that option set, glibc supports use of the extension mechanisms for
DNS (EDNS) specified in RFC 2671. The most popular user of that feature is DNSSEC,
which does not work without it.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/config/resolvconf.nix>
|
networking.resolvconf.dnsSingleRequestRecent versions of glibc will issue both ipv4 (A) and ipv6 (AAAA) address queries at the same time, from the same port. Sometimes upstream routers will systemically drop the ipv4 queries. The symptom of this problem is that 'getent hosts example.com' only returns ipv6 (or perhaps only ipv4) addresses. The workaround for this is to specify the option 'single-request' in /etc/resolv.conf. This option enables that.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/config/resolvconf.nix>
|
networking.resolvconf.extraConfigExtra configuration to append to resolvconf.conf.
Type: strings concatenated with "\n"
Default: ""
Example: "libc=NO"
Declared by:
<nixpkgs/nixos/modules/config/resolvconf.nix>
|
networking.resolvconf.extraOptionsSet the options in /etc/resolv.conf.
Type: list of string
Default: [ ]
Example:
[ "ndots:1" "rotate" ]
Declared by:
<nixpkgs/nixos/modules/config/resolvconf.nix>
|
networking.resolvconf.useLocalResolverUse local DNS server for resolving.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/config/resolvconf.nix>
|
networking.rxe.enableWhether to enable RDMA over converged ethernet.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/rxe.nix>
|
networking.rxe.interfacesEnable RDMA on the listed interfaces. The corresponding virtual RDMA interfaces will be named rxe_<interface>. UDP port 4791 must be open on the respective ethernet interfaces.
Type: list of string
Default: [ ]
Example:
[ "eth0" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/rxe.nix>
|
networking.searchThe list of search paths used when resolving domain names.
Type: list of string
Default: [ ]
Example:
[ "example.com" "home.arpa" ]
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.sitsThis option allows you to define 6-to-4 interfaces which should be automatically created.
Type: attribute set of (submodule)
Default: { }
Example:
{
hurricane = {
remote = "10.0.0.1";
local = "10.0.0.22";
ttl = 255;
};
msipv6 = {
remote = "192.168.0.1";
dev = "enp3s0";
ttl = 127;
};
}
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.sits.<name>.devThe underlying network device on which the tunnel resides.
Type: null or string
Default: null
Example: "enp4s0f0"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.sits.<name>.encapsulationConfigures encapsulation in UDP packets.
Type: null or (submodule)
Default: null
Example:
{
port = 9001;
type = "fou";
}Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.sits.<name>.encapsulation.portDestination port for encapsulated packets.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Example: 9001
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.sits.<name>.encapsulation.sourcePortSource port for encapsulated packets. Will be chosen automatically by the kernel if unset.
Type: null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: null
Example: 9002
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.sits.<name>.encapsulation.typeSelects encapsulation type. See ip-link(8) for details.
Type: one of "fou", "gue"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.sits.<name>.localThe address of the local endpoint which the remote side should send packets to.
Type: null or string
Default: null
Example: "10.0.0.22"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.sits.<name>.remoteThe address of the remote endpoint to forward traffic over.
Type: null or string
Default: null
Example: "10.0.0.1"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.sits.<name>.ttlThe time-to-live of the connection to the remote tunnel endpoint.
Type: null or signed integer
Default: null
Example: 255
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.supplicantInterfaces for which to start wpa_supplicant. The supplicant is used to scan for and associate with wireless networks, or to authenticate with 802.1x capable network switches.
The value of this option is an attribute set. Each attribute configures a
wpa_supplicant service, where the attribute name specifies
the name of the interface that wpa_supplicant operates on.
The attribute name can be a space separated list of interfaces.
The attribute names WLAN, LAN and DBUS
have a special meaning. WLAN and LAN are
configurations for universal wpa_supplicant service that is
started for each WLAN interface or for each LAN interface, respectively.
DBUS defines a device-unrelated wpa_supplicant
service that can be accessed through D-Bus.
Type: attribute set of (submodule)
Default: { }
Example:
{ "wlan0 wlan1" = {
configFile.path = "/etc/wpa_supplicant.conf";
userControlled.group = "network";
extraConf = ''
ap_scan=1
p2p_disabled=1
'';
extraCmdArgs = "-u -W";
bridge = "br0";
};
}
Declared by:
<nixpkgs/nixos/modules/services/networking/supplicant.nix>
|
networking.supplicant.<name>.bridgeName of the bridge interface that wpa_supplicant should listen at.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/supplicant.nix>
|
networking.supplicant.<name>.configFile.pathExternal wpa_supplicant.conf configuration file.
The configuration options defined declaratively within networking.supplicant have
precedence over options defined in configFile.
Type: null or path
Default: null
Example: /etc/wpa_supplicant.conf
Declared by:
<nixpkgs/nixos/modules/services/networking/supplicant.nix>
|
networking.supplicant.<name>.configFile.writableWhether the configuration file at configFile.path should be written to by
wpa_supplicant.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/supplicant.nix>
|
networking.supplicant.<name>.driverForce a specific wpa_supplicant driver.
Type: null or string
Default: "nl80211,wext"
Declared by:
<nixpkgs/nixos/modules/services/networking/supplicant.nix>
|
networking.supplicant.<name>.extraCmdArgsCommand line arguments to add when executing wpa_supplicant.
Type: string
Default: ""
Example: "-e/run/wpa_supplicant/entropy.bin"
Declared by:
<nixpkgs/nixos/modules/services/networking/supplicant.nix>
|
networking.supplicant.<name>.extraConfConfiguration options for wpa_supplicant.conf.
Options defined here have precedence over options in configFile.
NOTE: Do not write sensitive data into extraConf as it will
be world-readable in the nix-store. For sensitive information
use the configFile instead.
Type: strings concatenated with "\n"
Default: ""
Example:
'' ap_scan=1 device_name=My-NixOS-Device device_type=1-0050F204-1 driver_param=use_p2p_group_interface=1 disable_scan_offload=1 p2p_listen_reg_class=81 p2p_listen_channel=1 p2p_oper_reg_class=81 p2p_oper_channel=1 manufacturer=NixOS model_name=NixOS_Unstable model_number=2015 ''
Declared by:
<nixpkgs/nixos/modules/services/networking/supplicant.nix>
|
networking.supplicant.<name>.userControlled.enableAllow normal users to control wpa_supplicant through wpa_gui or wpa_cli. This is useful for laptop users that switch networks a lot and don't want to depend on a large package such as NetworkManager just to pick nearby access points.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/supplicant.nix>
|
networking.supplicant.<name>.userControlled.groupMembers of this group can control wpa_supplicant.
Type: string
Default: "wheel"
Example: "network"
Declared by:
<nixpkgs/nixos/modules/services/networking/supplicant.nix>
|
networking.supplicant.<name>.userControlled.socketDirDirectory of sockets for controlling wpa_supplicant.
Type: string
Default: "/run/wpa_supplicant"
Declared by:
<nixpkgs/nixos/modules/services/networking/supplicant.nix>
|
networking.tcpcrypt.enableWhether to enable opportunistic TCP encryption. If the other end speaks Tcpcrypt, then your traffic will be encrypted; otherwise it will be sent in clear text. Thus, Tcpcrypt alone provides no guarantees -- it is best effort. If, however, a Tcpcrypt connection is successful and any attackers that exist are passive, then Tcpcrypt guarantees privacy.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/tcpcrypt.nix>
|
networking.tempAddressesWhether to enable IPv6 Privacy Extensions for interfaces not
configured explicitly in
networking.interfaces.<name>.tempAddress.
This sets the ipv6.conf.*.use_tempaddr sysctl for all interfaces. Possible values are:
"default" to generate IPv6 temporary addresses and use these as source addresses in routing;
"disabled" to completely disable IPv6 temporary addresses;
"enabled" to generate IPv6 temporary addresses but still use EUI-64 addresses as source addresses;
Type: one of "default", "disabled", "enabled"
Default:
if ${config.networking.enableIPv6} then "default" else "disabled"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.timeServersThe set of NTP servers from which to synchronise.
Type: list of string
Default:
[ "0.nixos.pool.ntp.org" "1.nixos.pool.ntp.org" "2.nixos.pool.ntp.org" "3.nixos.pool.ntp.org" ]
Declared by:
<nixpkgs/nixos/modules/config/networking.nix>
|
networking.ucarp.enableWhether to enable ucarp, userspace implementation of CARP.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/ucarp.nix>
|
networking.ucarp.packagePackage that should be used for ucarp.
Please note that the default package, pkgs.ucarp, has not received any upstream updates for a long time and can be considered as unmaintained.
Type: package
Default: pkgs.ucarp
Declared by:
<nixpkgs/nixos/modules/services/networking/ucarp.nix>
|
networking.ucarp.addrVirtual shared IP address.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/ucarp.nix>
|
networking.ucarp.advBaseAdvertisement frequency in seconds.
Type: unsigned integer, meaning >=0
Default: 1
Declared by:
<nixpkgs/nixos/modules/services/networking/ucarp.nix>
|
networking.ucarp.advSkewAdvertisement skew in seconds.
Type: unsigned integer, meaning >=0
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/networking/ucarp.nix>
|
networking.ucarp.deadratioRatio to consider a host as dead.
Type: unsigned integer, meaning >=0
Default: 3
Declared by:
<nixpkgs/nixos/modules/services/networking/ucarp.nix>
|
networking.ucarp.downscriptCommand to run after become backup, the interface name, virtual address and optional extra parameters are passed as arguments.
Type: path
Example:
pkgs.writeScript "downscript" ''
#!/bin/sh
${pkgs.iproute2}/bin/ip addr del "$2"/24 dev "$1"
'';
Declared by:
<nixpkgs/nixos/modules/services/networking/ucarp.nix>
|
networking.ucarp.extraParamExtra parameter to pass to the up/down scripts.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/ucarp.nix>
|
networking.ucarp.ignoreIfStateIgnore interface state, e.g., down or no carrier.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/ucarp.nix>
|
networking.ucarp.interfaceNetwork interface to bind to.
Type: string
Example: "eth0"
Declared by:
<nixpkgs/nixos/modules/services/networking/ucarp.nix>
|
networking.ucarp.neutralDo not run downscript at start if the host is the backup.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/ucarp.nix>
|
networking.ucarp.noMcastUse broadcast instead of multicast advertisements.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/ucarp.nix>
|
networking.ucarp.passwordFileFile containing shared password between CARP hosts.
Type: string
Example: "/run/keys/ucarp-password"
Declared by:
<nixpkgs/nixos/modules/services/networking/ucarp.nix>
|
networking.ucarp.preemptEnable preemptive failover. Thus, this host becomes the CARP master as soon as possible.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/ucarp.nix>
|
networking.ucarp.shutdownCall downscript at exit.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/ucarp.nix>
|
networking.ucarp.srcIpSource (real) IP address of this host.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/ucarp.nix>
|
networking.ucarp.upscriptCommand to run after become master, the interface name, virtual address and optional extra parameters are passed as arguments.
Type: path
Example:
pkgs.writeScript "upscript" ''
#!/bin/sh
${pkgs.iproute2}/bin/ip addr add "$2"/24 dev "$1"
'';
Declared by:
<nixpkgs/nixos/modules/services/networking/ucarp.nix>
|
networking.ucarp.vhIdVirtual IP identifier shared between CARP hosts.
Type: integer between 1 and 255 (both inclusive)
Example: 1
Declared by:
<nixpkgs/nixos/modules/services/networking/ucarp.nix>
|
networking.useDHCPWhether to use DHCP to obtain an IP address and other configuration for all network interfaces that are not manually configured.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.useHostResolvConfIn containers, whether to use the
resolv.conf supplied by the host.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.useNetworkdWhether we should use networkd as the network configuration backend or the legacy script based system. Note that this option is experimental, enable at your own risk.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.usePredictableInterfaceNamesWhether to assign predictable names to network interfaces.
If enabled, interfaces
are assigned names that contain topology information
(e.g. wlp3s0) and thus should be stable
across reboots. If disabled, names depend on the order in
which interfaces are discovered by the kernel, which may
change randomly across reboots; for instance, you may find
eth0 and eth1 flipping
unpredictably.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/hardware/udev.nix>
|
networking.vlansThis option allows you to define vlan devices that tag packets on top of a physical interface. The value of this option is an attribute set. Each attribute specifies a vlan, with the name specifying the name of the vlan interface.
Type: attribute set of (submodule)
Default: { }
Example:
{
vlan0 = {
id = 3;
interface = "enp3s0";
};
vlan1 = {
id = 1;
interface = "wlan0";
};
}
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.vlans.<name>.idThe vlan identifier
Type: signed integer
Example: 1
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.vlans.<name>.interfaceThe interface the vlan will transmit packets through.
Type: string
Example: "enp4s0"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.vswitchesThis option allows you to define Open vSwitches that connect physical networks together. The value of this option is an attribute set. Each attribute specifies a vswitch, with the attribute name specifying the name of the vswitch's network interface.
Type: attribute set of (submodule)
Default: { }
Example:
{
vs0 = {
interfaces = {
eth0 = { };
lo1 = {
type = "internal";
};
};
};
vs1 = {
interfaces = [
{
name = "eth2";
}
{
name = "lo2";
type = "internal";
}
];
};
}Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.vswitches.<name>.controllersSpecify the controller targets. For the allowed options see man 8 ovs-vsctl.
Type: list of string
Default: [ ]
Example:
[ "ptcp:6653:[::1]" ]
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.vswitches.<name>.extraOvsctlCmdsCommands to manipulate the Open vSwitch database. Every line executed with ovs-vsctl.
All commands are bundled together with the operations for adding the interfaces
into one atomic operation.
Type: strings concatenated with "\n"
Default: ""
Example:
'' set-fail-mode <switch_name> secure set Bridge <switch_name> stp_enable=true ''
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.vswitches.<name>.interfacesThe physical network interfaces connected by the vSwitch.
Type: attribute set of (submodule)
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.vswitches.<name>.interfaces.<name>.nameName of the interface
Type: string
Example: "eth0"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.vswitches.<name>.interfaces.<name>.typeOpenvswitch type to assign to interface
Type: null or string
Default: null
Example: "internal"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.vswitches.<name>.interfaces.<name>.vlanVlan tag to apply to interface
Type: null or signed integer
Default: null
Example: 10
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.vswitches.<name>.openFlowRulesOpenFlow rules to insert into the Open vSwitch. All openFlowRules are
loaded with ovs-ofctl within one atomic operation.
Type: strings concatenated with "\n"
Default: ""
Example:
'' actions=normal ''
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.vswitches.<name>.openFlowVersionVersion of OpenFlow protocol to use when communicating with the switch internally (e.g. with openFlowRules).
Type: string
Default: "OpenFlow13"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.vswitches.<name>.supportedOpenFlowVersionsSupported versions to enable on this switch.
Type: list of string
Default:
[ "OpenFlow13" ]
Example:
[ "OpenFlow10" "OpenFlow13" "OpenFlow14" ]
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.wg-quick.interfacesWireguard interfaces.
Type: attribute set of (submodule)
Default: { }
Example:
{
wg0 = {
address = [
"192.168.20.4/24"
];
peers = [
{
allowedIPs = [
"192.168.20.1/32"
];
endpoint = "demo.wireguard.io:12913";
publicKey = "xTIBA5rboUvnH4htodjb6e697QjLERt1NAB4mZqp8Dg=";
}
];
privateKey = "yAnz5TF+lXXJte14tji3zlMNq+hd2rYUIgJBgB3fBmk=";
};
}Declared by:
<nixpkgs/nixos/modules/services/networking/wg-quick.nix>
|
networking.wg-quick.interfaces.<name>.addressThe IP addresses of the interface.
Type: list of string
Default: [ ]
Example:
[ "192.168.2.1/24" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/wg-quick.nix>
|
networking.wg-quick.interfaces.<name>.autostartWhether to bring up this interface automatically during boot.
Type: boolean
Default: true
Example: false
Declared by:
<nixpkgs/nixos/modules/services/networking/wg-quick.nix>
|
networking.wg-quick.interfaces.<name>.configFilewg-quick .conf file, describing the interface. This overrides any other configuration interface configuration options. See wg-quick manpage for more details.
Type: null or string
Default: null
Example: "/secret/wg0.conf"
Declared by:
<nixpkgs/nixos/modules/services/networking/wg-quick.nix>
|
networking.wg-quick.interfaces.<name>.dnsThe IP addresses of DNS servers to configure.
Type: list of string
Default: [ ]
Example:
[ "192.168.2.2" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/wg-quick.nix>
|
networking.wg-quick.interfaces.<name>.listenPort16-bit port for listening. Optional; if not specified, automatically generated based on interface name.
Type: null or signed integer
Default: null
Example: 51820
Declared by:
<nixpkgs/nixos/modules/services/networking/wg-quick.nix>
|
networking.wg-quick.interfaces.<name>.mtuIf not specified, the MTU is automatically determined from the endpoint addresses or the system default route, which is usually a sane choice. However, to manually specify an MTU to override this automatic discovery, this value may be specified explicitly.
Type: null or signed integer
Default: null
Example: 1248
Declared by:
<nixpkgs/nixos/modules/services/networking/wg-quick.nix>
|
networking.wg-quick.interfaces.<name>.peersPeers linked to the interface.
Type: list of (submodule)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/wg-quick.nix>
|
networking.wg-quick.interfaces.<name>.peers.*.allowedIPsList of IP (v4 or v6) addresses with CIDR masks from which this peer is allowed to send incoming traffic and to which outgoing traffic for this peer is directed. The catch-all 0.0.0.0/0 may be specified for matching all IPv4 addresses, and ::/0 may be specified for matching all IPv6 addresses.
Type: list of string
Example:
[ "10.192.122.3/32" "10.192.124.1/24" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/wg-quick.nix>
|
networking.wg-quick.interfaces.<name>.peers.*.endpointEndpoint IP or hostname of the peer, followed by a colon, and then a port number of the peer.
Type: null or string
Default: null
Example: "demo.wireguard.io:12913"
Declared by:
<nixpkgs/nixos/modules/services/networking/wg-quick.nix>
|
networking.wg-quick.interfaces.<name>.peers.*.persistentKeepaliveThis is optional and is by default off, because most users will not need it. It represents, in seconds, between 1 and 65535 inclusive, how often to send an authenticated empty packet to the peer, for the purpose of keeping a stateful firewall or NAT mapping valid persistently. For example, if the interface very rarely sends traffic, but it might at anytime receive traffic from a peer, and it is behind NAT, the interface might benefit from having a persistent keepalive interval of 25 seconds; however, most users will not need this.
Type: null or signed integer
Default: null
Example: 25
Declared by:
<nixpkgs/nixos/modules/services/networking/wg-quick.nix>
|
networking.wg-quick.interfaces.<name>.peers.*.presharedKeyBase64 preshared key generated by wg genpsk. Optional, and may be omitted. This option adds an additional layer of symmetric-key cryptography to be mixed into the already existing public-key cryptography, for post-quantum resistance.
Warning: Consider using presharedKeyFile instead if you do not want to store the key in the world-readable Nix store.
Type: null or string
Default: null
Example: "rVXs/Ni9tu3oDBLS4hOyAUAa1qTWVA3loR8eL20os3I="
Declared by:
<nixpkgs/nixos/modules/services/networking/wg-quick.nix>
|
networking.wg-quick.interfaces.<name>.peers.*.presharedKeyFileFile pointing to preshared key as generated by wg genpsk. Optional, and may be omitted. This option adds an additional layer of symmetric-key cryptography to be mixed into the already existing public-key cryptography, for post-quantum resistance.
Type: null or string
Default: null
Example: "/private/wireguard_psk"
Declared by:
<nixpkgs/nixos/modules/services/networking/wg-quick.nix>
|
networking.wg-quick.interfaces.<name>.peers.*.publicKeyThe base64 public key to the peer.
Type: string
Example: "xTIBA5rboUvnH4htodjb6e697QjLERt1NAB4mZqp8Dg="
Declared by:
<nixpkgs/nixos/modules/services/networking/wg-quick.nix>
|
networking.wg-quick.interfaces.<name>.postDownCommand called after the interface is taken down.
Type: strings concatenated with "\n" or (list of string) convertible to it
Default: ""
Example: "${pkgs.iproute2}/bin/ip netns del foo"
Declared by:
<nixpkgs/nixos/modules/services/networking/wg-quick.nix>
|
networking.wg-quick.interfaces.<name>.postUpCommands called after the interface setup.
Type: strings concatenated with "\n" or (list of string) convertible to it
Default: ""
Example: "${pkgs.iproute2}/bin/ip netns add foo"
Declared by:
<nixpkgs/nixos/modules/services/networking/wg-quick.nix>
|
networking.wg-quick.interfaces.<name>.preDownCommand called before the interface is taken down.
Type: strings concatenated with "\n" or (list of string) convertible to it
Default: ""
Example: "${pkgs.iproute2}/bin/ip netns del foo"
Declared by:
<nixpkgs/nixos/modules/services/networking/wg-quick.nix>
|
networking.wg-quick.interfaces.<name>.preUpCommands called at the start of the interface setup.
Type: strings concatenated with "\n" or (list of string) convertible to it
Default: ""
Example: "${pkgs.iproute2}/bin/ip netns add foo"
Declared by:
<nixpkgs/nixos/modules/services/networking/wg-quick.nix>
|
networking.wg-quick.interfaces.<name>.privateKeyBase64 private key generated by wg genkey.
Warning: Consider using privateKeyFile instead if you do not want to store the key in the world-readable Nix store.
Type: null or string
Default: null
Example: "yAnz5TF+lXXJte14tji3zlMNq+hd2rYUIgJBgB3fBmk="
Declared by:
<nixpkgs/nixos/modules/services/networking/wg-quick.nix>
|
networking.wg-quick.interfaces.<name>.privateKeyFilePrivate key file as generated by wg genkey.
Type: null or string
Default: null
Example: "/private/wireguard_key"
Declared by:
<nixpkgs/nixos/modules/services/networking/wg-quick.nix>
|
networking.wg-quick.interfaces.<name>.tableThe kernel routing table to add this interface's associated routes to. Setting this is useful for e.g. policy routing ("ip rule") or virtual routing and forwarding ("ip vrf"). Both numeric table IDs and table names (/etc/rt_tables) can be used. Defaults to "main".
Type: null or string
Default: null
Example: "main"
Declared by:
<nixpkgs/nixos/modules/services/networking/wg-quick.nix>
|
networking.wireguard.enableWhether to enable WireGuard.
Please note that systemd.network.netdevs has more features
and is better maintained. When building new things, it is advised to
use that instead.
Type: boolean
Default: config.networking.wireguard.interfaces != { }
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
|
networking.wireguard.interfacesWireGuard interfaces.
Please note that systemd.network.netdevs has more features
and is better maintained. When building new things, it is advised to
use that instead.
Type: attribute set of (submodule)
Default: { }
Example:
{
wg0 = {
ips = [
"192.168.20.4/24"
];
peers = [
{
allowedIPs = [
"192.168.20.1/32"
];
endpoint = "demo.wireguard.io:12913";
publicKey = "xTIBA5rboUvnH4htodjb6e697QjLERt1NAB4mZqp8Dg=";
}
];
privateKey = "yAnz5TF+lXXJte14tji3zlMNq+hd2rYUIgJBgB3fBmk=";
};
}Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
|
networking.wireguard.interfaces.<name>.allowedIPsAsRoutesDetermines whether to add allowed IPs as routes or not.
Type: boolean
Default: true
Example: false
Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
|
networking.wireguard.interfaces.<name>.fwMarkMark all wireguard packets originating from this interface with the given firewall mark. The firewall mark can be used in firewalls or policy routing to filter the wireguard packets. This can be useful for setup where all traffic goes through the wireguard tunnel, because the wireguard packets need to be routed differently.
Type: null or string
Default: null
Example: "0x6e6978"
Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
|
networking.wireguard.interfaces.<name>.generatePrivateKeyFileAutomatically generate a private key with wg genkey, at the privateKeyFile location.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
|
networking.wireguard.interfaces.<name>.interfaceNamespaceThe pre-existing network namespace the WireGuard
interface is moved to. The special value init means
the init namespace. When null, the interface is not
moved.
See documentation.
Type: null or string
Default: null
Example: "init"
Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
|
networking.wireguard.interfaces.<name>.ipsThe IP addresses of the interface.
Type: list of string
Default: [ ]
Example:
[ "192.168.2.1/24" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
|
networking.wireguard.interfaces.<name>.listenPort16-bit port for listening. Optional; if not specified, automatically generated based on interface name.
Type: null or signed integer
Default: null
Example: 51820
Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
|
networking.wireguard.interfaces.<name>.mtuSet the maximum transmission unit in bytes for the wireguard interface. Beware that the wireguard packets have a header that may add up to 80 bytes to the mtu. By default, the MTU is (1500 - 80) = 1420. However, if the MTU of the upstream network is lower, the MTU of the wireguard network has to be adjusted as well.
Type: null or signed integer
Default: null
Example: 1280
Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
|
networking.wireguard.interfaces.<name>.peersPeers linked to the interface.
Type: list of (submodule)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
|
networking.wireguard.interfaces.<name>.peers.*.allowedIPsList of IP (v4 or v6) addresses with CIDR masks from which this peer is allowed to send incoming traffic and to which outgoing traffic for this peer is directed. The catch-all 0.0.0.0/0 may be specified for matching all IPv4 addresses, and ::/0 may be specified for matching all IPv6 addresses.
Type: list of string
Example:
[ "10.192.122.3/32" "10.192.124.1/24" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
|
networking.wireguard.interfaces.<name>.peers.*.dynamicEndpointRefreshRestartSecondsWhen the dynamic endpoint refresh that is configured via dynamicEndpointRefreshSeconds exits (likely due to a failure), restart that service after this many seconds.
If set to null the value of
networking.wireguard.dynamicEndpointRefreshSeconds
will be used as the default.
Type: null or unsigned integer, meaning >=0
Default: null
Example: 5
Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
|
networking.wireguard.interfaces.<name>.peers.*.dynamicEndpointRefreshSecondsPeriodically re-execute the wg utility every
this many seconds in order to let WireGuard notice DNS / hostname
changes.
Setting this to 0 disables periodic reexecution.
Type: signed integer
Default: 0
Example: 5
Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
|
networking.wireguard.interfaces.<name>.peers.*.endpointEndpoint IP or hostname of the peer, followed by a colon, and then a port number of the peer.
Warning for endpoints with changing IPs:
The WireGuard kernel side cannot perform DNS resolution.
Thus DNS resolution is done once by the wg userspace
utility, when setting up WireGuard. Consequently, if the IP address
behind the name changes, WireGuard will not notice.
This is especially common for dynamic-DNS setups, but also applies to
any other DNS-based setup.
If you do not use IP endpoints, you likely want to set
networking.wireguard.dynamicEndpointRefreshSeconds
to refresh the IPs periodically.
Type: null or string
Default: null
Example: "demo.wireguard.io:12913"
Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
|
networking.wireguard.interfaces.<name>.peers.*.persistentKeepaliveThis is optional and is by default off, because most users will not need it. It represents, in seconds, between 1 and 65535 inclusive, how often to send an authenticated empty packet to the peer, for the purpose of keeping a stateful firewall or NAT mapping valid persistently. For example, if the interface very rarely sends traffic, but it might at anytime receive traffic from a peer, and it is behind NAT, the interface might benefit from having a persistent keepalive interval of 25 seconds; however, most users will not need this.
Type: null or signed integer
Default: null
Example: 25
Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
|
networking.wireguard.interfaces.<name>.peers.*.presharedKeyBase64 preshared key generated by wg genpsk. Optional, and may be omitted. This option adds an additional layer of symmetric-key cryptography to be mixed into the already existing public-key cryptography, for post-quantum resistance.
Warning: Consider using presharedKeyFile instead if you do not want to store the key in the world-readable Nix store.
Type: null or string
Default: null
Example: "rVXs/Ni9tu3oDBLS4hOyAUAa1qTWVA3loR8eL20os3I="
Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
|
networking.wireguard.interfaces.<name>.peers.*.presharedKeyFileFile pointing to preshared key as generated by wg genpsk. Optional, and may be omitted. This option adds an additional layer of symmetric-key cryptography to be mixed into the already existing public-key cryptography, for post-quantum resistance.
Type: null or string
Default: null
Example: "/private/wireguard_psk"
Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
|
networking.wireguard.interfaces.<name>.peers.*.publicKeyThe base64 public key of the peer.
Type: string
Example: "xTIBA5rboUvnH4htodjb6e697QjLERt1NAB4mZqp8Dg="
Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
|
networking.wireguard.interfaces.<name>.postSetupCommands called at the end of the interface setup.
Type: strings concatenated with "\n" or (list of string) convertible to it
Default: ""
Example:
''printf "nameserver 10.200.100.1" | ${pkgs.openresolv}/bin/resolvconf -a wg0 -m 0''
Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
|
networking.wireguard.interfaces.<name>.postShutdownCommands called after shutting down the interface.
Type: strings concatenated with "\n" or (list of string) convertible to it
Default: ""
Example: "${pkgs.openresolv}/bin/resolvconf -d wg0"
Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
|
networking.wireguard.interfaces.<name>.preSetupCommands called at the start of the interface setup.
Type: strings concatenated with "\n" or (list of string) convertible to it
Default: ""
Example: "${pkgs.iproute2}/bin/ip netns add foo"
Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
|
networking.wireguard.interfaces.<name>.privateKeyBase64 private key generated by wg genkey.
Warning: Consider using privateKeyFile instead if you do not want to store the key in the world-readable Nix store.
Type: null or string
Default: null
Example: "yAnz5TF+lXXJte14tji3zlMNq+hd2rYUIgJBgB3fBmk="
Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
|
networking.wireguard.interfaces.<name>.privateKeyFilePrivate key file as generated by wg genkey.
Type: null or string
Default: null
Example: "/private/wireguard_key"
Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
|
networking.wireguard.interfaces.<name>.socketNamespaceThe pre-existing network namespace in which the
WireGuard interface is created, and which retains the socket even if the
interface is moved via interfaceNamespace. When
null, the interface is created in the init namespace.
See documentation.
Type: null or string
Default: null
Example: "container"
Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
|
networking.wireguard.interfaces.<name>.tableThe kernel routing table to add this interface's associated routes to. Setting this is useful for e.g. policy routing ("ip rule") or virtual routing and forwarding ("ip vrf"). Both numeric table IDs and table names (/etc/rt_tables) can be used. Defaults to "main".
Type: string
Default: "main"
Declared by:
<nixpkgs/nixos/modules/services/networking/wireguard.nix>
|
networking.wireless.enableWhether to enable wpa_supplicant.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix>
|
networking.wireless.allowAuxiliaryImperativeNetworksWhether to allow configuring networks "imperatively" (e.g. via
wpa_supplicant_gui) and declaratively via
networking.wireless.networks.
Please note that this adds a custom patch to wpa_supplicant.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix>
|
networking.wireless.athUserRegulatoryDomainIf enabled, sets the ATH_USER_REGD kernel config switch to true to disable the enforcement of EEPROM regulatory restrictions for ath drivers. Requires at least Linux 5.8.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/hardware/network/ath-user-regd.nix>
|
networking.wireless.dbusControlledWhether to enable the DBus control interface. This is only needed when using NetworkManager or connman.
Type: boolean
Default: length config.networking.wireless.interfaces < 2
Declared by:
<nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix>
|
networking.wireless.driverForce a specific wpa_supplicant driver.
Type: string
Default: "nl80211,wext"
Declared by:
<nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix>
|
networking.wireless.environmentFileFile consisting of lines of the form varname=value
to define variables for the wireless configuration.
See section "EnvironmentFile=" in systemd.exec(5) for a syntax reference.
Secrets (PSKs, passwords, etc.) can be provided without adding them to
the world-readable Nix store by defining them in the environment file and
referring to them in option networking.wireless.networks
with the syntax @varname@. Example:
# content of /run/secrets/wireless.env PSK_HOME=mypassword PASS_WORK=myworkpassword
# wireless-related configuration
networking.wireless.environmentFile = "/run/secrets/wireless.env";
networking.wireless.networks = {
home.psk = "@PSK_HOME@";
work.auth = ''
eap=PEAP
identity="my-user@example.com"
password="@PASS_WORK@"
'';
};
Type: null or path
Default: null
Example: "/run/secrets/wireless.env"
Declared by:
<nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix>
|
networking.wireless.extraConfigExtra lines appended to the configuration file. See wpa_supplicant.conf(5) for available options.
Type: string
Default: ""
Example:
'' p2p_disabled=1 ''
Declared by:
<nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix>
|
networking.wireless.fallbackToWPA2Whether to fall back to WPA2 authentication protocols if WPA3 failed. This allows old wireless cards (that lack recent features required by WPA3) to connect to mixed WPA2/WPA3 access points.
To avoid possible downgrade attacks, disable this options.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix>
|
networking.wireless.interfacesThe interfaces wpa_supplicant will use. If empty, it will automatically use all wireless interfaces.
A separate wpa_supplicant instance will be started for each interface.
Type: list of string
Default: [ ]
Example:
[ "wlan0" "wlan1" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix>
|
networking.wireless.iwd.enableWhether to enable iwd.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/iwd.nix>
|
networking.wireless.iwd.packageThe iwd package to use.
Type: package
Default: pkgs.iwd
Declared by:
<nixpkgs/nixos/modules/services/networking/iwd.nix>
|
networking.wireless.iwd.settingsOptions passed to iwd. See here for supported options.
Type: attribute set of attribute set of (INI atom (null, bool, int, float or string))
Default: { }
Example:
{
Network = {
EnableIPv6 = true;
RoutePriorityOffset = 300;
};
Settings = {
AutoConnect = true;
};
}Declared by:
<nixpkgs/nixos/modules/services/networking/iwd.nix>
|
networking.wireless.networksThe network definitions to automatically connect to when wpa_supplicant is running. If this parameter is left empty wpa_supplicant will use /etc/wpa_supplicant.conf as the configuration file.
Type: attribute set of (submodule)
Default: { }
Example:
{ echelon = { # SSID with no spaces or special characters
psk = "abcdefgh"; # (password will be written to /nix/store!)
};
echelon = { # safe version of the above: read PSK from the
psk = "@PSK_ECHELON@"; # variable PSK_ECHELON, defined in environmentFile,
}; # this won't leak into /nix/store
"echelon's AP" = { # SSID with spaces and/or special characters
psk = "ijklmnop"; # (password will be written to /nix/store!)
};
"free.wifi" = {}; # Public wireless network
}
Declared by:
<nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix>
|
networking.wireless.networks.<name>.authUse this option to configure advanced authentication methods like EAP. See wpa_supplicant.conf(5) for example configurations.
Be aware that this will be written to the nix store in plaintext! Use an environment variable for secrets.
Mutually exclusive with psk and
pskRaw.
Type: null or string
Default: null
Example:
'' eap=PEAP identity="user@example.com" password="@EXAMPLE_PASSWORD@" ''
Declared by:
<nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix>
|
networking.wireless.networks.<name>.authProtocolsThe list of authentication protocols accepted by this network.
This corresponds to the key_mgmt option in wpa_supplicant.
Type: list of (one of "WPA-PSK", "WPA-EAP", "IEEE8021X", "NONE", "WPA-NONE", "FT-PSK", "FT-EAP", "FT-EAP-SHA384", "WPA-PSK-SHA256", "WPA-EAP-SHA256", "SAE", "FT-SAE", "WPA-EAP-SUITE-B", "WPA-EAP-SUITE-B-192", "OSEN", "FILS-SHA256", "FILS-SHA384", "FT-FILS-SHA256", "FT-FILS-SHA384", "OWE", "DPP")
Default:
[ "WPA-PSK" "WPA-EAP" "SAE" "FT-PSK" "FT-EAP" "FT-SAE" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix>
|
networking.wireless.networks.<name>.extraConfigExtra configuration lines appended to the network block. See wpa_supplicant.conf(5) for available options.
Type: string
Default: ""
Example:
'' bssid_blacklist=02:11:22:33:44:55 02:22:aa:44:55:66 ''
Declared by:
<nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix>
|
networking.wireless.networks.<name>.hiddenSet this to true if the SSID of the network is hidden.
Type: boolean
Default: false
Example:
{ echelon = {
hidden = true;
psk = "abcdefgh";
};
}
Declared by:
<nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix>
|
networking.wireless.networks.<name>.priorityBy default, all networks will get same priority group (0). If some of the networks are more desirable, this field can be used to change the order in which wpa_supplicant goes through the networks when selecting a BSS. The priority groups will be iterated in decreasing priority (i.e., the larger the priority value, the sooner the network is matched against the scan results). Within each priority group, networks will be selected based on security policy, signal strength, etc.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix>
|
networking.wireless.networks.<name>.pskThe network's pre-shared key in plaintext defaulting to being a network without any authentication.
Be aware that this will be written to the nix store in plaintext! Use an environment variable instead.
Mutually exclusive with pskRaw.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix>
|
networking.wireless.networks.<name>.pskRawThe network's pre-shared key in hex defaulting to being a network without any authentication.
Be aware that this will be written to the nix store in plaintext! Use an environment variable instead.
Mutually exclusive with psk.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix>
|
networking.wireless.scanOnLowSignalWhether to periodically scan for (better) networks when the signal of the current one is low. This will make roaming between access points faster, but will consume more power.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix>
|
networking.wireless.userControlled.enableAllow normal users to control wpa_supplicant through wpa_gui or wpa_cli. This is useful for laptop users that switch networks a lot and don't want to depend on a large package such as NetworkManager just to pick nearby access points.
When using a declarative network specification you cannot persist any settings via wpa_gui or wpa_cli.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix>
|
networking.wireless.userControlled.groupMembers of this group can control wpa_supplicant.
Type: string
Default: "wheel"
Example: "network"
Declared by:
<nixpkgs/nixos/modules/services/networking/wpa_supplicant.nix>
|
networking.wlanInterfacesCreating multiple WLAN interfaces on top of one physical WLAN device (NIC).
The name of the WLAN interface corresponds to the name of the attribute.
A NIC is referenced by the persistent device name of the WLAN interface that
udev assigns to a NIC by default.
If a NIC supports multiple WLAN interfaces, then the one NIC can be used as
device for multiple WLAN interfaces.
If a NIC is used for creating WLAN interfaces, then the default WLAN interface
with a persistent device name form udev is not created.
A WLAN interface with the persistent name assigned from udev
would have to be created explicitly.
Type: attribute set of (submodule)
Default: { }
Example:
{
wlan-station0 = {
device = "wlp6s0";
};
wlan-adhoc0 = {
type = "ibss";
device = "wlp6s0";
mac = "02:00:00:00:00:01";
};
wlan-p2p0 = {
device = "wlp6s0";
mac = "02:00:00:00:00:02";
};
wlan-ap0 = {
device = "wlp6s0";
mac = "02:00:00:00:00:03";
};
}
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.wlanInterfaces.<name>.deviceThe name of the underlying hardware WLAN device as assigned by udev.
Type: string
Example: "wlp6s0"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.wlanInterfaces.<name>.flagsFlags for interface of type monitor.
Type: null or one of "none", "fcsfail", "control", "otherbss", "cook", "active"
Default: null
Example: "control"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.wlanInterfaces.<name>.fourAddrWhether to enable 4-address mode with type managed.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.wlanInterfaces.<name>.macMAC address to use for the device. If null, then the MAC of the
underlying hardware WLAN device is used.
INFO: Locally administered MAC addresses are of the form:
x2:xx:xx:xx:xx:xx
x6:xx:xx:xx:xx:xx
xA:xx:xx:xx:xx:xx
xE:xx:xx:xx:xx:xx
Type: null or string
Default: null
Example: "02:00:00:00:00:01"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.wlanInterfaces.<name>.meshIDMeshID of interface with type mesh.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
networking.wlanInterfaces.<name>.typeThe type of the WLAN interface. The type has to be supported by the underlying hardware of the device.
Type: one of "managed", "ibss", "monitor", "mesh", "wds"
Default: "managed"
Example: "ibss"
Declared by:
<nixpkgs/nixos/modules/tasks/network-interfaces.nix>
|
nix.enableWhether to enable Nix. Disabling Nix makes the system hard to modify and the Nix programs and configuration will not be made available by NixOS itself.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
|
nix.packageThis option specifies the Nix package instance to use throughout the system.
Type: package
Default: pkgs.nix
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
|
nix.buildMachinesThis option lists the machines to be used if distributed builds are
enabled (see nix.distributedBuilds).
Nix will perform derivations on those machines via SSH by copying the
inputs to the Nix store on the remote machine, starting the build,
then copying the output back to the local Nix store.
Type: list of (submodule)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
|
nix.buildMachines.*.hostNameThe hostname of the build machine.
Type: string
Example: "nixbuilder.example.org"
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
|
nix.buildMachines.*.mandatoryFeaturesA list of features mandatory for this builder. The builder will
be ignored for derivations that don't require all features in
this list. All mandatory features are automatically included in
supportedFeatures.
Type: list of string
Default: [ ]
Example:
[ "big-parallel" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
|
nix.buildMachines.*.maxJobsThe number of concurrent jobs the build machine supports. The build machine will enforce its own limits, but this allows hydra to schedule better since there is no work-stealing between build machines.
Type: signed integer
Default: 1
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
|
nix.buildMachines.*.protocolThe protocol used for communicating with the build machine.
Use ssh-ng if your remote builder and your
local Nix version support that improved protocol.
Use null when trying to change the special localhost builder
without a protocol which is for example used by hydra.
Type: one of <null>, "ssh", "ssh-ng"
Default: "ssh"
Example: "ssh-ng"
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
|
nix.buildMachines.*.publicHostKeyThe (base64-encoded) public host key of this builder. The field is calculated via base64 -w0 /etc/ssh/ssh_host_type_key.pub. If null, SSH will use its regular known-hosts file when connecting.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
|
nix.buildMachines.*.speedFactorThe relative speed of this builder. This is an arbitrary integer that indicates the speed of this builder, relative to other builders. Higher is faster.
Type: signed integer
Default: 1
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
|
nix.buildMachines.*.sshKeyThe path to the SSH private key with which to authenticate on the build machine. The private key must not have a passphrase. If null, the building user (root on NixOS machines) must have an appropriate ssh configuration to log in non-interactively.
Note that for security reasons, this path must point to a file in the local filesystem, not to the nix store.
Type: null or string
Default: null
Example: "/root/.ssh/id_buildhost_builduser"
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
|
nix.buildMachines.*.sshUserThe username to log in as on the remote host. This user must be
able to log in and run nix commands non-interactively. It must
also be privileged to build derivations, so must be included in
nix.settings.trusted-users.
Type: null or string
Default: null
Example: "builder"
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
|
nix.buildMachines.*.supportedFeaturesA list of features supported by this builder. The builder will be ignored for derivations that require features not in this list.
Type: list of string
Default: [ ]
Example:
[ "kvm" "big-parallel" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
|
nix.buildMachines.*.systemThe system type the build machine can execute derivations on.
Either this attribute or systems must be
present, where system takes precedence if
both are set.
Type: null or string
Default: null
Example: "x86_64-linux"
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
|
nix.buildMachines.*.systemsThe system types the build machine can execute derivations on.
Either this attribute or system must be
present, where system takes precedence if
both are set.
Type: list of string
Default: [ ]
Example:
[ "x86_64-linux" "aarch64-linux" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
|
nix.checkAllErrorsIf enabled, checks the nix.conf parsing for any kind of error. When disabled, checks only for unknown settings.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
|
nix.checkConfigIf enabled, checks that Nix can parse the generated nix.conf.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
|
nix.daemonCPUSchedPolicyNix daemon process CPU scheduling policy. This policy propagates to
build processes. other is the default scheduling
policy for regular tasks. The batch policy is
similar to other, but optimised for
non-interactive tasks. idle is for extremely
low-priority tasks that should only be run when no other task
requires CPU time.
Please note that while using the idle policy may
greatly improve responsiveness of a system performing expensive
builds, it may also slow down and potentially starve crucial
configuration updates during load.
idle may therefore be a sensible policy for
systems that experience only intermittent phases of high CPU load,
such as desktop or portable computers used interactively. Other
systems should use the other or
batch policy instead.
For more fine-grained resource control, please refer to
systemd.resource-control(5) and adjust
systemd.services.nix-daemon directly.
Type: one of "other", "batch", "idle"
Default: "other"
Example: "batch"
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
|
nix.daemonIOSchedClassNix daemon process I/O scheduling class. This class propagates to
build processes. best-effort is the default
class for regular tasks. The idle class is for
extremely low-priority tasks that should only perform I/O when no
other task does.
Please note that while using the idle scheduling
class can improve responsiveness of a system performing expensive
builds, it might also slow down or starve crucial configuration
updates during load.
idle may therefore be a sensible class for
systems that experience only intermittent phases of high I/O load,
such as desktop or portable computers used interactively. Other
systems should use the best-effort class.
Type: one of "best-effort", "idle"
Default: "best-effort"
Example: "idle"
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
|
nix.daemonIOSchedPriorityNix daemon process I/O scheduling priority. This priority propagates to build processes. The supported priorities depend on the scheduling policy: With idle, priorities are not used in scheduling decisions. best-effort supports values in the range 0 (high) to 7 (low).
Type: signed integer
Default: 4
Example: 1
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
|
nix.distributedBuildsWhether to distribute builds to the machines listed in
nix.buildMachines.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
|
nix.extraOptionsAdditional text appended to nix.conf.
Type: strings concatenated with "\n"
Default: ""
Example:
'' keep-outputs = true keep-derivations = true ''
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
|
nix.gc.automaticAutomatically run the garbage collector at a specific time.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-gc.nix>
|
nix.gc.datesHow often or when garbage collection is performed. For most desktop and server systems a sufficient garbage collection is once a week.
The format is described in systemd.time(7).
Type: string
Default: "03:15"
Example: "weekly"
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-gc.nix>
|
nix.gc.optionsOptions given to nix-collect-garbage when the
garbage collector is run automatically.
Type: string
Default: ""
Example: "--max-freed $((64 * 1024**3))"
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-gc.nix>
|
nix.gc.persistentTakes a boolean argument. If true, the time when the service unit was last triggered is stored on disk. When the timer is activated, the service unit is triggered immediately if it would have been triggered at least once during the time when the timer was inactive. Such triggering is nonetheless subject to the delay imposed by RandomizedDelaySec=. This is useful to catch up on missed runs of the service when the system was powered down.
Type: boolean
Default: true
Example: false
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-gc.nix>
|
nix.gc.randomizedDelaySecAdd a randomized delay before each garbage collection. The delay will be chosen between zero and this value. This value must be a time span in the format specified by systemd.time(7)
Type: string
Default: "0"
Example: "45min"
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-gc.nix>
|
nix.nixPathThe default Nix expression search path, used by the Nix
evaluator to look up paths enclosed in angle brackets
(e.g. <nixpkgs>).
Type: list of string
Default:
[ "nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos" "nixos-config=/etc/nixos/configuration.nix" "/nix/var/nix/profiles/per-user/root/channels" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
|
nix.nrBuildUsersNumber of nixbld user accounts created to
perform secure concurrent builds. If you receive an error
message saying that “all build users are currently in use”,
you should increase this value.
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
|
nix.optimise.automaticAutomatically run the nix store optimiser at a specific time.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-optimise.nix>
|
nix.optimise.datesSpecification (in the format described by systemd.time(7)) of the time at which the optimiser will run.
Type: list of string
Default:
[ "03:45" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-optimise.nix>
|
nix.registryA system-wide flake registry.
Type: attribute set of (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
|
nix.registry.<name>.exactWhether the from reference needs to match exactly. If set,
a from reference like nixpkgs does not
match with a reference like nixpkgs/nixos-20.03.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
|
nix.registry.<name>.flakeThe flake input from is rewritten to.
Type: null or (attribute set)
Default: null
Example: nixpkgs
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
|
nix.registry.<name>.fromThe flake reference to be rewritten.
Type: attribute set of (string or signed integer or boolean or path or package)
Example:
{
id = "nixpkgs";
type = "indirect";
}Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
|
nix.registry.<name>.toThe flake reference from is rewritten to.
Type: attribute set of (string or signed integer or boolean or path or package)
Example:
{
owner = "my-org";
repo = "my-nixpkgs";
type = "github";
}Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
|
nix.settingsConfiguration for Nix, see https://nixos.org/manual/nix/stable/#sec-conf-file or nix.conf(5) for available options. The value declared here will be translated directly to the key-value pairs Nix expects.
You can use nix-instantiate --eval --strict '<nixpkgs/nixos>' -A config.nix.settings to view the current value. By default it is empty.
Nix configurations defined under nix.* will be translated and applied to this
option. In addition, configuration specified in nix.extraOptions which will be appended
verbatim to the resulting config file.
Type: attribute set of (Nix config atom (null, bool, int, float, str, path or package) or list of (Nix config atom (null, bool, int, float, str, path or package)))
Default: { }
Example:
{
use-sandbox = true;
show-trace = true;
system-features = [ "big-parallel" "kvm" "recursive-nix" ];
sandbox-paths = { "/bin/sh" = "${pkgs.busybox-sandbox-shell.out}/bin/busybox"; };
}
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
|
nix.settings.allowed-usersA list of names of users (separated by whitespace) that are
allowed to connect to the Nix daemon. As with
nix.settings.trusted-users, you can specify groups by
prefixing them with @. Also, you can
allow all users by specifying *. The
default is *. Note that trusted users are
always allowed to connect.
Type: list of string
Default:
[ "*" ]
Example:
[ "@wheel" "@builders" "alice" "bob" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
|
nix.settings.auto-optimise-storeIf set to true, Nix automatically detects files in the store that have identical contents, and replaces them with hard links to a single copy. This saves disk space. If set to false (the default), you can still run nix-store --optimise to get rid of duplicate files.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
|
nix.settings.coresThis option defines the maximum number of concurrent tasks during one build. It affects, e.g., -j option for make. The special value 0 means that the builder should use all available CPU cores in the system. Some builds may become non-deterministic with this option; use with care! Packages will only be affected if enableParallelBuilding is set for them.
Type: signed integer
Default: 0
Example: 64
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
|
nix.settings.extra-sandbox-pathsDirectories from the host filesystem to be included in the sandbox.
Type: list of string
Default: [ ]
Example:
[ "/dev" "/proc" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
|
nix.settings.max-jobsThis option defines the maximum number of jobs that Nix will try to build in parallel. The default is auto, which means it will use all available logical cores. It is recommend to set it to the total number of logical cores in your system (e.g., 16 for two CPUs with 4 cores each and hyper-threading).
Type: signed integer or value "auto" (singular enum)
Default: "auto"
Example: 64
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
|
nix.settings.require-sigsIf enabled (the default), Nix will only download binaries from binary caches if
they are cryptographically signed with any of the keys listed in
nix.settings.trusted-public-keys. If disabled, signatures are neither
required nor checked, so it's strongly recommended that you use only
trustworthy caches and https to prevent man-in-the-middle attacks.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
|
nix.settings.sandboxIf set, Nix will perform builds in a sandboxed environment that it will set up automatically for each build. This prevents impurities in builds by disallowing access to dependencies outside of the Nix store by using network and mount namespaces in a chroot environment. This is enabled by default even though it has a possible performance impact due to the initial setup time of a sandbox for each build. It doesn't affect derivation hashes, so changing this option will not trigger a rebuild of packages.
Type: boolean or value "relaxed" (singular enum)
Default: true
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
|
nix.settings.substitutersList of binary cache URLs used to obtain pre-built binaries of Nix packages.
By default https://cache.nixos.org/ is added.
Type: list of string
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
|
nix.settings.system-featuresThe set of features supported by the machine. Derivations
can express dependencies on system features through the
requiredSystemFeatures attribute.
By default, pseudo-features nixos-test, benchmark,
and big-parallel used in Nixpkgs are set, kvm
is also included in it is available.
Type: list of string
Example:
[ "kvm" "big-parallel" "gccarch-skylake" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
|
nix.settings.trusted-public-keysList of public keys used to sign binary caches. If
nix.settings.trusted-public-keys is enabled,
then Nix will use a binary from a binary cache if and only
if it is signed by any of the keys
listed here. By default, only the key for
cache.nixos.org is included.
Type: list of string
Example:
[ "hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs=" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
|
nix.settings.trusted-substitutersList of binary cache URLs that non-root users can use (in
addition to those specified using
nix.settings.substituters) by passing
--option binary-caches to Nix commands.
Type: list of string
Default: [ ]
Example:
[ "https://hydra.nixos.org/" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
|
nix.settings.trusted-usersA list of names of users that have additional rights when
connecting to the Nix daemon, such as the ability to specify
additional binary caches, or to import unsigned NARs. You
can also specify groups by prefixing them with
@; for instance,
@wheel means all users in the wheel
group.
Type: list of string
Default:
[ "root" ]
Example:
[ "root" "alice" "@wheel" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-daemon.nix>
|
nix.sshServe.enableWhether to enable serving the Nix store as a remote store via SSH.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-ssh-serve.nix>
|
nix.sshServe.keysA list of SSH public keys allowed to access the binary cache via SSH.
Type: list of string
Default: [ ]
Example:
[ "ssh-dss AAAAB3NzaC1k... alice@example.org" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-ssh-serve.nix>
|
nix.sshServe.protocolThe specific Nix-over-SSH protocol to use.
Type: one of "ssh", "ssh-ng"
Default: "ssh"
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-ssh-serve.nix>
|
nix.sshServe.writeWhether to enable writing to the Nix store as a remote store via SSH. Note: the sshServe user is named nix-ssh and is not a trusted-user. nix-ssh should be added to the nix.settings.trusted-users option in most use cases, such as allowing remote building of derivations.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/nix-ssh-serve.nix>
|
nixops.enableDeprecatedAutoLuksWhether to enable Enable the deprecated NixOps AutoLuks module.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/misc/nixops-autoluks.nix>
|
nixpkgs.buildPlatformSpecifies the platform on which NixOS should be built. By default, NixOS is built on the system where it runs, but you can change where it's built. Setting this option will cause NixOS to be cross-compiled.
For instance, if you're doing distributed multi-platform deployment, or if you're building machines, you can set this to match your development system and/or build farm.
Ignored when nixpkgs.pkgs is set.
Type: string or (attribute set)
Default: config.nixpkgs.hostPlatform
Example:
{
config = "x86_64-unknown-linux-gnu";
system = "x86_64-linux";
}Declared by:
<nixpkgs/nixos/modules/misc/nixpkgs.nix>
|
nixpkgs.configThe configuration of the Nix Packages collection. (For details, see the Nixpkgs documentation.) It allows you to set package configuration options.
Ignored when nixpkgs.pkgs is set.
Type: nixpkgs config
Default: { }
Example:
{ allowBroken = true; allowUnfree = true; }
Declared by:
<nixpkgs/nixos/modules/misc/nixpkgs.nix>
|
nixpkgs.crossSystemSystems with a recently generated hardware-configuration.nix
may instead specify only nixpkgs.buildPlatform,
or fall back to removing the nixpkgs.hostPlatform line from the generated config.
Specifies the platform for which NixOS should be
built. Specify this only if it is different from
nixpkgs.localSystem, the platform
on which NixOS should be built. In other
words, specify this to cross-compile NixOS. Otherwise it
should be set as null, the default. See its description in the
Nixpkgs manual for more details.
Ignored when nixpkgs.pkgs or hostPlatform is set.
Type: null or (attribute set)
Default: null
Example:
{
config = "aarch64-unknown-linux-gnu";
system = "aarch64-linux";
}Declared by:
<nixpkgs/nixos/modules/misc/nixpkgs.nix>
|
nixpkgs.hostPlatformSpecifies the platform where the NixOS configuration will run.
To cross-compile, set also nixpkgs.buildPlatform.
Ignored when nixpkgs.pkgs is set.
Type: string or (attribute set)
Example:
{
config = "aarch64-unknown-linux-gnu";
system = "aarch64-linux";
}Declared by:
<nixpkgs/nixos/modules/misc/nixpkgs.nix>
|
nixpkgs.localSystemSystems with a recently generated hardware-configuration.nix
do not need to specify this option, unless cross-compiling, in which case
you should set only nixpkgs.buildPlatform.
If this is somehow not feasible, you may fall back to removing the
nixpkgs.hostPlatform line from the generated config and
use the old options.
Specifies the platform on which NixOS should be built. When
nixpkgs.crossSystem is unset, it also specifies
the platform for which NixOS should be
built. If this option is unset, it defaults to the platform
type of the machine where evaluation happens. Specifying this
option is useful when doing distributed multi-platform
deployment, or when building virtual machines. See its
description in the Nixpkgs manual for more details.
Ignored when nixpkgs.pkgs or hostPlatform is set.
Type: attribute set
Default: (import "${nixos}/../lib").lib.systems.examples.aarch64-multiplatform
Example:
{
config = "aarch64-unknown-linux-gnu";
system = "aarch64-linux";
}Declared by:
<nixpkgs/nixos/modules/misc/nixpkgs.nix>
|
nixpkgs.overlaysList of overlays to use with the Nix Packages collection. (For details, see the Nixpkgs documentation.) It allows you to override packages globally. Each function in the list takes as an argument the original Nixpkgs. The first argument should be used for finding dependencies, and the second should be used for overriding recipes.
If nixpkgs.pkgs is set, overlays specified here
will be applied after the overlays that were already present
in nixpkgs.pkgs.
Type: list of (nixpkgs overlay)
Default: [ ]
Example:
[
(self: super: {
openssh = super.openssh.override {
hpnSupport = true;
kerberos = self.libkrb5;
};
})
]
Declared by:
<nixpkgs/nixos/modules/misc/nixpkgs.nix>
|
nixpkgs.pkgsIf set, the pkgs argument to all NixOS modules is the value of
this option, extended with nixpkgs.overlays, if
that is also set. Either nixpkgs.crossSystem or
nixpkgs.localSystem will be used in an assertion
to check that the NixOS and Nixpkgs architectures match. Any
other options in nixpkgs.*, notably config,
will be ignored.
If unset, the pkgs argument to all NixOS modules is determined as shown in the default value for this option.
The default value imports the Nixpkgs source files
relative to the location of this NixOS module, because
NixOS and Nixpkgs are distributed together for consistency,
so the nixos in the default value is in fact a
relative path. The config, overlays,
localSystem, and crossSystem come
from this option's siblings.
This option can be used by applications like NixOps to increase
the performance of evaluation, or to create packages that depend
on a container that should be built with the exact same evaluation
of Nixpkgs, for example. Applications like this should set
their default value using lib.mkDefault, so
user-provided configuration can override it without using
lib.
Note that using a distinct version of Nixpkgs with NixOS may be an unexpected source of problems. Use this option with care.
Type: An evaluation of Nixpkgs; the top level attribute set of packages
Example: import <nixpkgs> {}
Declared by:
<nixpkgs/nixos/modules/misc/nixpkgs.nix>
|
nixpkgs.systemThis option does not need to be specified for NixOS configurations
with a recently generated hardware-configuration.nix.
Specifies the Nix platform type on which NixOS should be built.
It is better to specify nixpkgs.localSystem instead.
{
nixpkgs.system = ..;
}
is the same as
{
nixpkgs.localSystem.system = ..;
}
See nixpkgs.localSystem for more information.
Ignored when nixpkgs.pkgs, nixpkgs.localSystem or nixpkgs.hostPlatform is set.
Type: string
Default: Traditionally builtins.currentSystem, but unset when invoking NixOS through lib.nixosSystem.
Example: "i686-linux"
Declared by:
<nixpkgs/nixos/modules/misc/nixpkgs.nix>
|
openstack.zfs.datasetsDatasets to create under the tank and boot zpools.
NOTE: This option is used only at image creation time, and does not attempt to declaratively create or manage datasets on an existing system.
Type: attribute set of (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/virtualisation/openstack-options.nix>
|
openstack.zfs.datasets.<name>.mountWhere to mount this dataset.
Type: null or Concatenated string
Default: null
Declared by:
<nixpkgs/nixos/modules/virtualisation/openstack-options.nix>
|
openstack.zfs.datasets.<name>.propertiesProperties to set on this dataset.
Type: attribute set of Concatenated string
Default: { }
Declared by:
<nixpkgs/nixos/modules/virtualisation/openstack-options.nix>
|
power.ups.enableEnables support for Power Devices, such as Uninterruptible Power Supplies, Power Distribution Units and Solar Controllers.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/ups.nix>
|
power.ups.maxStartDelayThis can be set as a global variable above your first UPS definition and it can also be set in a UPS section. This value controls how long upsdrvctl will wait for the driver to finish starting. This keeps your system from getting stuck due to a broken driver or UPS.
Type: signed integer
Default: 45
Declared by:
<nixpkgs/nixos/modules/services/monitoring/ups.nix>
|
power.ups.modeThe MODE determines which part of the NUT is to be started, and which configuration files must be modified.
The values of MODE can be:
none: NUT is not configured, or use the Integrated Power Management, or use some external system to startup NUT components. So nothing is to be started.
standalone: This mode address a local only configuration, with 1 UPS protecting the local system. This implies to start the 3 NUT layers (driver, upsd and upsmon) and the matching configuration files. This mode can also address UPS redundancy.
netserver: same as for the standalone configuration, but also need some more ACLs and possibly a specific LISTEN directive in upsd.conf. Since this MODE is opened to the network, a special care should be applied to security concerns.
netclient: this mode only requires upsmon.
Type: string
Default: "standalone"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/ups.nix>
|
power.ups.schedulerRulesFile which contains the rules to handle UPS events.
Type: string
Example: "/etc/nixos/upssched.conf"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/ups.nix>
|
power.ups.upsThis is where you configure all the UPSes that this system will be monitoring directly. These are usually attached to serial ports, but USB devices are also supported.
Type: attribute set of (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/monitoring/ups.nix>
|
power.ups.ups.<name>.descriptionDescription of the UPS.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/ups.nix>
|
power.ups.ups.<name>.directivesList of configuration directives for this UPS.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/ups.nix>
|
power.ups.ups.<name>.driverSpecify the program to run to talk to this UPS. apcsmart, bestups, and sec are some examples.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/ups.nix>
|
power.ups.ups.<name>.maxStartDelayThis can be set as a global variable above your first UPS definition and it can also be set in a UPS section. This value controls how long upsdrvctl will wait for the driver to finish starting. This keeps your system from getting stuck due to a broken driver or UPS.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/ups.nix>
|
power.ups.ups.<name>.portThe serial port to which your UPS is connected. /dev/ttyS0 is usually the first port on Linux boxes, for example.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/ups.nix>
|
power.ups.ups.<name>.shutdownOrderWhen you have multiple UPSes on your system, you usually need to turn them off in a certain order. upsdrvctl shuts down all the 0s, then the 1s, 2s, and so on. To exclude a UPS from the shutdown sequence, set this to -1.
Type: signed integer
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/monitoring/ups.nix>
|
power.ups.ups.<name>.summaryLines which would be added inside ups.conf for handling this UPS.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/ups.nix>
|
powerManagement.enableWhether to enable power management. This includes support for suspend-to-RAM and powersave features on laptops.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/config/power-management.nix>
|
powerManagement.cpuFreqGovernorConfigure the governor used to regulate the frequency of the available CPUs. By default, the kernel configures the performance governor, although this may be overwritten in your hardware-configuration.nix file.
Often used values: "ondemand", "powersave", "performance"
Type: null or string
Default: null
Example: "ondemand"
Declared by:
<nixpkgs/nixos/modules/tasks/cpu-freq.nix>
|
powerManagement.cpufreq.maxThe maximum frequency the CPU will use. Defaults to the maximum possible.
Type: null or unsigned integer, meaning >=0
Default: null
Example: 2200000
Declared by:
<nixpkgs/nixos/modules/tasks/cpu-freq.nix>
|
powerManagement.cpufreq.minThe minimum frequency the CPU will use.
Type: null or unsigned integer, meaning >=0
Default: null
Example: 800000
Declared by:
<nixpkgs/nixos/modules/tasks/cpu-freq.nix>
|
powerManagement.powerDownCommandsCommands executed when the machine powers down. That is, they're executed both when the system shuts down and when it goes to suspend or hibernation.
Type: strings concatenated with "\n"
Default: ""
Example:
"${pkgs.hdparm}/sbin/hdparm -B 255 /dev/sda"
Declared by:
<nixpkgs/nixos/modules/config/power-management.nix>
|
powerManagement.powerUpCommandsCommands executed when the machine powers up. That is, they're executed both when the system first boots and when it resumes from suspend or hibernation.
Type: strings concatenated with "\n"
Default: ""
Example:
"${pkgs.hdparm}/sbin/hdparm -B 255 /dev/sda"
Declared by:
<nixpkgs/nixos/modules/config/power-management.nix>
|
powerManagement.powertop.enableWhether to enable powertop auto tuning on startup.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/tasks/powertop.nix>
|
powerManagement.resumeCommandsCommands executed after the system resumes from suspend-to-RAM.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/config/power-management.nix>
|
powerManagement.scsiLinkPolicySCSI link power management policy. The kernel default is "max_performance".
"med_power_with_dipm" is supported by kernel versions 4.15 and newer.
Type: null or one of "min_power", "max_performance", "medium_power", "med_power_with_dipm"
Default: null
Declared by:
<nixpkgs/nixos/modules/tasks/scsi-link-power-management.nix>
|
programs._1password.enableWhether to enable the 1Password CLI tool.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/_1password.nix>
|
programs._1password.packageThe 1Password CLI package to use.
Type: package
Default: pkgs._1password
Declared by:
<nixpkgs/nixos/modules/programs/_1password.nix>
|
programs._1password-gui.enableWhether to enable the 1Password GUI application.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/_1password-gui.nix>
|
programs._1password-gui.packageThe 1Password GUI package to use.
Type: package
Default: pkgs._1password-gui
Declared by:
<nixpkgs/nixos/modules/programs/_1password-gui.nix>
|
programs._1password-gui.polkitPolicyOwnersA list of users who should be able to integrate 1Password with polkit-based authentication mechanisms.
Type: list of string
Default: [ ]
Example: ["user1" "user2" "user3"]
Declared by:
<nixpkgs/nixos/modules/programs/_1password-gui.nix>
|
programs.adb.enableWhether to configure system to use Android Debug Bridge (adb).
To grant access to a user, it must be part of adbusers group:
users.users.alice.extraGroups = ["adbusers"];
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/adb.nix>
|
programs.appgate-sdp.enableWhether to enable AppGate SDP VPN client.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/appgate-sdp.nix>
|
programs.atop.enableWhether to enable Atop.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/atop.nix>
|
programs.atop.packageWhich package to use for Atop.
Type: package
Default: pkgs.atop
Declared by:
<nixpkgs/nixos/modules/programs/atop.nix>
|
programs.atop.atopRotateTimer.enableWhether to enable the atop-rotate timer, which restarts the atop service daily to make sure the data files are rotate.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/programs/atop.nix>
|
programs.atop.atopService.enableWhether to enable the atop service responsible for storing statistics for long-term analysis.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/programs/atop.nix>
|
programs.atop.atopacctService.enableWhether to enable the atopacct service which manages process accounting. This allows Atop to gather data about processes that disappeared in between two refresh intervals.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/programs/atop.nix>
|
programs.atop.atopgpu.enableWhether to install and enable the atopgpud daemon to get information about NVIDIA gpus.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/atop.nix>
|
programs.atop.netatop.enableWhether to install and enable the netatop kernel module. Note: this sets the kernel taint flag "O" for loading out-of-tree modules.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/atop.nix>
|
programs.atop.netatop.packageWhich package to use for netatop.
Type: package
Default: config.boot.kernelPackages.netatop
Declared by:
<nixpkgs/nixos/modules/programs/atop.nix>
|
programs.atop.settingsParameters to be written to /etc/atoprc.
Type: attribute set
Default: { }
Example:
{
flags = "a1f";
interval = 5;
}Declared by:
<nixpkgs/nixos/modules/programs/atop.nix>
|
programs.atop.setuidWrapper.enableWhether to install a setuid wrapper for Atop. This is required to use some of the features as non-root user (e.g.: ipc information, netatop, atopgpu). Atop tries to drop the root privileges shortly after starting.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/atop.nix>
|
programs.ausweisapp.enableWhether to enable AusweisApp2.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/ausweisapp.nix>
|
programs.ausweisapp.openFirewallWhether to open the required firewall ports for the Smartphone as Card Reader (SaC) functionality of AusweisApp2.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/ausweisapp.nix>
|
programs.autojump.enableWhether to enable autojump.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/autojump.nix>
|
programs.bandwhich.enableWhether to add bandwhich to the global environment and configure a setcap wrapper for it.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/bandwhich.nix>
|
programs.bash.enableCompletionWhether to enable Bash completion for all interactive bash shells.
Type: boolean
Default: true
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/bash/bash-completion.nix>
|
programs.bash.enableLsColorsWhether to enable extra colors in directory listings.
Type: boolean
Default: true
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/bash/ls-colors.nix>
|
programs.bash.blesh.enableWhether to enable blesh.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/bash/blesh.nix>
|
programs.bash.interactiveShellInitShell script code called during interactive bash shell initialisation.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/programs/bash/bash.nix>
|
programs.bash.loginShellInitShell script code called during login bash shell initialisation.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/programs/bash/bash.nix>
|
programs.bash.promptInitShell script code used to initialise the bash prompt.
Type: strings concatenated with "\n"
Default:
''
# Provide a nice prompt if the terminal supports it.
if [ "$TERM" != "dumb" ] || [ -n "$INSIDE_EMACS" ]; then
PROMPT_COLOR="1;31m"
((UID)) && PROMPT_COLOR="1;32m"
if [ -n "$INSIDE_EMACS" ] || [ "$TERM" = "eterm" ] || [ "$TERM" = "eterm-color" ]; then
# Emacs term mode doesn't support xterm title escape sequence (\e]0;)
PS1="\n\[\033[$PROMPT_COLOR\][\u@\h:\w]\\$\[\033[0m\] "
else
PS1="\n\[\033[$PROMPT_COLOR\][\[\e]0;\u@\h: \w\a\]\u@\h:\w]\\$\[\033[0m\] "
fi
if test "$TERM" = "xterm"; then
PS1="\[\033]2;\h:\u:\w\007\]$PS1"
fi
fi
''Declared by:
<nixpkgs/nixos/modules/programs/bash/bash.nix>
|
programs.bash.shellAliasesSet of aliases for bash shell, which overrides environment.shellAliases.
See environment.shellAliases for an option format description.
Type: attribute set of (null or string or path)
Default: { }
Declared by:
<nixpkgs/nixos/modules/programs/bash/bash.nix>
|
programs.bash.shellInitShell script code called during bash shell initialisation.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/programs/bash/bash.nix>
|
programs.bash.undistractMe.enableWhether to enable notifications when long-running terminal commands complete.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/bash/undistract-me.nix>
|
programs.bash.undistractMe.playSoundWhether to enable notification sounds when long-running terminal commands complete.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/bash/undistract-me.nix>
|
programs.bash.undistractMe.timeoutNumber of seconds it would take for a command to be considered long-running.
Type: signed integer
Default: 10
Declared by:
<nixpkgs/nixos/modules/programs/bash/undistract-me.nix>
|
programs.bash.vteIntegrationWhether to enable Bash integration for VTE terminals. This allows it to preserve the current directory of the shell across terminals.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/config/vte.nix>
|
programs.bash-my-aws.enableWhether to enable bash-my-aws.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/bash-my-aws.nix>
|
programs.bcc.enableWhether to enable bcc.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/bcc.nix>
|
programs.browserpass.enableWhether to enable Browserpass native messaging host.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/browserpass.nix>
|
programs.calls.enableWhether to enable Whether to enable GNOME calls: a phone dialer and call handler. .
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/calls.nix>
|
programs.captive-browser.enableWhether to enable captive browser.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/captive-browser.nix>
|
programs.captive-browser.packageWhich package to use for captive-browser
Type: package
Default: pkgs.captive-browser
Declared by:
<nixpkgs/nixos/modules/programs/captive-browser.nix>
|
programs.captive-browser.bindInterfaceBinds captive-browser to the network interface declared in
cfg.interface. This can be used to avoid collisions
with private subnets.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/programs/captive-browser.nix>
|
programs.captive-browser.browserThe shell (/bin/sh) command executed once the proxy starts. When browser exits, the proxy exits. An extra env var PROXY is available.
Here, we use a separate Chrome instance in Incognito mode, so that it can run (and be waited for) alongside the default one, and that it maintains no state across runs. To configure this browser open a normal window in it, settings will be preserved.
@volth: chromium is to open a plain HTTP (not HTTPS nor redirect to HTTPS!) website. upstream uses http://example.com but I have seen captive portals whose DNS server resolves "example.com" to 127.0.0.1
Type: string
Default: env XDG_CONFIG_HOME="$PREV_CONFIG_HOME" ${pkgs.chromium}/bin/chromium --user-data-dir=${XDG_DATA_HOME:-$HOME/.local/share}/chromium-captive --proxy-server="socks5://$PROXY" --host-resolver-rules="MAP * ~NOTFOUND , EXCLUDE localhost" --no-first-run --new-window --incognito -no-default-browser-check http://cache.nixos.org/
Declared by:
<nixpkgs/nixos/modules/programs/captive-browser.nix>
|
programs.captive-browser.dhcp-dnsThe shell (/bin/sh) command executed to obtain the DHCP DNS server address. The first match of an IPv4 regex is used. IPv4 only, because let's be real, it's a captive portal.
Type: string
Declared by:
<nixpkgs/nixos/modules/programs/captive-browser.nix>
|
programs.captive-browser.interfaceyour public network interface (wlp3s0, wlan0, eth0, ...)
Type: string
Declared by:
<nixpkgs/nixos/modules/programs/captive-browser.nix>
|
programs.captive-browser.socks5-addrthe listen address for the SOCKS5 proxy server
Type: string
Default: "localhost:1666"
Declared by:
<nixpkgs/nixos/modules/programs/captive-browser.nix>
|
programs.ccache.enableWhether to enable CCache.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/ccache.nix>
|
programs.ccache.packageNamesNix top-level packages to be compiled using CCache
Type: list of string
Default: [ ]
Example:
[ "wxGTK30" "ffmpeg" "libav_all" ]
Declared by:
<nixpkgs/nixos/modules/programs/ccache.nix>
|
programs.ccache.cacheDirCCache directory
Type: path
Default: "/var/cache/ccache"
Declared by:
<nixpkgs/nixos/modules/programs/ccache.nix>
|
programs.cdemu.enablecdemu for members of
programs.cdemu.group.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/cdemu.nix>
|
programs.cdemu.groupGroup that users must be in to use cdemu.
Type: string
Default: "cdrom"
Declared by:
<nixpkgs/nixos/modules/programs/cdemu.nix>
|
programs.cdemu.guiWhether to install the cdemu GUI (gCDEmu).
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/programs/cdemu.nix>
|
programs.cdemu.image-analyzerWhether to install the image analyzer.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/programs/cdemu.nix>
|
programs.cfs-zen-tweaks.enableWhether to enable CFS Zen Tweaks.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/cfs-zen-tweaks.nix>
|
programs.chromium.enableWhether to enable chromium policies.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/chromium.nix>
|
programs.chromium.defaultSearchProviderEnabledEnable the default search provider.
Type: null or boolean
Default: null
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/chromium.nix>
|
programs.chromium.defaultSearchProviderSearchURLChromium default search provider url.
Type: null or string
Default: null
Example: "https://encrypted.google.com/search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}"
Declared by:
<nixpkgs/nixos/modules/programs/chromium.nix>
|
programs.chromium.defaultSearchProviderSuggestURLChromium default search provider url for suggestions.
Type: null or string
Default: null
Example: "https://encrypted.google.com/complete/search?output=chrome&q={searchTerms}"
Declared by:
<nixpkgs/nixos/modules/programs/chromium.nix>
|
programs.chromium.extensionsList of chromium extensions to install. For list of plugins ids see id in url of extensions on chrome web store page. To install a chromium extension not included in the chrome web store, append to the extension id a semicolon ";" followed by a URL pointing to an Update Manifest XML file. See ExtensionInstallForcelist for additional details.
Type: list of string
Default: [ ]
Example:
[ "chlffgpmiacpedhhbkiomidkjlcfhogd" # pushbullet "mbniclmhobmnbdlbpiphghaielnnpgdp" # lightshot "gcbommkclmclpchllfjekcdonpmejbdp" # https everywhere "cjpalhdlnbpafiamejdnhcphjbkeiagm" # ublock origin ]
Declared by:
<nixpkgs/nixos/modules/programs/chromium.nix>
|
programs.chromium.extraOptsExtra chromium policy options. A list of available policies can be found in the Chrome Enterprise documentation: https://cloud.google.com/docs/chrome-enterprise/policies/ Make sure the selected policy is supported on Linux and your browser version.
Type: attribute set
Default: { }
Example:
{
"BrowserSignin" = 0;
"SyncDisabled" = true;
"PasswordManagerEnabled" = false;
"SpellcheckEnabled" = true;
"SpellcheckLanguage" = [
"de"
"en-US"
];
}
Declared by:
<nixpkgs/nixos/modules/programs/chromium.nix>
|
programs.chromium.homepageLocationChromium default homepage
Type: null or string
Default: null
Example: "https://nixos.org"
Declared by:
<nixpkgs/nixos/modules/programs/chromium.nix>
|
programs.cnping.enableWhether to enable Whether to install a setcap wrapper for cnping.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/cnping.nix>
|
programs.command-not-found.enableWhether interactive shells should show which Nix package (if any) provides a missing command.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/programs/command-not-found/command-not-found.nix>
|
programs.command-not-found.dbPathAbsolute path to programs.sqlite.
By default this file will be provided by your channel (nixexprs.tar.xz).
Type: path
Default: "/nix/var/nix/profiles/per-user/root/channels/nixos/programs.sqlite"
Declared by:
<nixpkgs/nixos/modules/programs/command-not-found/command-not-found.nix>
|
programs.corectrl.enableWhether to enable A tool to overclock amd graphics cards and processors. Add your user to the corectrl group to run corectrl without needing to enter your password .
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/hardware/corectrl.nix>
|
programs.corectrl.gpuOverclock.enableWhether to enable true .
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/hardware/corectrl.nix>
|
programs.corectrl.gpuOverclock.ppfeaturemaskSets the amdgpu.ppfeaturemask kernel option.
In particular, it is used here to set the overdrive bit.
Default is 0xfffd7fff as it is less likely to cause flicker issues.
Setting it to 0xffffffff enables all features.
Type: string
Default: "0xfffd7fff"
Example: "0xffffffff"
Declared by:
<nixpkgs/nixos/modules/hardware/corectrl.nix>
|
programs.criu.enableInstall criu along with necessary kernel options.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/criu.nix>
|
programs.dconf.enableWhether to enable dconf.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/dconf.nix>
|
programs.dconf.packagesA list of packages which provide dconf profiles and databases in /etc/dconf.
Type: list of package
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/programs/dconf.nix>
|
programs.digitalbitbox.enableInstalls the Digital Bitbox application and enables the complementary hardware module.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/digitalbitbox/default.nix>
|
programs.digitalbitbox.packageThe Digital Bitbox package to use. This can be used to install a package with udev rules that differ from the defaults.
Type: package
Default: pkgs.digitalbitbox
Declared by:
<nixpkgs/nixos/modules/programs/digitalbitbox/default.nix>
|
programs.dmrconfig.enableWhether to configure system to enable use of dmrconfig. This enables the required udev rules and installs the program.
Type: boolean
Default: false
Related packages:
Declared by:
<nixpkgs/nixos/modules/programs/dmrconfig.nix>
|
programs.dmrconfig.packagedmrconfig derivation to use
Type: package
Default: pkgs.dmrconfig
Declared by:
<nixpkgs/nixos/modules/programs/dmrconfig.nix>
|
programs.droidcam.enableWhether to enable DroidCam client.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/droidcam.nix>
|
programs.evince.enableWhether to enable Evince, the GNOME document viewer.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/evince.nix>
|
programs.evince.packageEvince derivation to use.
Type: package
Default: pkgs.evince
Declared by:
<nixpkgs/nixos/modules/programs/evince.nix>
|
programs.evolution.enableWhether to enable Evolution, a Personal information management application that provides integrated mail, calendaring and address book functionality..
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/desktops/gnome/evolution-data-server.nix>
|
programs.evolution.pluginsPlugins for Evolution.
Type: list of package
Default: [ ]
Example: [ pkgs.evolution-ews ]
Declared by:
<nixpkgs/nixos/modules/services/desktops/gnome/evolution-data-server.nix>
|
programs.extra-container.enableWhether to enable extra-container, a tool for running declarative NixOS containers without host system rebuilds .
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/extra-container.nix>
|
programs.feedbackd.enableWhether to enable Whether to enable the feedbackd D-BUS service and udev rules.
Your user needs to be in the feedbackd group to trigger effects.
.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/feedbackd.nix>
|
programs.feedbackd.packageWhich feedbackd package to use.
Type: package
Default: pkgs.feedbackd
Declared by:
<nixpkgs/nixos/modules/programs/feedbackd.nix>
|
programs.file-roller.enableWhether to enable File Roller, an archive manager for GNOME.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/file-roller.nix>
|
programs.file-roller.packageFile Roller derivation to use.
Type: package
Default: pkgs.gnome.file-roller
Declared by:
<nixpkgs/nixos/modules/programs/file-roller.nix>
|
programs.firefox.enableWhether to enable the Firefox web browser.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/firefox.nix>
|
programs.firefox.packageFirefox package to use.
Type: package
Default: pkgs.firefox
Related packages:
Declared by:
<nixpkgs/nixos/modules/programs/firefox.nix>
|
programs.firefox.autoConfigAutoConfig files can be used to set and lock preferences that are not covered by the policies.json for Mac and Linux. This method can be used to automatically change user preferences or prevent the end user from modifiying specific preferences by locking them. More info can be found in https://support.mozilla.org/en-US/kb/customizing-firefox-using-autoconfig.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/programs/firefox.nix>
|
programs.firefox.nativeMessagingHosts.browserpassWhether to enable Browserpass support.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/firefox.nix>
|
programs.firefox.nativeMessagingHosts.bukubrowWhether to enable Bukubrow support.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/firefox.nix>
|
programs.firefox.nativeMessagingHosts.ff2mpvWhether to enable ff2mpv support.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/firefox.nix>
|
programs.firefox.nativeMessagingHosts.fxCastWhether to enable fx_cast support.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/firefox.nix>
|
programs.firefox.nativeMessagingHosts.gsconnectWhether to enable GSConnect support.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/firefox.nix>
|
programs.firefox.nativeMessagingHosts.jabrefWhether to enable JabRef support.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/firefox.nix>
|
programs.firefox.nativeMessagingHosts.passffWhether to enable PassFF support.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/firefox.nix>
|
programs.firefox.nativeMessagingHosts.tridactylWhether to enable Tridactyl support.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/firefox.nix>
|
programs.firefox.nativeMessagingHosts.ugetIntegratorWhether to enable Uget Integrator support.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/firefox.nix>
|
programs.firefox.policiesGroup policies to install.
See Mozilla's documentation for a list of available options.
This can be used to install extensions declaratively! Check out the
documentation of the ExtensionSettings policy for details.
When this option is in use, Firefox will inform you that "your browser is managed by your organisation". That message appears because NixOS installs what you have declared here such that it cannot be overridden through the user interface. It does not mean that someone else has been given control of your browser, unless of course they also control your NixOS configuration.
Type: JSON value
Default: { }
Declared by:
<nixpkgs/nixos/modules/programs/firefox.nix>
|
programs.firefox.preferencesPreferences to set from about:config.
Some of these might be able to be configured more ergonomically using policies.
When this option is in use, Firefox will inform you that "your browser is managed by your organisation". That message appears because NixOS installs what you have declared here such that it cannot be overridden through the user interface. It does not mean that someone else has been given control of your browser, unless of course they also control your NixOS configuration.
Type: attribute set of (boolean or signed integer or Concatenated string)
Default: { }
Declared by:
<nixpkgs/nixos/modules/programs/firefox.nix>
|
programs.firefox.preferencesStatusThe status of firefox.preferences.
status can assume the following values:
"default": Preferences appear as default.
"locked": Preferences appear as default and can't be changed.
"user": Preferences appear as changed.
"clear": Value has no effect. Resets to factory defaults on each startup.
Type: one of "default", "locked", "user", "clear"
Default: "locked"
Declared by:
<nixpkgs/nixos/modules/programs/firefox.nix>
|
programs.firejail.enableWhether to enable firejail.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/firejail.nix>
|
programs.firejail.wrappedBinariesWrap the binaries in firejail and place them in the global path.
Type: attribute set of (path or (submodule))
Default: { }
Example:
{
firefox = {
executable = "${lib.getBin pkgs.firefox}/bin/firefox";
profile = "${pkgs.firejail}/etc/firejail/firefox.profile";
};
mpv = {
executable = "${lib.getBin pkgs.mpv}/bin/mpv";
profile = "${pkgs.firejail}/etc/firejail/mpv.profile";
};
}
Declared by:
<nixpkgs/nixos/modules/programs/firejail.nix>
|
programs.fish.enableWhether to configure fish as an interactive shell.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/fish.nix>
|
programs.fish.interactiveShellInitShell script code called during interactive fish shell initialisation.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/programs/fish.nix>
|
programs.fish.loginShellInitShell script code called during fish login shell initialisation.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/programs/fish.nix>
|
programs.fish.promptInitShell script code used to initialise fish prompt.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/programs/fish.nix>
|
programs.fish.shellAbbrsSet of fish abbreviations.
Type: attribute set of string
Default: { }
Example:
{
gco = "git checkout";
npu = "nix-prefetch-url";
}Declared by:
<nixpkgs/nixos/modules/programs/fish.nix>
|
programs.fish.shellAliasesSet of aliases for fish shell, which overrides environment.shellAliases.
See environment.shellAliases for an option format description.
Type: attribute set of (null or string or path)
Default: { }
Declared by:
<nixpkgs/nixos/modules/programs/fish.nix>
|
programs.fish.shellInitShell script code called during fish shell initialisation.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/programs/fish.nix>
|
programs.fish.useBabelfishIf enabled, the configured environment will be translated to native fish using babelfish. Otherwise, foreign-env will be used.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/fish.nix>
|
programs.fish.vendor.completions.enableWhether fish should use completion files provided by other packages.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/programs/fish.nix>
|
programs.fish.vendor.config.enableWhether fish should source configuration snippets provided by other packages.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/programs/fish.nix>
|
programs.fish.vendor.functions.enableWhether fish should autoload fish functions provided by other packages.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/programs/fish.nix>
|
programs.flashrom.enableInstalls flashrom and configures udev rules for programmers used by flashrom. Grants access to users in the "flashrom" group.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/flashrom.nix>
|
programs.flashrom.packageThe flashrom package to use.
Type: package
Default: pkgs.flashrom
Declared by:
<nixpkgs/nixos/modules/programs/flashrom.nix>
|
programs.flexoptix-app.enableWhether to enable FLEXOPTIX app + udev rules.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/flexoptix-app.nix>
|
programs.flexoptix-app.packageFLEXOPTIX app package to use
Type: package
Default: pkgs.flexoptix-app
Declared by:
<nixpkgs/nixos/modules/programs/flexoptix-app.nix>
|
programs.fuse.mountMaxSet the maximum number of FUSE mounts allowed to non-root users.
Type: integer between 0 and 32767 (both inclusive)
Default: 1000
Declared by:
<nixpkgs/nixos/modules/programs/fuse.nix>
|
programs.fuse.userAllowOtherAllow non-root users to specify the allow_other or allow_root mount options, see mount.fuse3(8).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/fuse.nix>
|
programs.fzf.fuzzyCompletionWhether to enable fuzzy completion with fzf.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/fzf.nix>
|
programs.fzf.keybindingsWhether to enable fzf keybindings.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/fzf.nix>
|
programs.gamemode.enableWhether to enable GameMode to optimise system performance on demand.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/gamemode.nix>
|
programs.gamemode.enableReniceWhether to enable CAP_SYS_NICE on gamemoded to support lowering process niceness.
Type: boolean
Default: true
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/gamemode.nix>
|
programs.gamemode.settingsSystem-wide configuration for GameMode (/etc/gamemode.ini). See gamemoded(8) man page for available settings.
Type: attribute set of attribute set of (INI atom (null, bool, int, float or string))
Default: { }
Example:
{
general = {
renice = 10;
};
# Warning: GPU optimisations have the potential to damage hardware
gpu = {
apply_gpu_optimisations = "accept-responsibility";
gpu_device = 0;
amd_performance_level = "high";
};
custom = {
start = "${pkgs.libnotify}/bin/notify-send 'GameMode started'";
end = "${pkgs.libnotify}/bin/notify-send 'GameMode ended'";
};
}
Declared by:
<nixpkgs/nixos/modules/programs/gamemode.nix>
|
programs.geary.enableWhether to enable Geary, a Mail client for GNOME 3.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/geary.nix>
|
programs.git.enableWhether to enable git.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/git.nix>
|
programs.git.packageThe git package to use
Type: package
Default: pkgs.git
Example: pkgs.gitFull
Declared by:
<nixpkgs/nixos/modules/programs/git.nix>
|
programs.git.configConfiguration to write to /etc/gitconfig. See the CONFIGURATION FILE section of git-config(1) for more information.
Type: attribute set of attribute set of anything
Default: { }
Example:
{
init = {
defaultBranch = "main";
};
url = {
"https://github.com/" = {
insteadOf = [
"gh:"
"github:"
];
};
};
}Declared by:
<nixpkgs/nixos/modules/programs/git.nix>
|
programs.git.lfs.enableWhether to enable git-lfs.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/git.nix>
|
programs.git.lfs.packageThe git-lfs package to use
Type: package
Default: pkgs.git-lfs
Declared by:
<nixpkgs/nixos/modules/programs/git.nix>
|
programs.gnome-disks.enableWhether to enable GNOME Disks daemon, a program designed to be a UDisks2 graphical front-end.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/gnome-disks.nix>
|
programs.gnome-documents.enableWhether to enable GNOME Documents, a document manager application for GNOME.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/gnome-documents.nix>
|
programs.gnome-terminal.enableWhether to enable GNOME Terminal.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/gnome-terminal.nix>
|
programs.gnupg.packageThe gpg package that should be used.
Type: package
Default: pkgs.gnupg
Declared by:
<nixpkgs/nixos/modules/programs/gnupg.nix>
|
programs.gnupg.agent.enableEnables GnuPG agent with socket-activation for every user session.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/gnupg.nix>
|
programs.gnupg.agent.enableBrowserSocketEnable browser socket for GnuPG agent.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/gnupg.nix>
|
programs.gnupg.agent.enableExtraSocketEnable extra socket for GnuPG agent.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/gnupg.nix>
|
programs.gnupg.agent.enableSSHSupportEnable SSH agent support in GnuPG agent. Also sets SSH_AUTH_SOCK environment variable correctly. This will disable socket-activation and thus always start a GnuPG agent per user session.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/gnupg.nix>
|
programs.gnupg.agent.pinentryFlavorWhich pinentry interface to use. If not null, the path to the pinentry binary will be passed to gpg-agent via commandline and thus overrides the pinentry option in gpg-agent.conf in the user's home directory. If not set at all, it'll pick an appropriate flavor depending on the system configuration (qt flavor for lxqt and plasma5, gtk2 for xfce 4.12, gnome3 on all other systems with X enabled, ncurses otherwise).
Type: null or one of "curses", "tty", "gtk2", "emacs", "gnome3", "qt"
Default: matching the configured desktop environment
Example: "gnome3"
Declared by:
<nixpkgs/nixos/modules/programs/gnupg.nix>
|
programs.gnupg.dirmngr.enableEnables GnuPG network certificate management daemon with socket-activation for every user session.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/gnupg.nix>
|
programs.gpaste.enableWhether to enable GPaste, a clipboard manager.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/gpaste.nix>
|
programs.gphoto2.enableWhether to configure system to use gphoto2.
To grant digital camera access to a user, the user must
be part of the camera group:
users.users.alice.extraGroups = ["camera"];
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/gphoto2.nix>
|
programs.haguichi.enableWhether to enable Haguichi, a Linux GUI frontend to the proprietary LogMeIn Hamachi.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/haguichi.nix>
|
programs.hamster.enableWhether to enable hamster, a time tracking program.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/hamster.nix>
|
programs.htop.enableWhether to enable htop process monitor.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/htop.nix>
|
programs.htop.packageThe htop package that should be used.
Type: package
Default: pkgs.htop
Declared by:
<nixpkgs/nixos/modules/programs/htop.nix>
|
programs.htop.settingsExtra global default configuration for htop which is read on first startup only. Htop subsequently uses ~/.config/htop/htoprc as configuration source.
Type: attribute set of (string or signed integer or boolean or list of (string or signed integer or boolean))
Default: { }
Example:
{
hide_kernel_threads = true;
hide_userland_threads = true;
}Declared by:
<nixpkgs/nixos/modules/programs/htop.nix>
|
programs.iftop.enableWhether to enable iftop + setcap wrapper.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/iftop.nix>
|
programs.iotop.enableWhether to enable iotop + setcap wrapper.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/iotop.nix>
|
programs.java.enableInstall and setup the Java development kit.
This adds JAVA_HOME to the global environment, by sourcing the jdk's setup-hook on shell init. It is equivalent to starting a shell through 'nix-shell -p jdk', or roughly the following system-wide configuration:
environment.variables.JAVA_HOME = ${pkgs.jdk.home}/lib/openjdk;
environment.systemPackages = [ pkgs.jdk ];
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/java.nix>
|
programs.java.packageJava package to install. Typical values are pkgs.jdk or pkgs.jre.
Type: package
Default: pkgs.jdk
Declared by:
<nixpkgs/nixos/modules/programs/java.nix>
|
programs.k3b.enableWhether to enable k3b, the KDE disk burning application.
Additionally to installing k3b enabling this will
add setuid wrappers in /run/wrappers/bin
for both cdrdao and cdrecord. On first
run you must manually configure the path of cdrdae and
cdrecord to correspond to the appropriate paths under
/run/wrappers/bin in the "Setup External Programs" menu.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/k3b.nix>
|
programs.k40-whisperer.enableWhether to enable K40-Whisperer.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/k40-whisperer.nix>
|
programs.k40-whisperer.packageK40 Whisperer package to use.
Type: package
Default: pkgs.k40-whisperer
Example: pkgs.k40-whisperer
Declared by:
<nixpkgs/nixos/modules/programs/k40-whisperer.nix>
|
programs.k40-whisperer.groupGroup assigned to the device when connected.
Type: string
Default: "k40"
Declared by:
<nixpkgs/nixos/modules/programs/k40-whisperer.nix>
|
programs.kbdlight.enableWhether to enable kbdlight.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/kbdlight.nix>
|
programs.kclock.enableWhether to enable KClock.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/kclock.nix>
|
programs.kdeconnect.enableWhether to enable kdeconnect.
Note that it will open the TCP and UDP port from
1714 to 1764 as they are needed for it to function properly.
You can use the package to use
gnomeExtensions.gsconnect as an alternative
implementation if you use Gnome.
.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/kdeconnect.nix>
|
programs.kdeconnect.packageThe package providing the implementation for kdeconnect.
Type: package
Default: pkgs.plasma5Packages.kdeconnect-kde
Example: pkgs.gnomeExtensions.gsconnect
Declared by:
<nixpkgs/nixos/modules/programs/kdeconnect.nix>
|
programs.less.enableWhether to enable less.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/less.nix>
|
programs.less.clearDefaultCommandsClear all default commands. You should remember to set the quit key. Otherwise you will not be able to leave less without killing it.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/less.nix>
|
programs.less.commandsDefines new command keys.
Type: attribute set of string
Default: { }
Example:
{
h = "noaction 5\\e(";
l = "noaction 5\\e)";
}Declared by:
<nixpkgs/nixos/modules/programs/less.nix>
|
programs.less.configFilePath to lesskey configuration file.
configFile takes precedence over commands,
clearDefaultCommands, lineEditingKeys, and
envVariables.
Type: null or path
Default: null
Example: "${pkgs.my-configs}/lesskey"
Declared by:
<nixpkgs/nixos/modules/programs/less.nix>
|
programs.less.envVariablesDefines environment variables.
Type: attribute set of string
Default:
{
LESS = "-R";
}Example:
{
LESS = "--quit-if-one-screen";
}Declared by:
<nixpkgs/nixos/modules/programs/less.nix>
|
programs.less.lesscloseWhen less closes a file opened in such a way, it will call another program, called the input postprocessor, which may perform any desired clean-up action (such as deleting the replacement file created by LESSOPEN).
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/programs/less.nix>
|
programs.less.lessopenBefore less opens a file, it first gives your input preprocessor a chance to modify the way the contents of the file are displayed.
Type: null or string
Default: "|${pkgs.lesspipe}/bin/lesspipe.sh %s"
Declared by:
<nixpkgs/nixos/modules/programs/less.nix>
|
programs.less.lineEditingKeysDefines new line-editing keys.
Type: attribute set of string
Default: { }
Example:
{
e = "abort";
}Declared by:
<nixpkgs/nixos/modules/programs/less.nix>
|
programs.liboping.enableWhether to enable liboping.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/liboping.nix>
|
programs.light.enableWhether to install Light backlight control command and udev rules granting access to members of the "video" group.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/light.nix>
|
programs.mdevctl.enableWhether to enable Mediated Device Management.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/mdevctl.nix>
|
programs.mepo.enableWhether to enable Mepo.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/mepo.nix>
|
programs.mepo.locationBackends.geoclueWhether to enable location detection via geoclue
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/programs/mepo.nix>
|
programs.mepo.locationBackends.gpsdWhether to enable location detection via gpsd. This may require additional configuration of gpsd, see here
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/mepo.nix>
|
programs.mininet.enableWhether to enable Mininet.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/mininet.nix>
|
programs.mosh.enableWhether to enable mosh. Note, this will open ports in your firewall!
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/mosh.nix>
|
programs.mosh.withUtempterWhether to enable libutempter for mosh.
This is required so that mosh can write to /var/run/utmp (which can be queried with who to display currently connected user sessions).
Note, this will add a guid wrapper for the group utmp!
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/programs/mosh.nix>
|
programs.msmtp.enableWhether to enable msmtp - an SMTP client.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/msmtp.nix>
|
programs.msmtp.accountsNamed accounts and their respective configurations. The special name "default" allows a default account to be defined. See msmtp(1) for the available options.
Use programs.msmtp.extraConfig instead of this attribute set-based
option if ordered account inheritance is needed.
It is advised to use the passwordeval setting to read the password
from a secret file to avoid having it written in the world-readable
nix store. The password file must end with a newline (\n).
Type: attribute set of (attribute set)
Default: { }
Example:
{
default = {
auth = true;
host = "smtp.example";
passwordeval = "cat /secrets/password.txt";
user = "someone";
};
}Declared by:
<nixpkgs/nixos/modules/programs/msmtp.nix>
|
programs.msmtp.defaultsDefault values applied to all accounts. See msmtp(1) for the available options.
Type: attribute set
Default: { }
Example:
{
aliases = "/etc/aliases";
port = 587;
tls = true;
}Declared by:
<nixpkgs/nixos/modules/programs/msmtp.nix>
|
programs.msmtp.extraConfigExtra lines to add to the msmtp configuration verbatim. See msmtp(1) for the syntax and available options.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/programs/msmtp.nix>
|
programs.msmtp.setSendmailWhether to set the system sendmail to msmtp's.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/programs/msmtp.nix>
|
programs.mtr.enableWhether to add mtr to the global environment and configure a setcap wrapper for it.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/mtr.nix>
|
programs.mtr.packageThe package to use.
Type: package
Default: pkgs.mtr
Declared by:
<nixpkgs/nixos/modules/programs/mtr.nix>
|
programs.nano.nanorcThe system-wide nano configuration. See nanorc(5).
Type: strings concatenated with "\n"
Default: ""
Example:
'' set nowrap set tabstospaces set tabsize 2 ''
Declared by:
<nixpkgs/nixos/modules/programs/nano.nix>
|
programs.nano.syntaxHighlightWhether to enable syntax highlight for various languages.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/programs/nano.nix>
|
programs.nbd.enableWhether to enable Network Block Device (nbd) support.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/nbd.nix>
|
programs.neovim.enableWhether to enable Neovim.
When enabled through this option, Neovim is wrapped to use a
configuration managed by this module. The configuration file in the
user's home directory at ~/.config/nvim/init.vim is no longer
loaded by default.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/neovim.nix>
|
programs.neovim.packageThe package to use for the neovim binary.
Type: package
Default: pkgs.neovim-unwrapped
Declared by:
<nixpkgs/nixos/modules/programs/neovim.nix>
|
programs.neovim.configureGenerate your init file from your list of plugins and custom commands. Neovim will then be wrapped to load nvim -u /nix/store/«hash»-vimrc
Type: attribute set
Default: { }
Example:
{
customRC = ''
" here your custom configuration goes!
'';
packages.myVimPackage = with pkgs.vimPlugins; {
# loaded on launch
start = [ fugitive ];
# manually loadable by calling `:packadd $plugin-name`
opt = [ ];
};
}
Declared by:
<nixpkgs/nixos/modules/programs/neovim.nix>
|
programs.neovim.defaultEditorWhen enabled, installs neovim and configures neovim to be the default editor using the EDITOR environment variable.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/neovim.nix>
|
programs.neovim.runtimeSet of files that have to be linked in runtime.
Type: attribute set of (submodule)
Default: { }
Example:
{ "ftplugin/c.vim".text = "setlocal omnifunc=v:lua.vim.lsp.omnifunc"; }
Declared by:
<nixpkgs/nixos/modules/programs/neovim.nix>
|
programs.neovim.runtime.<name>.enableWhether this /etc file should be generated. This option allows specific /etc files to be disabled.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/programs/neovim.nix>
|
programs.neovim.runtime.<name>.sourcePath of the source file.
Type: path
Declared by:
<nixpkgs/nixos/modules/programs/neovim.nix>
|
programs.neovim.runtime.<name>.targetName of symlink. Defaults to the attribute name.
Type: string
Declared by:
<nixpkgs/nixos/modules/programs/neovim.nix>
|
programs.neovim.runtime.<name>.textText of the file.
Type: null or strings concatenated with "\n"
Default: null
Declared by:
<nixpkgs/nixos/modules/programs/neovim.nix>
|
programs.neovim.viAliasSymlink vi to nvim binary.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/neovim.nix>
|
programs.neovim.vimAliasSymlink vim to nvim binary.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/neovim.nix>
|
programs.neovim.withNodeJsEnable Node provider.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/neovim.nix>
|
programs.neovim.withPython3Enable Python 3 provider.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/programs/neovim.nix>
|
programs.neovim.withRubyEnable Ruby provider.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/programs/neovim.nix>
|
programs.nethoscope.enableWhether to add nethoscope to the global environment and configure a setcap wrapper for it.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/nethoscope.nix>
|
programs.nix-ld.enableWhether to enable nix-ld, Documentation: https://github.com/Mic92/nix-ld.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/nix-ld.nix>
|
programs.nm-applet.enableWhether to enable nm-applet.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/nm-applet.nix>
|
programs.nm-applet.indicatorWhether to use indicator instead of status icon. It is needed for Appindicator environments, like Enlightenment.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/programs/nm-applet.nix>
|
programs.nncp.enableWhether to enable NNCP (Node to Node copy) utilities and configuration.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/nncp.nix>
|
programs.nncp.packageThe NNCP package to use system-wide.
Type: package
Default: pkgs.nncp
Declared by:
<nixpkgs/nixos/modules/programs/nncp.nix>
|
programs.nncp.groupThe group under which NNCP files shall be owned. Any member of this group may access the secret keys of this NNCP node.
Type: string
Default: "uucp"
Declared by:
<nixpkgs/nixos/modules/programs/nncp.nix>
|
programs.nncp.secretsA list of paths to NNCP configuration files that should not be
in the Nix store. These files are layered on top of the values at
programs.nncp.settings.
Type: list of string
Example:
[ "/run/keys/nncp.hjson" ]
Declared by:
<nixpkgs/nixos/modules/programs/nncp.nix>
|
programs.nncp.settingsNNCP configuration, see
http://www.nncpgo.org/Configuration.html.
At runtime these settings will be overlayed by the contents of
programs.nncp.secrets into the file
/run/nncp.hjson. Node keypairs go in
secrets, do not specify them in
settings as they will be leaked into
/nix/store!
Type: JSON value
Default: { }
Declared by:
<nixpkgs/nixos/modules/programs/nncp.nix>
|
programs.noisetorch.enableWhether to enable noisetorch + setcap wrapper.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/noisetorch.nix>
|
programs.noisetorch.packageThe noisetorch package to use.
Type: package
Default: pkgs.noisetorch
Declared by:
<nixpkgs/nixos/modules/programs/noisetorch.nix>
|
programs.npm.enableWhether to enable npm global config.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/npm.nix>
|
programs.npm.packageThe npm package version / flavor to use
Type: package
Default: pkgs.nodePackages.npm
Example: pkgs.nodePackages_13_x.npm
Declared by:
<nixpkgs/nixos/modules/programs/npm.nix>
|
programs.npm.npmrcThe system-wide npm configuration. See https://docs.npmjs.com/misc/config.
Type: strings concatenated with "\n"
Default:
''
prefix = ''${HOME}/.npm
''Example:
''
prefix = ''${HOME}/.npm
https-proxy=proxy.example.com
init-license=MIT
init-author-url=http://npmjs.org
color=true
''Declared by:
<nixpkgs/nixos/modules/programs/npm.nix>
|
programs.openvpn3.enableWhether to enable the openvpn3 client.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/openvpn3.nix>
|
programs.pantheon-tweaks.enableWhether to enable Pantheon Tweaks, an unofficial system settings panel for Pantheon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/pantheon-tweaks.nix>
|
programs.partition-manager.enableWhether to enable KDE Partition Manager.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/partition-manager.nix>
|
programs.plotinus.enableWhether to enable the Plotinus GTK 3 plugin. Plotinus provides a popup (triggered by Ctrl-Shift-P) to search the menus of a compatible application.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/plotinus.nix>
|
programs.proxychains.enableWhether to enable installing proxychains configuration.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/proxychains.nix>
|
programs.proxychains.chain.lengthChain length for random chain.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/programs/proxychains.nix>
|
programs.proxychains.chain.typedynamic - Each connection will be done via chained proxies
all proxies chained in the order as they appear in the list
at least one proxy must be online to play in chain
(dead proxies are skipped)
otherwise EINTR is returned to the app.
strict - Each connection will be done via chained proxies
all proxies chained in the order as they appear in the list
all proxies must be online to play in chain
otherwise EINTR is returned to the app.
random - Each connection will be done via random proxy
(or proxy chain, see programs.proxychains.chain.length) from the list.
Type: one of "dynamic", "strict", "random"
Default: "strict"
Declared by:
<nixpkgs/nixos/modules/programs/proxychains.nix>
|
programs.proxychains.localnetBy default enable localnet for loopback address ranges.
Type: string
Default: "127.0.0.0/255.0.0.0"
Declared by:
<nixpkgs/nixos/modules/programs/proxychains.nix>
|
programs.proxychains.proxiesProxies to be used by proxychains.
Type: attribute set of (submodule)
Example:
{ myproxy =
{ type = "socks4";
host = "127.0.0.1";
port = 1337;
};
}
Declared by:
<nixpkgs/nixos/modules/programs/proxychains.nix>
|
programs.proxychains.proxies.<name>.enableWhether to enable this proxy.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/proxychains.nix>
|
programs.proxychains.proxies.<name>.hostProxy host or IP address.
Type: string
Declared by:
<nixpkgs/nixos/modules/programs/proxychains.nix>
|
programs.proxychains.proxies.<name>.portProxy port
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Declared by:
<nixpkgs/nixos/modules/programs/proxychains.nix>
|
programs.proxychains.proxies.<name>.typeProxy type.
Type: one of "http", "socks4", "socks5"
Declared by:
<nixpkgs/nixos/modules/programs/proxychains.nix>
|
programs.proxychains.proxyDNSProxy DNS requests - no leak for DNS data.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/programs/proxychains.nix>
|
programs.proxychains.quietModeWhether to enable Quiet mode (no output from the library)..
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/proxychains.nix>
|
programs.proxychains.remoteDNSSubnetSet the class A subnet number to use for the internal remote DNS mapping, uses the reserved 224.x.x.x range by default.
Type: one of 10, 127, 224
Default: 224
Declared by:
<nixpkgs/nixos/modules/programs/proxychains.nix>
|
programs.proxychains.tcpConnectTimeOutConnection time-out in milliseconds.
Type: signed integer
Default: 8000
Declared by:
<nixpkgs/nixos/modules/programs/proxychains.nix>
|
programs.proxychains.tcpReadTimeOutConnection read time-out in milliseconds.
Type: signed integer
Default: 15000
Declared by:
<nixpkgs/nixos/modules/programs/proxychains.nix>
|
programs.rog-control-center.enableWhether to enable the rog-control-center application.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/rog-control-center.nix>
|
programs.rog-control-center.autoStartWhether rog-control-center should be started automatically.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/rog-control-center.nix>
|
programs.rust-motd.enableWhether to enable rust-motd.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/rust-motd.nix>
|
programs.rust-motd.enableMotdInSSHDWhether to let openssh print the
result when entering a new ssh-session.
By default either nothing or a static file defined via
users.motd is printed. Because of that,
the latter option is incompatible with this module.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/programs/rust-motd.nix>
|
programs.rust-motd.refreshIntervalInterval in which the motd(5) file is refreshed. For possible formats, please refer to systemd.time(7).
Type: string
Default: "*:0/5"
Declared by:
<nixpkgs/nixos/modules/programs/rust-motd.nix>
|
programs.rust-motd.settingsSettings on what to generate. Please read the upstream documentation for further information.
Type: TOML value
Declared by:
<nixpkgs/nixos/modules/programs/rust-motd.nix>
|
programs.screen.screenrcThe contents of /etc/screenrc file.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/programs/screen.nix>
|
programs.seahorse.enableWhether to enable Seahorse, a GNOME application for managing encryption keys and passwords in the GNOME Keyring.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/seahorse.nix>
|
programs.sedutil.enableWhether to enable sedutil.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/sedutil.nix>
|
programs.singularity.enableWhether to enable Singularity.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/singularity.nix>
|
programs.skim.packageThe skim package to use.
Type: package
Default: pkgs.skim
Declared by:
<nixpkgs/nixos/modules/programs/skim.nix>
|
programs.skim.fuzzyCompletionWhether to enable fuzzy completion with skim.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/skim.nix>
|
programs.skim.keybindingsWhether to enable skim keybindings.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/skim.nix>
|
programs.slock.enableWhether to install slock screen locker with setuid wrapper.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/slock.nix>
|
programs.spacefm.enableWhether to install SpaceFM and create /etc/spacefm/spacefm.conf.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/spacefm.nix>
|
programs.spacefm.settingsThe system-wide spacefm configuration.
Parameters to be written to /etc/spacefm/spacefm.conf.
Refer to the relevant entry in the SpaceFM manual.
Type: attribute set
Default:
{
tmp_dir = "/tmp";
terminal_su = "${pkgs.sudo}/bin/sudo";
}
Declared by:
<nixpkgs/nixos/modules/programs/spacefm.nix>
|
programs.ssh.enableAskPasswordWhether to configure SSH_ASKPASS in the environment.
Type: boolean
Default: config.services.xserver.enable
Declared by:
<nixpkgs/nixos/modules/programs/ssh.nix>
|
programs.ssh.packageThe package used for the openssh client and daemon.
Type: package
Default: pkgs.openssh
Declared by:
<nixpkgs/nixos/modules/programs/ssh.nix>
|
programs.ssh.agentPKCS11WhitelistA pattern-list of acceptable paths for PKCS#11 shared libraries that may be used with the -s option to ssh-add.
Type: null or string
Default: null
Example: "${pkgs.opensc}/lib/opensc-pkcs11.so"
Declared by:
<nixpkgs/nixos/modules/programs/ssh.nix>
|
programs.ssh.agentTimeoutHow long to keep the private keys in memory. Use null to keep them forever.
Type: null or string
Default: null
Example: "1h"
Declared by:
<nixpkgs/nixos/modules/programs/ssh.nix>
|
programs.ssh.askPasswordProgram used by SSH to ask for passwords.
Type: string
Default: "${pkgs.x11_ssh_askpass}/libexec/x11-ssh-askpass"
Declared by:
<nixpkgs/nixos/modules/programs/ssh.nix>
|
programs.ssh.ciphersSpecifies the ciphers allowed and their order of preference.
Type: null or (list of string)
Default: null
Example:
[ "chacha20-poly1305@openssh.com" "aes256-gcm@openssh.com" ]
Declared by:
<nixpkgs/nixos/modules/programs/ssh.nix>
|
programs.ssh.extraConfigExtra configuration text prepended to ssh_config. Other generated
options will be added after a Host * pattern.
See ssh_config(5)
for help.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/programs/ssh.nix>
|
programs.ssh.forwardX11Whether to request X11 forwarding on outgoing connections by default. This is useful for running graphical programs on the remote machine and have them display to your local X11 server. Historically, this value has depended on the value used by the local sshd daemon, but there really isn't a relation between the two. Note: there are some security risks to forwarding an X11 connection. NixOS's X server is built with the SECURITY extension, which prevents some obvious attacks. To enable or disable forwarding on a per-connection basis, see the -X and -x options to ssh. The -Y option to ssh enables trusted forwarding, which bypasses the SECURITY extension.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/ssh.nix>
|
programs.ssh.hostKeyAlgorithmsSpecifies the host key algorithms that the client wants to use in order of preference.
Type: list of string
Default: [ ]
Example:
[ "ssh-ed25519" "ssh-rsa" ]
Declared by:
<nixpkgs/nixos/modules/programs/ssh.nix>
|
programs.ssh.kexAlgorithmsSpecifies the available KEX (Key Exchange) algorithms.
Type: null or (list of string)
Default: null
Example:
[ "curve25519-sha256@libssh.org" "diffie-hellman-group-exchange-sha256" ]
Declared by:
<nixpkgs/nixos/modules/programs/ssh.nix>
|
programs.ssh.knownHostsThe set of system-wide known SSH hosts. To make simple setups more
convenient the name of an attribute in this set is used as a host name
for the entry. This behaviour can be disabled by setting
hostNames explicitly. You can use
extraHostNames to add additional host names without
disabling this default.
Type: attribute set of (submodule)
Default: { }
Example:
{
myhost = {
extraHostNames = [ "myhost.mydomain.com" "10.10.1.4" ];
publicKeyFile = ./pubkeys/myhost_ssh_host_dsa_key.pub;
};
"myhost2.net".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILIRuJ8p1Fi+m6WkHV0KWnRfpM1WxoW8XAS+XvsSKsTK";
"myhost2.net/dsa" = {
hostNames = [ "myhost2.net" ];
publicKeyFile = ./pubkeys/myhost2_ssh_host_dsa_key.pub;
};
}
Declared by:
<nixpkgs/nixos/modules/programs/ssh.nix>
|
programs.ssh.knownHosts.<name>.certAuthorityThis public key is an SSH certificate authority, rather than an individual host's key.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/ssh.nix>
|
programs.ssh.knownHosts.<name>.extraHostNamesA list of additional host names and/or IP numbers used for
accessing the host's ssh service. This list is ignored if
hostNames is set explicitly.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/programs/ssh.nix>
|
programs.ssh.knownHosts.<name>.hostNamesA list of host names and/or IP numbers used for accessing
the host's ssh service. This list includes the name of the
containing knownHosts attribute by default
for convenience. If you wish to configure multiple host keys
for the same host use multiple knownHosts
entries with different attribute names and the same
hostNames list.
Type: list of string
Default: [ ‹name› ] ++ config.programs.ssh.knownHosts.<name>.extraHostNames
Declared by:
<nixpkgs/nixos/modules/programs/ssh.nix>
|
programs.ssh.knownHosts.<name>.publicKeyThe public key data for the host. You can fetch a public key from a running SSH server with the ssh-keyscan command. The public key should not include any host names, only the key type and the key itself.
Type: null or string
Default: null
Example: "ecdsa-sha2-nistp521 AAAAE2VjZHN...UEPg=="
Declared by:
<nixpkgs/nixos/modules/programs/ssh.nix>
|
programs.ssh.knownHosts.<name>.publicKeyFileThe path to the public key file for the host. The public
key file is read at build time and saved in the Nix store.
You can fetch a public key file from a running SSH server
with the ssh-keyscan command. The content
of the file should follow the same format as described for
the publicKey option. Only a single key
is supported. If a host has multiple keys, use
programs.ssh.knownHostsFiles instead.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/programs/ssh.nix>
|
programs.ssh.knownHostsFilesFiles containing SSH host keys to set as global known hosts.
/etc/ssh/ssh_known_hosts (which is
generated by programs.ssh.knownHosts) and
/etc/ssh/ssh_known_hosts2 are always
included.
Type: list of path
Default: [ ]
Example:
[
./known_hosts
(writeText "github.keys" ''
github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==
github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=
github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl
'')
]
Declared by:
<nixpkgs/nixos/modules/programs/ssh.nix>
|
programs.ssh.macsSpecifies the MAC (message authentication code) algorithms in order of preference. The MAC algorithm is used for data integrity protection.
Type: null or (list of string)
Default: null
Example:
[ "hmac-sha2-512-etm@openssh.com" "hmac-sha1" ]
Declared by:
<nixpkgs/nixos/modules/programs/ssh.nix>
|
programs.ssh.pubkeyAcceptedKeyTypesSpecifies the key types that will be used for public key authentication.
Type: list of string
Default: [ ]
Example:
[ "ssh-ed25519" "ssh-rsa" ]
Declared by:
<nixpkgs/nixos/modules/programs/ssh.nix>
|
programs.ssh.setXAuthLocationWhether to set the path to xauth for X11-forwarded connections. This causes a dependency on X11 packages.
Type: boolean
Declared by:
<nixpkgs/nixos/modules/programs/ssh.nix>
|
programs.ssh.startAgentWhether to start the OpenSSH agent when you log in. The OpenSSH agent remembers private keys for you so that you don't have to type in passphrases every time you make an SSH connection. Use ssh-add to add a key to the agent.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/ssh.nix>
|
programs.starship.enableWhether to enable the Starship shell prompt.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/starship.nix>
|
programs.starship.settingsConfiguration included in starship.toml.
See https://starship.rs/config/#prompt for documentation.
Type: TOML value
Default: { }
Declared by:
<nixpkgs/nixos/modules/programs/starship.nix>
|
programs.steam.enableWhether to enable steam.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/steam.nix>
|
programs.steam.packagesteam package to use.
Type: package
Default:
pkgs.steam.override {
extraLibraries = pkgs: with config.hardware.opengl;
if pkgs.hostPlatform.is64bit
then [ package ] ++ extraPackages
else [ package32 ] ++ extraPackages32;
}
Declared by:
<nixpkgs/nixos/modules/programs/steam.nix>
|
programs.steam.dedicatedServer.openFirewallOpen ports in the firewall for Source Dedicated Server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/steam.nix>
|
programs.steam.remotePlay.openFirewallOpen ports in the firewall for Steam Remote Play.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/steam.nix>
|
programs.streamdeck-ui.enableWhether to enable streamdeck-ui.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/streamdeck-ui.nix>
|
programs.streamdeck-ui.packageThe streamdeck-ui package to use.
Type: package
Default: pkgs.streamdeck-ui
Declared by:
<nixpkgs/nixos/modules/programs/streamdeck-ui.nix>
|
programs.streamdeck-ui.autoStartWhether streamdeck-ui should be started automatically.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/programs/streamdeck-ui.nix>
|
programs.sway.enableWhether to enable Sway, the i3-compatible tiling Wayland compositor. You can manually launch Sway by executing "exec sway" on a TTY. Copy /etc/sway/config to ~/.config/sway/config to modify the default configuration. See https://github.com/swaywm/sway/wiki and "man 5 sway" for more information.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/sway.nix>
|
programs.sway.extraOptionsCommand line arguments passed to launch Sway. Please DO NOT report issues if you use an unsupported GPU (proprietary drivers).
Type: list of string
Default: [ ]
Example:
[ "--verbose" "--debug" "--unsupported-gpu" ]
Declared by:
<nixpkgs/nixos/modules/programs/sway.nix>
|
programs.sway.extraPackagesExtra packages to be installed system wide. See https://github.com/swaywm/sway/wiki/Useful-add-ons-for-sway and https://github.com/swaywm/sway/wiki/i3-Migration-Guide#common-x11-apps-used-on-i3-with-wayland-alternatives for a list of useful software.
Type: list of package
Default:
with pkgs; [ swaylock swayidle foot dmenu ];
Example:
with pkgs; [ i3status i3status-rust termite rofi light ]
Declared by:
<nixpkgs/nixos/modules/programs/sway.nix>
|
programs.sway.extraSessionCommandsShell commands executed just before Sway is started. See https://github.com/swaywm/sway/wiki/Running-programs-natively-under-wayland and https://github.com/swaywm/wlroots/blob/master/docs/env_vars.md for some useful environment variables.
Type: strings concatenated with "\n"
Default: ""
Example:
'' # SDL: export SDL_VIDEODRIVER=wayland # QT (needs qt5.qtwayland in systemPackages): export QT_QPA_PLATFORM=wayland-egl export QT_WAYLAND_DISABLE_WINDOWDECORATION="1" # Fix for some Java AWT applications (e.g. Android Studio), # use this if they aren't displayed properly: export _JAVA_AWT_WM_NONREPARENTING=1 ''
Declared by:
<nixpkgs/nixos/modules/programs/sway.nix>
|
programs.sway.wrapperFeaturesAttribute set of features to enable in the wrapper.
Type: submodule
Default: { }
Example:
{
gtk = true;
}Declared by:
<nixpkgs/nixos/modules/programs/sway.nix>
|
programs.sway.wrapperFeatures.baseWhether to make use of the base wrapper to execute extra session commands and prepend a dbus-run-session to the sway command.
Type: boolean
Default: true
Example: false
Declared by:
<nixpkgs/nixos/modules/programs/sway.nix>
|
programs.sway.wrapperFeatures.gtkWhether to make use of the wrapGAppsHook wrapper to execute sway with required environment variables for GTK applications.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/sway.nix>
|
programs.sysdig.enableWhether to enable sysdig.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/sysdig.nix>
|
programs.system-config-printer.enableWhether to enable system-config-printer, a Graphical user interface for CUPS administration.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/system-config-printer.nix>
|
programs.systemtap.enableInstall systemtap along with necessary kernel options.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/systemtap.nix>
|
programs.thefuck.enableWhether to enable thefuck.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/thefuck.nix>
|
programs.thefuck.aliasthefuck needs an alias to be configured.
The default value is fuck, but you can use anything else as well.
Type: string
Default: "fuck"
Declared by:
<nixpkgs/nixos/modules/programs/thefuck.nix>
|
programs.thunar.enableWhether to enable Thunar, the Xfce file manager.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/thunar.nix>
|
programs.thunar.pluginsList of thunar plugins to install.
Type: list of package
Default: [ ]
Example: with pkgs.xfce; [ thunar-archive-plugin thunar-volman ]
Declared by:
<nixpkgs/nixos/modules/programs/thunar.nix>
|
programs.tmux.enableWhenever to configure tmux system-wide.
Type: boolean
Default: false
Related packages:
Declared by:
<nixpkgs/nixos/modules/programs/tmux.nix>
|
programs.tmux.aggressiveResizeResize the window to the size of the smallest session for which it is the current window.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/tmux.nix>
|
programs.tmux.baseIndexBase index for windows and panes.
Type: signed integer
Default: 0
Example: 1
Declared by:
<nixpkgs/nixos/modules/programs/tmux.nix>
|
programs.tmux.clock24Use 24 hour clock.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/tmux.nix>
|
programs.tmux.customPaneNavigationAndResizeOverride the hjkl and HJKL bindings for pane navigation and resizing in VI mode.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/tmux.nix>
|
programs.tmux.escapeTimeTime in milliseconds for which tmux waits after an escape is input.
Type: signed integer
Default: 500
Example: 0
Declared by:
<nixpkgs/nixos/modules/programs/tmux.nix>
|
programs.tmux.extraConfigAdditional contents of /etc/tmux.conf
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/programs/tmux.nix>
|
programs.tmux.historyLimitMaximum number of lines held in window history.
Type: signed integer
Default: 2000
Example: 5000
Declared by:
<nixpkgs/nixos/modules/programs/tmux.nix>
|
programs.tmux.keyModeVI or Emacs style shortcuts.
Type: one of "emacs", "vi"
Default: "emacs"
Example: "vi"
Declared by:
<nixpkgs/nixos/modules/programs/tmux.nix>
|
programs.tmux.newSessionAutomatically spawn a session if trying to attach and none are running.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/tmux.nix>
|
programs.tmux.pluginsList of plugins to install.
Type: list of package
Default: [ ]
Example: [ pkgs.tmuxPlugins.nord ]
Declared by:
<nixpkgs/nixos/modules/programs/tmux.nix>
|
programs.tmux.resizeAmountNumber of lines/columns when resizing.
Type: signed integer
Default: 5
Example: 10
Declared by:
<nixpkgs/nixos/modules/programs/tmux.nix>
|
programs.tmux.reverseSplitReverse the window split shortcuts.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/tmux.nix>
|
programs.tmux.secureSocketStore tmux socket under /run, which is more secure than /tmp, but as a downside it doesn't survive user logout.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/programs/tmux.nix>
|
programs.tmux.shortcutCtrl following by this key is used as the main shortcut.
Type: string
Default: "b"
Example: "a"
Declared by:
<nixpkgs/nixos/modules/programs/tmux.nix>
|
programs.tmux.terminalSet the $TERM variable.
Type: string
Default: "screen"
Example: "screen-256color"
Declared by:
<nixpkgs/nixos/modules/programs/tmux.nix>
|
programs.tmux.withUtempterWhether to enable libutempter for tmux.
This is required so that tmux can write to /var/run/utmp (which can be queried with who to display currently connected user sessions).
Note, this will add a guid wrapper for the group utmp!
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/programs/tmux.nix>
|
programs.traceroute.enableWhether to configure a setcap wrapper for traceroute.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/traceroute.nix>
|
programs.tsmClient.enableWhether to enable IBM Spectrum Protect (Tivoli Storage Manager, TSM) client command line applications with a client system-options file "dsm.sys" .
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/tsm-client.nix>
|
programs.tsmClient.packageThe TSM client derivation to be
added to the system environment.
It will be used with .override
to add paths to the client system-options file.
Type: package
Default: pkgs.tsm-client
Example: pkgs.tsm-client-withGui
Declared by:
<nixpkgs/nixos/modules/programs/tsm-client.nix>
|
programs.tsmClient.defaultServernameIf multiple server stanzas are declared with
programs.tsmClient.servers,
this option may be used to name a default
server stanza that IBM TSM uses in the absence of
a user-defined dsm.opt file.
This option translates to a
defaultserver configuration line.
Type: null or string matching the pattern .{1,64}
Default: null
Example: "mainTsmServer"
Declared by:
<nixpkgs/nixos/modules/programs/tsm-client.nix>
|
programs.tsmClient.dsmSysTextThis configuration key contains the effective text of the client system-options file "dsm.sys". It should not be changed, but may be used to feed the configuration into other TSM-depending packages used on the system.
Type: strings concatenated with "\n" (read only)
Declared by:
<nixpkgs/nixos/modules/programs/tsm-client.nix>
|
programs.tsmClient.serversServer definitions ("stanzas") for the client system-options file.
Type: attribute set of (submodule)
Default: { }
Example:
{
mainTsmServer = {
extraConfig = {
compression = "yes";
};
node = "MY-TSM-NODE";
server = "tsmserver.company.com";
};
}Declared by:
<nixpkgs/nixos/modules/programs/tsm-client.nix>
|
programs.tsmClient.servers.<name>.extraConfigAdditional key-value pairs for the server stanza.
Values must be strings, or null
for the key not to be used in the stanza
(e.g. to overrule values generated by other options).
Type: attribute set of (null or string)
Default: { }
Example:
{
compression = "yes";
passwordaccess = null;
}Declared by:
<nixpkgs/nixos/modules/programs/tsm-client.nix>
|
programs.tsmClient.servers.<name>.genPasswdWhether to enable automatic client password generation.
This option influences the
passwordaccess
directive in dsm.sys.
The password will be stored in the directory
given by the option passwdDir.
Caution:
If this option is enabled and the server forces
to renew the password (e.g. on first connection),
a random password will be generated and stored
.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/tsm-client.nix>
|
programs.tsmClient.servers.<name>.includeExcludeinclude.* and
exclude.* directives to be
used when sending files to the IBM TSM server.
The lines will be written into a file that the
inclexcl
directive in dsm.sys points to.
Type: strings concatenated with "\n"
Default: ""
Example:
'' exclude.dir /nix/store include.encrypt /home/.../* ''
Declared by:
<nixpkgs/nixos/modules/programs/tsm-client.nix>
|
programs.tsmClient.servers.<name>.nameLocal name of the IBM TSM server,
must be uncapitalized and no longer than 64 chars.
The value will be used for the
server
directive in dsm.sys.
Type: string matching the pattern .{1,64}
Example: "mainTsmServer"
Declared by:
<nixpkgs/nixos/modules/programs/tsm-client.nix>
|
programs.tsmClient.servers.<name>.nodeTarget node name on the IBM TSM server.
The value will be used for the
nodename
directive in dsm.sys.
Type: non-empty string
Example: "MY-TSM-NODE"
Declared by:
<nixpkgs/nixos/modules/programs/tsm-client.nix>
|
programs.tsmClient.servers.<name>.passwdDirDirectory that holds the TSM
node's password information.
The value will be used for the
passworddir
directive in dsm.sys.
Type: path
Example: "/home/alice/tsm-password"
Declared by:
<nixpkgs/nixos/modules/programs/tsm-client.nix>
|
programs.tsmClient.servers.<name>.portTCP port of the IBM TSM server.
The value will be used for the
tcpport
directive in dsm.sys.
TSM does not support ports above 32767.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 1500
Declared by:
<nixpkgs/nixos/modules/programs/tsm-client.nix>
|
programs.tsmClient.servers.<name>.serverHost/domain name or IP address of the IBM TSM server.
The value will be used for the
tcpserveraddress
directive in dsm.sys.
Type: non-empty string
Example: "tsmserver.company.com"
Declared by:
<nixpkgs/nixos/modules/programs/tsm-client.nix>
|
programs.tsmClient.servers.<name>.textAdditional text lines for the server stanza.
This option can be used if certion configuration keys
must be used multiple times or ordered in a certain way
as the extraConfig option can't
control the order of lines in the resulting stanza.
Note that the server
line at the beginning of the stanza is
not part of this option's value.
Type: strings concatenated with "\n"
Example: lib.modules.mkAfter "compression no"
Declared by:
<nixpkgs/nixos/modules/programs/tsm-client.nix>
|
programs.tsmClient.wrappedPackageThe TSM client derivation, wrapped with the path to the client system-options file "dsm.sys". This option is to provide the effective derivation for other modules that want to call TSM executables.
Type: package (read only)
Declared by:
<nixpkgs/nixos/modules/programs/tsm-client.nix>
|
programs.turbovnc.ensureHeadlessSoftwareOpenGLWhether to set up NixOS such that TurboVNC's built-in software OpenGL implementation works.
This will enable hardware.opengl.enable so that OpenGL
programs can find Mesa's llvmpipe drivers.
Setting this option to false does not mean that software
OpenGL won't work; it may still work depending on your system
configuration.
This option is also intended to generate warnings if you are using some configuration that's incompatible with using headless software OpenGL in TurboVNC.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/turbovnc.nix>
|
programs.udevil.enableWhether to enable udevil.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/udevil.nix>
|
programs.usbtop.enableWhether to enable usbtop and required kernel module.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/usbtop.nix>
|
programs.vim.packagevim package to use.
Type: package
Default: pkgs.vim
Example: pkgs.vim-full
Declared by:
<nixpkgs/nixos/modules/programs/vim.nix>
|
programs.vim.defaultEditorWhen enabled, installs vim and configures vim to be the default editor using the EDITOR environment variable.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/vim.nix>
|
programs.wavemon.enableWhether to add wavemon to the global environment and configure a setcap wrapper for it.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/wavemon.nix>
|
programs.waybar.enableWhether to enable waybar.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/waybar.nix>
|
programs.weylus.enableWhether to enable weylus.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/weylus.nix>
|
programs.weylus.packageWeylus package to install.
Type: package
Default: pkgs.weylus
Declared by:
<nixpkgs/nixos/modules/programs/weylus.nix>
|
programs.weylus.openFirewallOpen ports needed for the functionality of the program.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/weylus.nix>
|
programs.weylus.usersTo enable stylus and multi-touch support, the user you're going to use must be added to this list. These users can synthesize input events system-wide, even when another user is logged in - untrusted users should not be added.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/programs/weylus.nix>
|
programs.wireshark.enableWhether to add Wireshark to the global environment and configure a setcap wrapper for 'dumpcap' for users in the 'wireshark' group.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/wireshark.nix>
|
programs.wireshark.packageWhich Wireshark package to install in the global environment.
Type: package
Default: pkgs.wireshark-cli
Declared by:
<nixpkgs/nixos/modules/programs/wireshark.nix>
|
programs.wshowkeys.enableWhether to enable wshowkeys (displays keypresses on screen on supported Wayland compositors). It requires root permissions to read input events, but these permissions are dropped after startup.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/wshowkeys.nix>
|
programs.xfconf.enableWhether to enable Xfconf, the Xfce configuration storage system.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/xfconf.nix>
|
programs.xfs_quota.projectsSetup of xfs_quota projects. Make sure the filesystem is mounted with the pquota option.
Type: attribute set of (submodule)
Default: { }
Example:
{
projname = {
id = 50;
path = "/xfsprojects/projname";
sizeHardLimit = "50g";
};
}Declared by:
<nixpkgs/nixos/modules/programs/xfs_quota.nix>
|
programs.xfs_quota.projects.<name>.fileSystemXFS filesystem hosting the xfs_quota project.
Type: string
Default: "/"
Declared by:
<nixpkgs/nixos/modules/programs/xfs_quota.nix>
|
programs.xfs_quota.projects.<name>.idProject ID.
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/programs/xfs_quota.nix>
|
programs.xfs_quota.projects.<name>.pathProject directory.
Type: string
Declared by:
<nixpkgs/nixos/modules/programs/xfs_quota.nix>
|
programs.xfs_quota.projects.<name>.sizeHardLimitHard limit of the project size.
Type: null or string
Default: null
Example: "50g"
Declared by:
<nixpkgs/nixos/modules/programs/xfs_quota.nix>
|
programs.xfs_quota.projects.<name>.sizeSoftLimitSoft limit of the project size
Type: null or string
Default: null
Example: "30g"
Declared by:
<nixpkgs/nixos/modules/programs/xfs_quota.nix>
|
programs.xonsh.enableWhether to configure xonsh as an interactive shell.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/xonsh.nix>
|
programs.xonsh.packagexonsh package to use.
Type: package
Default: pkgs.xonsh
Example: pkgs.xonsh.override { configFile = "/path/to/xonshrc"; }
Declared by:
<nixpkgs/nixos/modules/programs/xonsh.nix>
|
programs.xonsh.configControl file to customize your shell behavior.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/programs/xonsh.nix>
|
programs.xss-lock.enableWhether to enable xss-lock.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/xss-lock.nix>
|
programs.xss-lock.extraOptionsAdditional command-line arguments to pass to xss-lock.
Type: list of string
Default: [ ]
Example:
[ "--ignore-sleep" ]
Declared by:
<nixpkgs/nixos/modules/programs/xss-lock.nix>
|
programs.xss-lock.lockerCommandLocker to be used with xsslock
Type: strings concatenated with " "
Default: "${pkgs.i3lock}/bin/i3lock"
Example: "${pkgs.i3lock-fancy}/bin/i3lock-fancy"
Declared by:
<nixpkgs/nixos/modules/programs/xss-lock.nix>
|
programs.xwayland.enableWhether to enable Xwayland (an X server for interfacing X11 apps with the Wayland protocol).
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/xwayland.nix>
|
programs.xwayland.packageThe Xwayland package to use.
Type: path
Default:
pkgs.xwayland.override (oldArgs: {
inherit (config.programs.xwayland) defaultFontPath;
})
Declared by:
<nixpkgs/nixos/modules/programs/xwayland.nix>
|
programs.xwayland.defaultFontPathDefault font path. Setting this option causes Xwayland to be rebuilt.
Type: string
Default:
optionalString config.fonts.fontDir.enable "/run/current-system/sw/share/X11/fonts"
Declared by:
<nixpkgs/nixos/modules/programs/xwayland.nix>
|
programs.yabar.enableWhether to enable yabar.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/yabar.nix>
|
programs.yabar.packageThe package which contains the yabar binary.
Nixpkgs provides the yabar and yabar-unstable
derivations since 18.03, so it's possible to choose.
Type: package
Default: pkgs.yabar-unstable
Example: pkgs.yabar
Declared by:
<nixpkgs/nixos/modules/programs/yabar.nix>
|
programs.yabar.barsList of bars that should be rendered by yabar.
Type: attribute set of (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/programs/yabar.nix>
|
programs.yabar.bars.<name>.extraAn attribute set which contains further attributes of a bar.
Type: attribute set of string
Default: { }
Declared by:
<nixpkgs/nixos/modules/programs/yabar.nix>
|
programs.yabar.bars.<name>.fontThe font that will be used to draw the status bar.
Type: string
Default: "sans bold 9"
Example: "Droid Sans, FontAwesome Bold 9"
Declared by:
<nixpkgs/nixos/modules/programs/yabar.nix>
|
programs.yabar.bars.<name>.indicatorsIndicators that should be rendered by yabar.
Type: attribute set of (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/programs/yabar.nix>
|
programs.yabar.bars.<name>.indicators.<name>.alignWhether to align the indicator at the left or right of the bar.
Type: one of "left", "center", "right"
Default: "left"
Example: "right"
Declared by:
<nixpkgs/nixos/modules/programs/yabar.nix>
|
programs.yabar.bars.<name>.indicators.<name>.execThe type of the indicator to be executed.
Type: string
Example: "YABAR_DATE"
Declared by:
<nixpkgs/nixos/modules/programs/yabar.nix>
|
programs.yabar.bars.<name>.indicators.<name>.extraAn attribute set which contains further attributes of a indicator.
Type: attribute set of (string or signed integer)
Default: { }
Declared by:
<nixpkgs/nixos/modules/programs/yabar.nix>
|
programs.yabar.bars.<name>.positionThe position where the bar will be rendered.
Type: one of "top", "bottom"
Default: "top"
Example: "bottom"
Declared by:
<nixpkgs/nixos/modules/programs/yabar.nix>
|
programs.zmap.enableWhether to enable ZMap.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/zmap.nix>
|
programs.zsh.enableWhether to configure zsh as an interactive shell. To enable zsh for
a particular user, use the users.users.<name?>.shell
option for that user. To enable zsh system-wide use the
users.defaultUserShell option.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/zsh/zsh.nix>
|
programs.zsh.enableBashCompletionEnable compatibility with bash's programmable completion system.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/zsh/zsh.nix>
|
programs.zsh.enableCompletionEnable zsh completion for all interactive zsh shells.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/programs/zsh/zsh.nix>
|
programs.zsh.enableGlobalCompInitEnable execution of compinit call for all interactive zsh shells.
This option can be disabled if the user wants to extend its
fpath and a custom compinit
call in the local config is required.
Type: boolean
Default: config.programs.zsh.enableCompletion
Declared by:
<nixpkgs/nixos/modules/programs/zsh/zsh.nix>
|
programs.zsh.autosuggestions.enableWhether to enable zsh-autosuggestions.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/zsh/zsh-autosuggestions.nix>
|
programs.zsh.autosuggestions.asyncWhether to fetch suggestions asynchronously
Type: boolean
Default: true
Example: false
Declared by:
<nixpkgs/nixos/modules/programs/zsh/zsh-autosuggestions.nix>
|
programs.zsh.autosuggestions.extraConfigAttribute set with additional configuration values
Type: attribute set of string
Default: { }
Example:
{
"ZSH_AUTOSUGGEST_BUFFER_MAX_SIZE" = "20";
}
Declared by:
<nixpkgs/nixos/modules/programs/zsh/zsh-autosuggestions.nix>
|
programs.zsh.autosuggestions.highlightStyleHighlight style for suggestions ({fore,back}ground color)
Type: string
Default: "fg=8"
Example: "fg=cyan"
Declared by:
<nixpkgs/nixos/modules/programs/zsh/zsh-autosuggestions.nix>
|
programs.zsh.autosuggestions.strategyZSH_AUTOSUGGEST_STRATEGY is an array that specifies how suggestions should be generated.
The strategies in the array are tried successively until a suggestion is found.
There are currently three built-in strategies to choose from:
history: Chooses the most recent match from history.
completion: Chooses a suggestion based on what tab-completion would suggest. (requires zpty module)
match_prev_cmd: Like history, but chooses the most recent match whose preceding history item matches
the most recently executed command. Note that this strategy won't work as expected with ZSH options that
don't preserve the history order such as HIST_IGNORE_ALL_DUPS or HIST_EXPIRE_DUPS_FIRST.
Type: list of (one of "history", "completion", "match_prev_cmd")
Default:
[ "history" ]
Declared by:
<nixpkgs/nixos/modules/programs/zsh/zsh-autosuggestions.nix>
|
programs.zsh.histFileChange history file.
Type: string
Default: "$HOME/.zsh_history"
Declared by:
<nixpkgs/nixos/modules/programs/zsh/zsh.nix>
|
programs.zsh.histSizeChange history size.
Type: signed integer
Default: 2000
Declared by:
<nixpkgs/nixos/modules/programs/zsh/zsh.nix>
|
programs.zsh.interactiveShellInitShell script code called during interactive zsh shell initialisation.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/programs/zsh/zsh.nix>
|
programs.zsh.loginShellInitShell script code called during zsh login shell initialisation.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/programs/zsh/zsh.nix>
|
programs.zsh.ohMyZsh.enableEnable oh-my-zsh.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/zsh/oh-my-zsh.nix>
|
programs.zsh.ohMyZsh.packagePackage to install for oh-my-zsh usage.
Type: package
Default: pkgs.oh-my-zsh
Declared by:
<nixpkgs/nixos/modules/programs/zsh/oh-my-zsh.nix>
|
programs.zsh.ohMyZsh.cacheDirCache directory to be used by oh-my-zsh.
Without this option it would default to the read-only nix store.
Type: string
Default: "$HOME/.cache/oh-my-zsh"
Declared by:
<nixpkgs/nixos/modules/programs/zsh/oh-my-zsh.nix>
|
programs.zsh.ohMyZsh.customPath to a custom oh-my-zsh package to override config of oh-my-zsh.
(Can't be used along with customPkgs).
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/programs/zsh/oh-my-zsh.nix>
|
programs.zsh.ohMyZsh.customPkgsList of custom packages that should be loaded into oh-my-zsh.
Type: list of package
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/programs/zsh/oh-my-zsh.nix>
|
programs.zsh.ohMyZsh.pluginsList of oh-my-zsh plugins
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/programs/zsh/oh-my-zsh.nix>
|
programs.zsh.ohMyZsh.themeName of the theme to be used by oh-my-zsh.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/programs/zsh/oh-my-zsh.nix>
|
programs.zsh.promptInitShell script code used to initialise the zsh prompt.
Type: strings concatenated with "\n"
Default:
'' # Note that to manually override this in ~/.zshrc you should run `prompt off` # before setting your PS1 and etc. Otherwise this will likely to interact with # your ~/.zshrc configuration in unexpected ways as the default prompt sets # a lot of different prompt variables. autoload -U promptinit && promptinit && prompt suse && setopt prompt_sp ''
Declared by:
<nixpkgs/nixos/modules/programs/zsh/zsh.nix>
|
programs.zsh.setOptionsConfigure zsh options. See zshoptions(1).
Type: list of string
Default:
[ "HIST_IGNORE_DUPS" "SHARE_HISTORY" "HIST_FCNTL_LOCK" ]
Example:
[ "EXTENDED_HISTORY" "RM_STAR_WAIT" ]
Declared by:
<nixpkgs/nixos/modules/programs/zsh/zsh.nix>
|
programs.zsh.shellAliasesSet of aliases for zsh shell, which overrides environment.shellAliases.
See environment.shellAliases for an option format description.
Type: attribute set of (null or string or path)
Default: { }
Declared by:
<nixpkgs/nixos/modules/programs/zsh/zsh.nix>
|
programs.zsh.shellInitShell script code called during zsh shell initialisation.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/programs/zsh/zsh.nix>
|
programs.zsh.syntaxHighlighting.enableWhether to enable zsh-syntax-highlighting.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/zsh/zsh-syntax-highlighting.nix>
|
programs.zsh.syntaxHighlighting.highlightersSpecifies the highlighters to be used by zsh-syntax-highlighting.
The following defined options can be found here: https://github.com/zsh-users/zsh-syntax-highlighting/blob/master/docs/highlighters.md
Type: list of (one of "main", "brackets", "pattern", "cursor", "root", "line")
Default:
[ "main" ]
Declared by:
<nixpkgs/nixos/modules/programs/zsh/zsh-syntax-highlighting.nix>
|
programs.zsh.syntaxHighlighting.patternsSpecifies custom patterns to be highlighted by zsh-syntax-highlighting.
Please refer to the docs for more information about the usage: https://github.com/zsh-users/zsh-syntax-highlighting/blob/master/docs/highlighters/pattern.md
Type: attribute set of string
Default: { }
Example:
{
"rm -rf *" = "fg=white,bold,bg=red";
}
Declared by:
<nixpkgs/nixos/modules/programs/zsh/zsh-syntax-highlighting.nix>
|
programs.zsh.syntaxHighlighting.stylesSpecifies custom styles to be highlighted by zsh-syntax-highlighting.
Please refer to the docs for more information about the usage: https://github.com/zsh-users/zsh-syntax-highlighting/blob/master/docs/highlighters/main.md
Type: attribute set of string
Default: { }
Example:
{
"alias" = "fg=magenta,bold";
}
Declared by:
<nixpkgs/nixos/modules/programs/zsh/zsh-syntax-highlighting.nix>
|
programs.zsh.vteIntegrationWhether to enable Zsh integration for VTE terminals. This allows it to preserve the current directory of the shell across terminals.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/config/vte.nix>
|
programs.zsh.zsh-autoenv.enableWhether to enable zsh-autoenv.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/programs/zsh/zsh-autoenv.nix>
|
programs.zsh.zsh-autoenv.packagePackage to install for zsh-autoenv usage.
Type: package
Default: pkgs.zsh-autoenv
Declared by:
<nixpkgs/nixos/modules/programs/zsh/zsh-autoenv.nix>
|
qt5.enableWhether to enable Qt5 theming configuration.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/config/qt5.nix>
|
qt5.platformThemeSelects the platform theme to use for Qt5 applications.
The options are
gtk: Use GTK theme with qtstyleplugins
gnome: Use GNOME theme with qgnomeplatform
lxqt: Use LXQt style set using the lxqt-config-appearance
application.
qt5ct: Use Qt style set using the qt5ct
application.
kde: Use Qt settings from Plasma.
Type: one of "gtk2", "gnome", "lxqt", "qt5ct", "kde"
Example: "gnome"
Related packages:
Declared by:
<nixpkgs/nixos/modules/config/qt5.nix>
|
qt5.styleSelects the style to use for Qt5 applications.
The options are
adwaita, adwaita-dark: Use Adwaita Qt style with
adwaita
cleanlooks, gtk2, motif, plastique: Use styles from
qtstyleplugins
Type: one of "adwaita", "adwaita-dark", "cleanlooks", "gtk2", "motif", "plastique"
Example: "adwaita"
Related packages:
Declared by:
<nixpkgs/nixos/modules/config/qt5.nix>
|
security.acme.acceptTermsAccept the CA's terms of service. The default provider is Let's Encrypt, you can find their ToS at https://letsencrypt.org/repository/.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.certsAttribute set of certificates to get signed and renewed. Creates
acme-${cert}.{service,timer} systemd units for
each certificate defined here. Other services can add dependencies
to those units if they rely on the certificates being present,
or trigger restarts of the service if certificates get renewed.
Type: attribute set of (submodule)
Default: { }
Example:
{
"example.com" = {
webroot = "/var/lib/acme/acme-challenge/";
email = "foo@example.com";
extraDomainNames = [ "www.example.com" "foo.example.com" ];
};
"bar.example.com" = {
webroot = "/var/lib/acme/acme-challenge/";
email = "bar@example.com";
};
}
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.certs.<name>.enableDebugLogsWhether to enable debug logging for this certificate.
Type: boolean
Default: config.security.acme.defaults.enableDebugLogs
Example: true
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.certs.<name>.credentialsFilePath to an EnvironmentFile for the cert's service containing any required and optional environment variables for your selected dnsProvider. To find out what values you need to set, consult the documentation at https://go-acme.github.io/lego/dns/ for the corresponding dnsProvider.
Type: path
Default: config.security.acme.defaults.credentialsFile
Example: "/var/src/secrets/example.org-route53-api-token"
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.certs.<name>.directoryDirectory where certificate and other state is stored.
Type: string (read only)
Default: "/var/lib/acme/‹name›"
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.certs.<name>.dnsPropagationCheckToggles lego DNS propagation check, which is used alongside DNS-01 challenge to ensure the DNS entries required are available.
Type: boolean
Default: config.security.acme.defaults.dnsPropagationCheck
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.certs.<name>.dnsProviderDNS Challenge provider. For a list of supported providers, see the "code" field of the DNS providers listed at https://go-acme.github.io/lego/dns/.
Type: null or string
Default: config.security.acme.defaults.dnsProvider
Example: "route53"
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.certs.<name>.dnsResolverSet the resolver to use for performing recursive DNS queries. Supported: host:port. The default is to use the system resolvers, or Google's DNS resolvers if the system's cannot be determined.
Type: null or string
Default: config.security.acme.defaults.dnsResolver
Example: "1.1.1.1:53"
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.certs.<name>.domainDomain to fetch certificate for (defaults to the entry name).
Type: string
Default: "‹name›"
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.certs.<name>.emailEmail address for account creation and correspondence from the CA. It is recommended to use the same email for all certs to avoid account creation limits.
Type: string
Default: config.security.acme.defaults.email
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.certs.<name>.extraDomainNamesA list of extra domain names, which are included in the one certificate to be issued.
Type: list of string
Default: [ ]
Example:
[ "example.org" "mydomain.org" ]
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.certs.<name>.extraLegoFlagsAdditional global flags to pass to all lego commands.
Type: list of string
Default: config.security.acme.defaults.extraLegoFlags
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.certs.<name>.extraLegoRenewFlagsAdditional flags to pass to lego renew.
Type: list of string
Default: config.security.acme.defaults.extraLegoRenewFlags
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.certs.<name>.extraLegoRunFlagsAdditional flags to pass to lego run.
Type: list of string
Default: config.security.acme.defaults.extraLegoRunFlags
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.certs.<name>.groupGroup running the ACME client.
Type: string
Default: config.security.acme.defaults.group
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.certs.<name>.inheritDefaultsWhether to inherit values set in security.acme.defaults or not.
Type: boolean
Default: true
Example: true
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.certs.<name>.keyTypeKey type to use for private keys. For an up to date list of supported values check the --key-type option at https://go-acme.github.io/lego/usage/cli/#usage.
Type: string
Default: config.security.acme.defaults.keyType
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.certs.<name>.listenHTTPInterface and port to listen on to solve HTTP challenges in the form [INTERFACE]:PORT. If you use a port other than 80, you must proxy port 80 to this port.
Type: null or string
Default: null
Example: ":1360"
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.certs.<name>.ocspMustStapleTurns on the OCSP Must-Staple TLS extension. Make sure you know what you're doing! See:
Type: boolean
Default: config.security.acme.defaults.ocspMustStaple
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.certs.<name>.postRunCommands to run after new certificates go live. Note that these commands run as the root user.
Executed in the same directory with the new certificate.
Type: strings concatenated with "\n"
Default: config.security.acme.defaults.postRun
Example: "cp full.pem backup.pem"
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.certs.<name>.reloadServicesThe list of systemd services to call systemctl try-reload-or-restart
on.
Type: list of string
Default: config.security.acme.defaults.reloadServices
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.certs.<name>.renewIntervalSystemd calendar expression when to check for renewal. See systemd.time(7).
Type: string
Default: config.security.acme.defaults.renewInterval
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.certs.<name>.serverACME Directory Resource URI. Defaults to Let's Encrypt's production endpoint, https://acme-v02.api.letsencrypt.org/directory, if unset.
Type: null or string
Default: config.security.acme.defaults.server
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.certs.<name>.validMinDaysMinimum remaining validity before renewal in days.
Type: signed integer
Default: config.security.acme.defaults.validMinDays
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.certs.<name>.webrootWhere the webroot of the HTTP vhost is located.
.well-known/acme-challenge/ directory
will be created below the webroot if it doesn't exist.
http://example.org/.well-known/acme-challenge/ must also
be available (notice unencrypted HTTP).
Type: null or string
Default: config.security.acme.defaults.webroot
Example: "/var/lib/acme/acme-challenge"
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.defaultsDefault values inheritable by all configured certs. You can use this to define options shared by all your certs. These defaults can also be ignored on a per-cert basis using the `security.acme.certs.${cert}.inheritDefaults' option.
Type: submodule
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.defaults.enableDebugLogsWhether to enable debug logging for this certificate.
Type: boolean
Default: true
Example: true
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.defaults.credentialsFilePath to an EnvironmentFile for the cert's service containing any required and optional environment variables for your selected dnsProvider. To find out what values you need to set, consult the documentation at https://go-acme.github.io/lego/dns/ for the corresponding dnsProvider.
Type: path
Default: null
Example: "/var/src/secrets/example.org-route53-api-token"
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.defaults.dnsPropagationCheckToggles lego DNS propagation check, which is used alongside DNS-01 challenge to ensure the DNS entries required are available.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.defaults.dnsProviderDNS Challenge provider. For a list of supported providers, see the "code" field of the DNS providers listed at https://go-acme.github.io/lego/dns/.
Type: null or string
Default: null
Example: "route53"
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.defaults.dnsResolverSet the resolver to use for performing recursive DNS queries. Supported: host:port. The default is to use the system resolvers, or Google's DNS resolvers if the system's cannot be determined.
Type: null or string
Default: null
Example: "1.1.1.1:53"
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.defaults.emailEmail address for account creation and correspondence from the CA. It is recommended to use the same email for all certs to avoid account creation limits.
Type: string
Default: null
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.defaults.extraLegoFlagsAdditional global flags to pass to all lego commands.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.defaults.extraLegoRenewFlagsAdditional flags to pass to lego renew.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.defaults.extraLegoRunFlagsAdditional flags to pass to lego run.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.defaults.groupGroup running the ACME client.
Type: string
Default: "acme"
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.defaults.keyTypeKey type to use for private keys. For an up to date list of supported values check the --key-type option at https://go-acme.github.io/lego/usage/cli/#usage.
Type: string
Default: "ec256"
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.defaults.ocspMustStapleTurns on the OCSP Must-Staple TLS extension. Make sure you know what you're doing! See:
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.defaults.postRunCommands to run after new certificates go live. Note that these commands run as the root user.
Executed in the same directory with the new certificate.
Type: strings concatenated with "\n"
Default: ""
Example: "cp full.pem backup.pem"
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.defaults.reloadServicesThe list of systemd services to call systemctl try-reload-or-restart
on.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.defaults.renewIntervalSystemd calendar expression when to check for renewal. See systemd.time(7).
Type: string
Default: "daily"
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.defaults.serverACME Directory Resource URI. Defaults to Let's Encrypt's production endpoint, https://acme-v02.api.letsencrypt.org/directory, if unset.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.defaults.validMinDaysMinimum remaining validity before renewal in days.
Type: signed integer
Default: 30
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.defaults.webrootWhere the webroot of the HTTP vhost is located.
.well-known/acme-challenge/ directory
will be created below the webroot if it doesn't exist.
http://example.org/.well-known/acme-challenge/ must also
be available (notice unencrypted HTTP).
Type: null or string
Default: null
Example: "/var/lib/acme/acme-challenge"
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.preliminarySelfsignedWhether a preliminary self-signed certificate should be generated before doing ACME requests. This can be useful when certificates are required in a webserver, but ACME needs the webserver to make its requests.
With preliminary self-signed certificate the webserver can be started and can later reload the correct ACME certificates.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.acme.useRootWhether to use the root user when generating certs. This is not recommended for security + compatibility reasons. If a service requires root owned certificates consider following the guide on "Using ACME with services demanding root owned certificates" in the NixOS manual, and only using this as a fallback or for testing.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/acme>
|
security.allowSimultaneousMultithreadingWhether to allow SMT/hyperthreading. Disabling SMT means that only physical CPU cores will be usable at runtime, potentially at significant performance cost.
The primary motivation for disabling SMT is to mitigate the risk of leaking data between threads running on the same CPU core (due to e.g., shared caches). This attack vector is unproven.
Disabling SMT is a supplement to the L1 data cache flushing mitigation
(see security.virtualisation.flushL1DataCache)
versus malicious VM guests (SMT could "bring back" previously flushed
data).
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/security/misc.nix>
|
security.allowUserNamespacesWhether to allow creation of user namespaces.
The motivation for disabling user namespaces is the potential presence of code paths where the kernel's permission checking logic fails to account for namespacing, instead permitting a namespaced process to act outside the namespace with the same privileges as it would have inside it. This is particularly damaging in the common case of running as root within the namespace.
When user namespace creation is disallowed, attempting to create a user namespace fails with "no space left on device" (ENOSPC). root may re-enable user namespace creation at runtime.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/security/misc.nix>
|
security.apparmor.enableWhether to enable the AppArmor Mandatory Access Control system.
If you're enabling this module on a running system, note that a reboot will be required to activate AppArmor in the kernel.
Also, beware that enabling this module privileges stability over security by not trying to kill unconfined but newly confinable running processes by default, though it would be needed because AppArmor can only confine new or already confined processes of an executable. This killing would for instance be necessary when upgrading to a NixOS revision introducing for the first time an AppArmor profile for the executable of a running process.
Enable security.apparmor.killUnconfinedConfinables
if you want this service to do such killing
by sending a SIGTERM to those running processes.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/security/apparmor.nix>
|
security.apparmor.enableCacheWhether to enable caching of AppArmor policies
in /var/cache/apparmor/.
Beware that AppArmor policies almost always contain Nix store paths, and thus produce at each change of these paths a new cached version accumulating in the cache.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/security/apparmor.nix>
|
security.apparmor.packagesList of packages to be added to AppArmor's include path
Type: list of package
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/security/apparmor.nix>
|
security.apparmor.includesList of paths to be added to AppArmor's searched paths
when resolving include directives.
Type: attribute set of strings concatenated with "\n"
Default: { }
Declared by:
<nixpkgs/nixos/modules/security/apparmor.nix>
|
security.apparmor.killUnconfinedConfinablesWhether to enable killing of processes which have an AppArmor profile enabled
(in security.apparmor.policies)
but are not confined (because AppArmor can only confine new processes).
This is only sending a gracious SIGTERM signal to the processes,
not a SIGKILL.
Beware that due to a current limitation of AppArmor, only profiles with exact paths (and no name) can enable such kills.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/security/apparmor.nix>
|
security.apparmor.policiesAppArmor policies.
Type: attribute set of (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/security/apparmor.nix>
|
security.apparmor.policies.<name>.enableWhether to enable loading of the profile into the kernel.
Type: boolean
Default: true
Example: false
Declared by:
<nixpkgs/nixos/modules/security/apparmor.nix>
|
security.apparmor.policies.<name>.enforceWhether to enable enforcing of the policy or only complain in the logs.
Type: boolean
Default: true
Example: false
Declared by:
<nixpkgs/nixos/modules/security/apparmor.nix>
|
security.apparmor.policies.<name>.profileThe policy of the profile.
Type: strings concatenated with "\n"
Declared by:
<nixpkgs/nixos/modules/security/apparmor.nix>
|
security.audit.enableWhether to enable the Linux audit system. The special `lock' value can be used to enable auditing and prevent disabling it until a restart. Be careful about locking this, as it will prevent you from changing your audit configuration until you restart. If possible, test your configuration using build-vm beforehand.
Type: one of false, true, "lock"
Default: false
Declared by:
<nixpkgs/nixos/modules/security/audit.nix>
|
security.audit.backlogLimitThe maximum number of outstanding audit buffers allowed; exceeding this is considered a failure and handled in a manner specified by failureMode.
Type: signed integer
Default: 64
Declared by:
<nixpkgs/nixos/modules/security/audit.nix>
|
security.audit.failureModeHow to handle critical errors in the auditing system
Type: one of "silent", "printk", "panic"
Default: "printk"
Declared by:
<nixpkgs/nixos/modules/security/audit.nix>
|
security.audit.rateLimitThe maximum messages per second permitted before triggering a failure as specified by failureMode. Setting it to zero disables the limit.
Type: signed integer
Default: 0
Declared by:
<nixpkgs/nixos/modules/security/audit.nix>
|
security.audit.rulesThe ordered audit rules, with each string appearing as one line of the audit.rules file.
Type: list of string
Default: [ ]
Example:
[ "-a exit,always -F arch=b64 -S execve" ]
Declared by:
<nixpkgs/nixos/modules/security/audit.nix>
|
security.auditd.enableWhether to enable the Linux Audit daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/security/auditd.nix>
|
security.chromiumSuidSandbox.enableWhether to install the Chromium SUID sandbox which is an executable that Chromium may use in order to achieve sandboxing.
If you get the error "The SUID sandbox helper binary was found, but is not configured correctly.", turning this on might help.
Also, if the URL chrome://sandbox tells you that "You are not adequately sandboxed!", turning this on might resolve the issue.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/chromium-suid-sandbox.nix>
|
security.dhparams.enableWhether to generate new DH params and clean up old DH params.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/dhparams.nix>
|
security.dhparams.defaultBitSizeThis allows to override the default bit size for all of the
Diffie-Hellman parameters set in
security.dhparams.params.
Type: integer of at least 16 bits
Default: 2048
Declared by:
<nixpkgs/nixos/modules/security/dhparams.nix>
|
security.dhparams.paramsDiffie-Hellman parameters to generate.
The value is the size (in bits) of the DH params to generate. The
generated DH params path can be found in
config.security.dhparams.params.«name».path.
The name of the DH params is taken as being the name of the service it serves and the params will be generated before the said service is started.
If you are removing all dhparams from this list, you
have to leave security.dhparams.enable for at
least one activation in order to have them be cleaned up. This also
means if you rollback to a version without any dhparams the
existing ones won't be cleaned up. Of course this only applies if
security.dhparams.stateful is
true.
For module implementers: It's recommended
to not set a specific bit size here, so that users can easily
override this by setting
security.dhparams.defaultBitSize.
Type: attribute set of ((submodule) or signed integer convertible to it)
Default: { }
Example: { nginx.bits = 3072; }
Declared by:
<nixpkgs/nixos/modules/security/dhparams.nix>
|
security.dhparams.params.<name>.bitsThe bit size for the prime that is used during a Diffie-Hellman key exchange.
Type: integer of at least 16 bits
Default: config.security.dhparams.defaultBitSize
Declared by:
<nixpkgs/nixos/modules/security/dhparams.nix>
|
security.dhparams.params.<name>.pathThe resulting path of the generated Diffie-Hellman parameters
file for other services to reference. This could be either a
store path or a file inside the directory specified by
security.dhparams.path.
Type: path (read only)
Declared by:
<nixpkgs/nixos/modules/security/dhparams.nix>
|
security.dhparams.pathPath to the directory in which Diffie-Hellman parameters will be
stored. This only is relevant if
security.dhparams.stateful is
true.
Type: string
Default: "/var/lib/dhparams"
Declared by:
<nixpkgs/nixos/modules/security/dhparams.nix>
|
security.dhparams.statefulWhether generation of Diffie-Hellman parameters should be stateful or
not. If this is enabled, PEM-encoded files for Diffie-Hellman
parameters are placed in the directory specified by
security.dhparams.path. Otherwise the files are
created within the Nix store.
If this is false the resulting store
path will be non-deterministic and will be rebuilt every time the
openssl package changes.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/security/dhparams.nix>
|
security.doas.enableWhether to enable the doas command, which allows non-root users to execute commands as root.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/doas.nix>
|
security.doas.extraConfigExtra configuration text appended to doas.conf.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/security/doas.nix>
|
security.doas.extraRulesDefine specific rules to be set in the
/etc/doas.conf file. More specific rules should
come after more general ones in order to yield the expected behavior.
You can use mkBefore and/or mkAfter to ensure
this is the case when configuration options are merged.
Type: list of (submodule)
Default: [ ]
Example:
[
# Allow execution of any command by any user in group doas, requiring
# a password and keeping any previously-defined environment variables.
{ groups = [ "doas" ]; noPass = false; keepEnv = true; }
# Allow execution of "/home/root/secret.sh" by user `backup` OR user
# `database` OR any member of the group with GID `1006`, without a
# password.
{ users = [ "backup" "database" ]; groups = [ 1006 ];
cmd = "/home/root/secret.sh"; noPass = true; }
# Allow any member of group `bar` to run `/home/baz/cmd1.sh` as user
# `foo` with argument `hello-doas`.
{ groups = [ "bar" ]; runAs = "foo";
cmd = "/home/baz/cmd1.sh"; args = [ "hello-doas" ]; }
# Allow any member of group `bar` to run `/home/baz/cmd2.sh` as user
# `foo` with no arguments.
{ groups = [ "bar" ]; runAs = "foo";
cmd = "/home/baz/cmd2.sh"; args = [ ]; }
# Allow user `abusers` to execute "nano" and unset the value of
# SSH_AUTH_SOCK, override the value of ALPHA to 1, and inherit the
# value of BETA from the current environment.
{ users = [ "abusers" ]; cmd = "nano";
setEnv = [ "-SSH_AUTH_SOCK" "ALPHA=1" "BETA" ]; }
]
Declared by:
<nixpkgs/nixos/modules/security/doas.nix>
|
security.doas.extraRules.*.argsArguments that must be provided to the command. When set to
[], the command must be run without any arguments.
Type: null or (list of string)
Default: null
Declared by:
<nixpkgs/nixos/modules/security/doas.nix>
|
security.doas.extraRules.*.cmdThe command the user is allowed to run. When set to
null (the default), all commands are allowed.
NOTE: It is best practice to specify absolute paths. If a relative path is specified, only a restricted PATH will be searched.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/security/doas.nix>
|
security.doas.extraRules.*.groupsThe groups / GIDs this rule should apply for.
Type: list of (string or signed integer)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/security/doas.nix>
|
security.doas.extraRules.*.keepEnvIf true, environment variables other than those
listed in
doas(1)
are kept when creating the environment for the new process.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/doas.nix>
|
security.doas.extraRules.*.noLogIf true, successful executions will not be logged
to
syslogd(8).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/doas.nix>
|
security.doas.extraRules.*.noPassIf true, the user is not required to enter a
password.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/doas.nix>
|
security.doas.extraRules.*.persistIf true, do not ask for a password again for some
time after the user successfully authenticates.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/doas.nix>
|
security.doas.extraRules.*.runAsWhich user or group the specified command is allowed to run as.
When set to null (the default), all users are
allowed.
A user can be specified using just the username:
"foo". It is also possible to only allow running as
a specific group with ":bar".
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/security/doas.nix>
|
security.doas.extraRules.*.setEnvKeep or set the specified variables. Variables may also be
removed with a leading '-' or set using
variable=value. If the first character of
value is a '$', the value to be set is taken from
the existing environment variable of the indicated name. This
option is processed after the default environment has been
created.
NOTE: All rules have setenv { SSH_AUTH_SOCK } by
default. To prevent SSH_AUTH_SOCK from being
inherited, add "-SSH_AUTH_SOCK" anywhere in this
list.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/security/doas.nix>
|
security.doas.extraRules.*.usersThe usernames / UIDs this rule should apply for.
Type: list of (string or signed integer)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/security/doas.nix>
|
security.doas.wheelNeedsPasswordWhether users of the wheel group must provide a password to
run commands as super user via doas.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/security/doas.nix>
|
security.duosec.acceptEnvFactorLook for factor selection or passcode in the
$DUO_PASSCODE environment variable before
prompting the user for input.
When $DUO_PASSCODE is non-empty, it will override autopush. The SSH client will need SendEnv DUO_PASSCODE in its configuration, and the SSH server will similarly need AcceptEnv DUO_PASSCODE.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/duosec.nix>
|
security.duosec.allowTcpForwardingBy default, when SSH forwarding, enabling Duo Security will disable TCP forwarding. By enabling this, you potentially undermine some of the SSH based login security. Note this is not needed if you use PAM.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/duosec.nix>
|
security.duosec.autopushIf true, Duo Unix will automatically send
a push login request to the user’s phone, falling back on a
phone call if push is unavailable. If
false, the user will be prompted to
choose an authentication method. When configured with
autopush = yes, we recommend setting
prompts = 1.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/duosec.nix>
|
security.duosec.failmodeOn service or configuration errors that prevent Duo authentication, fail "safe" (allow access) or "secure" (deny access). The default is "safe".
Type: one of "safe", "secure"
Default: "safe"
Declared by:
<nixpkgs/nixos/modules/security/duosec.nix>
|
security.duosec.fallbackLocalIPDuo Unix reports the IP address of the authorizing user, for
the purposes of authorization and whitelisting. If Duo Unix
cannot detect the IP address of the client, setting
fallbackLocalIP = yes will cause Duo Unix
to send the IP address of the server it is running on.
If you are using IP whitelisting, enabling this option could cause unauthorized logins if the local IP is listed in the whitelist.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/duosec.nix>
|
security.duosec.groupsIf specified, Duo authentication is required only for users whose primary group or supplementary group list matches one of the space-separated pattern lists. Refer to https://duo.com/docs/duounix for details.
Type: string
Default: ""
Example: "users,!wheel,!*admin guests"
Declared by:
<nixpkgs/nixos/modules/security/duosec.nix>
|
security.duosec.hostDuo API hostname.
Type: string
Declared by:
<nixpkgs/nixos/modules/security/duosec.nix>
|
security.duosec.integrationKeyIntegration key.
Type: string
Declared by:
<nixpkgs/nixos/modules/security/duosec.nix>
|
security.duosec.motdPrint the contents of /etc/motd to screen
after a successful login.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/duosec.nix>
|
security.duosec.pam.enableIf enabled, protect logins with Duo Security using PAM support.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/duosec.nix>
|
security.duosec.promptsIf a user fails to authenticate with a second factor, Duo Unix will prompt the user to authenticate again. This option sets the maximum number of prompts that Duo Unix will display before denying access. Must be 1, 2, or 3. Default is 3.
For example, when prompts = 1, the user
will have to successfully authenticate on the first prompt,
whereas if prompts = 2, if the user
enters incorrect information at the initial prompt, he/she
will be prompted to authenticate again.
When configured with autopush = true, we
recommend setting prompts = 1.
Type: one of 1, 2, 3
Default: 3
Declared by:
<nixpkgs/nixos/modules/security/duosec.nix>
|
security.duosec.pushinfoInclude information such as the command to be executed in the Duo Push message.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/duosec.nix>
|
security.duosec.secretKeyFileA file containing your secret key. The security of your Duo application is tied to the security of your secret key.
Type: null or path
Default: null
Example: "/run/keys/duo-skey"
Declared by:
<nixpkgs/nixos/modules/security/duosec.nix>
|
security.duosec.ssh.enableIf enabled, protect SSH logins with Duo Security.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/duosec.nix>
|
security.forcePageTableIsolationWhether to force-enable the Page Table Isolation (PTI) Linux kernel feature even on CPU models that claim to be safe from Meltdown.
This hardening feature is most beneficial to systems that run untrusted workloads that rely on address space isolation for security.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/misc.nix>
|
security.googleOsLogin.enableWhether to enable Google OS Login.
The OS Login package enables the following components: AuthorizedKeysCommand to query valid SSH keys from the user's OS Login profile during ssh authentication phase. NSS Module to provide user and group information PAM Module for the sshd service, providing authorization and authentication support, allowing the system to use data stored in Google Cloud IAM permissions to control both, the ability to log into an instance, and to perform operations as root (sudo).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/google_oslogin.nix>
|
security.lockKernelModulesDisable kernel module loading once the system is fully initialised.
Module loading is disabled until the next reboot. Problems caused
by delayed module loading can be fixed by adding the module(s) in
question to boot.kernelModules.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/lock-kernel-modules.nix>
|
security.pam.enableEcryptfsWhether to enable eCryptfs PAM module (mounting ecryptfs home directory on login).
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.enableFscryptWhether to enable Enables fscrypt to automatically unlock directories with the user's login password.
This also enables a service at security.pam.services.fscrypt which is used by fscrypt to verify the user's password when setting up a new protector. If you use something other than pam_unix to verify user passwords, please remember to adjust this PAM service. .
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.enableOTPWWhether to enable the OTPW (one-time password) PAM module.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.enableSSHAgentAuthEnable sudo logins if the user's SSH agent provides a key
present in ~/.ssh/authorized_keys.
This allows machines to exclusively use SSH keys instead of
passwords.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.krb5.enableEnables Kerberos PAM modules (pam-krb5,
pam-ccreds).
If set, users can authenticate with their Kerberos password.
This requires a valid Kerberos configuration
(config.krb5.enable should be set to
true).
Note that the Kerberos PAM modules are not necessary when using SSS to handle Kerberos authentication.
Type: boolean
Default: config.krb5.enable
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.loginLimitsDefine resource limits that should apply to users or groups.
Each item in the list should be an attribute set with a
domain, type,
item, and value
attribute. The syntax and semantics of these attributes
must be that described in limits.conf(5).
Note that these limits do not apply to systemd services,
whose limits can be changed via systemd.extraConfig
instead.
Type: list of (submodule)
Default: [ ]
Example:
[
{
domain = "ftp";
item = "nproc";
type = "hard";
value = "0";
}
{
domain = "@student";
item = "maxlogins";
type = "-";
value = "4";
}
]Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.loginLimits.*.domainUsername, groupname, or wildcard this limit applies to
Type: string
Example: "@wheel"
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.loginLimits.*.itemItem this limit applies to
Type: one of "core", "data", "fsize", "memlock", "nofile", "rss", "stack", "cpu", "nproc", "as", "maxlogins", "maxsyslogins", "priority", "locks", "sigpending", "msgqueue", "nice", "rtprio"
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.loginLimits.*.typeType of this limit
Type: one of "-", "hard", "soft"
Default: "-"
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.loginLimits.*.valueValue of this limit
Type: string or signed integer
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.makeHomeDir.skelDirectoryPath to skeleton directory whose contents are copied to home
directories newly created by pam_mkhomedir.
Type: string
Default: "/var/empty"
Example: "/etc/skel"
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.mount.enableEnable PAM mount system to mount filesystems on user login.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/pam_mount.nix>
|
security.pam.mount.additionalSearchPathsAdditional programs to include in the search path of pam_mount. Useful for example if you want to use some FUSE filesystems like bindfs.
Type: list of package
Default: [ ]
Example: [ pkgs.bindfs ]
Declared by:
<nixpkgs/nixos/modules/security/pam_mount.nix>
|
security.pam.mount.createMountPointsCreate mountpoints for volumes if they do not exist.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/security/pam_mount.nix>
|
security.pam.mount.debugLevelSets the Debug-Level. 0 disables debugging, 1 enables pam_mount tracing, and 2 additionally enables tracing in mount.crypt. The default is 0. For more information, visit http://pam-mount.sourceforge.net/pam_mount.conf.5.html.
Type: signed integer
Default: 0
Example: 1
Declared by:
<nixpkgs/nixos/modules/security/pam_mount.nix>
|
security.pam.mount.extraVolumesList of volume definitions for pam_mount. For more information, visit http://pam-mount.sourceforge.net/pam_mount.conf.5.html.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/security/pam_mount.nix>
|
security.pam.mount.fuseMountOptionsGlobal mount options that apply to every FUSE volume. You can define volume-specific options in the volume definitions.
Type: list of string
Default: [ ]
Example:
[ "nodev" "nosuid" "force-user=%(USER)" "gid=%(USERGID)" "perms=0700" "chmod-deny" "chown-deny" "chgrp-deny" ]
Declared by:
<nixpkgs/nixos/modules/security/pam_mount.nix>
|
security.pam.mount.logoutHupKill remaining processes after logout by sending a SIGHUP.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/pam_mount.nix>
|
security.pam.mount.logoutKillKill remaining processes after logout by sending a SIGKILL.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/pam_mount.nix>
|
security.pam.mount.logoutTermKill remaining processes after logout by sending a SIGTERM.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/pam_mount.nix>
|
security.pam.mount.logoutWaitAmount of microseconds to wait until killing remaining processes after final logout. For more information, visit http://pam-mount.sourceforge.net/pam_mount.conf.5.html.
Type: signed integer
Default: 0
Declared by:
<nixpkgs/nixos/modules/security/pam_mount.nix>
|
security.pam.mount.removeCreatedMountPointsRemove mountpoints created by pam_mount after logout. This only affects mountpoints that have been created by pam_mount in the same session.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/security/pam_mount.nix>
|
security.pam.oath.enableEnable the OATH (one-time password) PAM module.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/oath.nix>
|
security.pam.oath.digitsSpecify the length of the one-time password in number of digits.
Type: one of 6, 7, 8
Default: 6
Declared by:
<nixpkgs/nixos/modules/security/oath.nix>
|
security.pam.oath.usersFileSet the path to file where the user's credentials are stored. This file must not be world readable!
Type: path
Default: "/etc/users.oath"
Declared by:
<nixpkgs/nixos/modules/security/oath.nix>
|
security.pam.oath.windowSpecify the number of one-time passwords to check in order to accommodate for situations where the system and the client are slightly out of sync (iteration for HOTP or time steps for TOTP).
Type: signed integer
Default: 5
Declared by:
<nixpkgs/nixos/modules/security/oath.nix>
|
security.pam.p11.enableEnables P11 PAM (pam_p11) module.
If set, users can log in with SSH keys and PKCS#11 tokens.
More information can be found here.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.p11.controlThis option sets pam "control". If you want to have multi factor authentication, use "required". If you want to use the PKCS#11 device instead of the regular password, use "sufficient".
Read pam.conf(5) for better understanding of this option.
Type: one of "required", "requisite", "sufficient", "optional"
Default: "sufficient"
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.servicesThis option defines the PAM services. A service typically corresponds to a program that uses PAM, e.g. login or passwd. Each attribute of this set defines a PAM service, with the attribute name defining the name of the service.
Type: attribute set of (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.enableAppArmorEnable support for attaching AppArmor profiles at the user/group level, e.g., as part of a role based access control scheme.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.enableGnomeKeyringIf enabled, pam_gnome_keyring will attempt to automatically unlock the user's default Gnome keyring upon login. If the user login password does not match their keyring password, Gnome Keyring will prompt separately after login.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.enableKwalletIf enabled, pam_wallet will attempt to automatically unlock the user's default KDE wallet upon login. If the user has no wallet named "kdewallet", or the login password does not match their wallet password, KDE will prompt separately after login.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.allowNullPasswordWhether to allow logging into accounts that have no password
set (i.e., have an empty password field in
/etc/passwd or
/etc/group). This does not enable
logging into disabled accounts (i.e., that have the password
field set to !). Note that regardless of
what the pam_unix documentation says, accounts with hashed
empty passwords are always allowed to log in.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.duoSecurity.enableIf set, use the Duo Security pam module
pam_duo for authentication. Requires
configuration of security.duosec options.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.failDelay.enableIf enabled, this will replace the FAIL_DELAY setting from login.defs.
Change the delay on failure per-application.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.failDelay.delayThe delay time (in microseconds) on failure.
Type: signed integer
Default: 3000000
Example: 1000000
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.forwardXAuthWhether X authentication keys should be passed from the calling user to the target user (e.g. for su)
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.fprintAuthIf set, fingerprint reader will be used (if exists and your fingerprints are enrolled).
Type: boolean
Default: config.services.fprintd.enable
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.gnupg.enableIf enabled, pam_gnupg will attempt to automatically unlock the
user's GPG keys with the login password via
gpg-agent. The keygrips of all keys to be
unlocked should be written to ~/.pam-gnupg,
and can be queried with gpg -K --with-keygrip.
Presetting passphrases must be enabled by adding
allow-preset-passphrase in
~/.gnupg/gpg-agent.conf.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.gnupg.noAutostartDon't start gpg-agent if it is not running. Useful in conjunction with starting gpg-agent as a systemd user service.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.gnupg.storeOnlyDon't send the password immediately after login, but store for PAM
session.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.googleAuthenticator.enableIf set, users with enabled Google Authenticator (created
~/.google_authenticator) will be required
to provide Google Authenticator token to log in.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.googleOsLoginAccountVerificationIf set, will use the Google OS Login PAM modules
(pam_oslogin_login,
pam_oslogin_admin) to verify possible OS Login
users and set sudoers configuration accordingly.
This only makes sense to enable for the sshd PAM
service.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.googleOsLoginAuthenticationIf set, will use the pam_oslogin_login's user
authentication methods to authenticate users using 2FA.
This only makes sense to enable for the sshd PAM
service.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.limitsAttribute set describing resource limits. Defaults to the
value of security.pam.loginLimits.
The meaning of the values is explained in limits.conf(5).
Type: list of (submodule)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.limits.*.domainUsername, groupname, or wildcard this limit applies to
Type: string
Example: "@wheel"
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.limits.*.itemItem this limit applies to
Type: one of "core", "data", "fsize", "memlock", "nofile", "rss", "stack", "cpu", "nproc", "as", "maxlogins", "maxsyslogins", "priority", "locks", "sigpending", "msgqueue", "nice", "rtprio"
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.limits.*.typeType of this limit
Type: one of "-", "hard", "soft"
Default: "-"
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.limits.*.valueValue of this limit
Type: string or signed integer
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.logFailuresWhether to log authentication failures in /var/log/faillog.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.makeHomeDirWhether to try to create home directories for users
with $HOMEs pointing to nonexistent
locations on session login.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.mysqlAuthIf set, the pam_mysql module will be used to
authenticate users against a MySQL/MariaDB database.
Type: boolean
Default: config.users.mysql.enable
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.nameName of the PAM service.
Type: string
Example: "sshd"
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.nodelayWhether the delay after typing a wrong password should be disabled.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.oathAuthIf set, the OATH Toolkit will be used.
Type: boolean
Default: config.security.pam.oath.enable
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.otpwAuthIf set, the OTPW system will be used (if
~/.otpw exists).
Type: boolean
Default: config.security.pam.enableOTPW
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.p11AuthIf set, keys listed in
~/.ssh/authorized_keys and
~/.eid/authorized_certificates
can be used to log in with the associated PKCS#11 tokens.
Type: boolean
Default: config.security.pam.p11.enable
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.pamMountEnable PAM mount (pam_mount) system to mount filesystems on user login.
Type: boolean
Default: config.security.pam.mount.enable
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.requireWheelWhether to permit root access only to members of group wheel.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.rootOKIf set, root doesn't need to authenticate (e.g. for the useradd service).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.setEnvironmentWhether the service should set the environment variables
listed in environment.sessionVariables
using pam_env.so.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.setLoginUidSet the login uid of the process
(/proc/self/loginuid) for auditing
purposes. The login uid is only set by ‘entry points’ like
login and sshd, not by
commands like sudo.
Type: boolean
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.showMotdWhether to show the message of the day.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.sshAgentAuthIf set, the calling user's SSH agent is used to authenticate
against the keys in the calling user's
~/.ssh/authorized_keys. This is useful
for sudo on password-less remote systems.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.sssdStrictAccessenforce sssd access control
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.startSessionIf set, the service will register a new session with systemd's login manager. For local sessions, this will give the user access to audio devices, CD-ROM drives. In the default PolicyKit configuration, it also allows the user to reboot the system.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.textContents of the PAM service file.
Type: null or strings concatenated with "\n"
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.ttyAudit.enableEnable or disable TTY auditing for specified users
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.ttyAudit.enablePatternFor each user matching one of comma-separated glob patterns, enable TTY auditing
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.ttyAudit.disablePatternFor each user matching one of comma-separated glob patterns, disable TTY auditing
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.ttyAudit.openOnlySet the TTY audit flag when opening the session, but do not restore it when closing the session. Using this option is necessary for some services that don't fork() to run the authenticated session, such as sudo.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.u2fAuthIf set, users listed in
$XDG_CONFIG_HOME/Yubico/u2f_keys (or
$HOME/.config/Yubico/u2f_keys if XDG variable is
not set) are able to log in with the associated U2F key. Path can be
changed using security.pam.u2f.authFile option.
Type: boolean
Default: config.security.pam.u2f.enable
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.unixAuthWhether users can log in with passwords defined in
/etc/shadow.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.updateWtmpWhether to update /var/log/wtmp.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.usbAuthIf set, users listed in
/etc/pamusb.conf are able to log in
with the associated USB key.
Type: boolean
Default: config.security.pam.usb.enable
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.usshAuthIf set, users with an SSH certificate containing an authorized principal
in their SSH agent are able to log in. Specific options are controlled
using the security.pam.ussh options.
Note that the security.pam.ussh.enable must also be
set for this option to take effect.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.services.<name>.yubicoAuthIf set, users listed in
~/.yubico/authorized_yubikeys
are able to log in with the associated Yubikey tokens.
Type: boolean
Default: config.security.pam.yubico.enable
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.u2f.enableEnables U2F PAM (pam-u2f) module.
If set, users listed in
$XDG_CONFIG_HOME/Yubico/u2f_keys (or
$HOME/.config/Yubico/u2f_keys if XDG variable is
not set) are able to log in with the associated U2F key. The path can
be changed using security.pam.u2f.authFile option.
File format is:
username:first_keyHandle,first_public_key: second_keyHandle,second_public_key
This file can be generated using pamu2fcfg command.
More information can be found here.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.u2f.appIdBy default pam-u2f module sets the application
ID to pam://$HOSTNAME.
When using pamu2fcfg, you can specify your
application ID with the -i flag.
More information can be found here
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.u2f.authFileBy default pam-u2f module reads the keys from
$XDG_CONFIG_HOME/Yubico/u2f_keys (or
$HOME/.config/Yubico/u2f_keys if XDG variable is
not set).
If you want to change auth file locations or centralize database (for
example use /etc/u2f-mappings) you can set this
option.
File format is:
username:first_keyHandle,first_public_key: second_keyHandle,second_public_key
This file can be generated using pamu2fcfg command.
More information can be found here.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.u2f.controlThis option sets pam "control". If you want to have multi factor authentication, use "required". If you want to use U2F device instead of regular password, use "sufficient".
Read pam.conf(5) for better understanding of this option.
Type: one of "required", "requisite", "sufficient", "optional"
Default: "sufficient"
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.u2f.cueBy default pam-u2f module does not inform user
that he needs to use the u2f device, it just waits without a prompt.
If you set this option to true,
cue option is added to pam-u2f
module and reminder message will be displayed.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.u2f.debugDebug output to stderr.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.u2f.interactiveSet to prompt a message and wait before testing the presence of a U2F device. Recommended if your device doesn’t have a tactile trigger.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.u2f.originBy default pam-u2f module sets the origin
to pam://$HOSTNAME.
Setting origin to an host independent value will allow you to
reuse credentials across machines
When using pamu2fcfg, you can specify your
application ID with the -o flag.
More information can be found here
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.usb.enableEnable USB login for all login systems that support it. For more information, visit https://github.com/aluzzardi/pam_usb/wiki/Getting-Started#setting-up-devices-and-users.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/pam_usb.nix>
|
security.pam.ussh.enableEnables Uber's USSH PAM (pam-ussh) module.
This is similar to pam-ssh-agent, except that
the presence of a CA-signed SSH key with a valid principal is checked
instead.
Note that this module must both be enabled using this option and on a
per-PAM-service level as well (using usshAuth).
More information can be found here.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.ussh.authorizedPrincipalsComma-separated list of authorized principals to permit; if the user presents a certificate with one of these principals, then they will be authorized.
Note that pam-ussh also requires that the certificate
contain a principal matching the user's username. The principals from
this list are in addition to those principals.
Mutually exclusive with authorizedPrincipalsFile.
Type: null or strings concatenated with ","
Default: null
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.ussh.authorizedPrincipalsFilePath to a list of principals; if the user presents a certificate with one of these principals, then they will be authorized.
Note that pam-ussh also requires that the certificate
contain a principal matching the user's username. The principals from
this file are in addition to those principals.
Mutually exclusive with authorizedPrincipals.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.ussh.caFileBy default pam-ussh reads the trusted user CA keys
from /etc/ssh/trusted_user_ca.
This should be set the same as your TrustedUserCAKeys
option for sshd.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.ussh.controlThis option sets pam "control". If you want to have multi factor authentication, use "required". If you want to use the SSH certificate instead of the regular password, use "sufficient".
Read pam.conf(5) for better understanding of this option.
Type: one of "required", "requisite", "sufficient", "optional"
Default: "sufficient"
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.ussh.groupIf set, then the authenticating user must be a member of this group to use this module.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.yubico.enableEnables Yubico PAM (yubico-pam) module.
If set, users listed in
~/.yubico/authorized_yubikeys
are able to log in with the associated Yubikey tokens.
The file must have only one line:
username:yubikey_token_id1:yubikey_token_id2
More information can be found here.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.yubico.challengeResponsePathIf not null, set the path used by yubico pam module where the challenge expected response is stored.
More information can be found here.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.yubico.controlThis option sets pam "control". If you want to have multi factor authentication, use "required". If you want to use Yubikey instead of regular password, use "sufficient".
Read pam.conf(5) for better understanding of this option.
Type: one of "required", "requisite", "sufficient", "optional"
Default: "sufficient"
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.yubico.debugDebug output to stderr.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.yubico.idclient id
Type: string
Example: "42"
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pam.yubico.modeMode of operation.
Use "client" for online validation with a YubiKey validation service such as the YubiCloud.
Use "challenge-response" for offline validation using YubiKeys with HMAC-SHA-1 Challenge-Response configurations. See the man-page ykpamcfg(1) for further details on how to configure offline Challenge-Response validation.
More information can be found here.
Type: one of "client", "challenge-response"
Default: "client"
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
security.pki.caCertificateBlacklistA list of blacklisted CA certificate names that won't be imported from
the Mozilla Trust Store into
/etc/ssl/certs/ca-certificates.crt. Use the
names from that file.
Type: list of string
Default: [ ]
Example:
[ "WoSign" "WoSign China" "CA WoSign ECC Root" "Certification Authority of WoSign G2" ]
Declared by:
<nixpkgs/nixos/modules/security/ca.nix>
|
security.pki.certificateFilesA list of files containing trusted root certificates in PEM
format. These are concatenated to form
/etc/ssl/certs/ca-certificates.crt, which is
used by many programs that use OpenSSL, such as
curl and git.
Type: list of path
Default: [ ]
Example: [ "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" ]
Declared by:
<nixpkgs/nixos/modules/security/ca.nix>
|
security.pki.certificatesA list of trusted root certificates in PEM format.
Type: list of string
Default: [ ]
Example:
[ ''
NixOS.org
=========
-----BEGIN CERTIFICATE-----
MIIGUDCCBTigAwIBAgIDD8KWMA0GCSqGSIb3DQEBBQUAMIGMMQswCQYDVQQGEwJJ
TDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0
...
-----END CERTIFICATE-----
''
]
Declared by:
<nixpkgs/nixos/modules/security/ca.nix>
|
security.please.enableWhether to enable please, a Sudo clone which allows a users to execute a command or edit a file as another user .
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/security/please.nix>
|
security.please.packageWhich package to use for please.
Type: package
Default: pkgs.please
Declared by:
<nixpkgs/nixos/modules/security/please.nix>
|
security.please.settingsPlease configuration. Refer to https://github.com/edneville/please/blob/master/please.ini.md for details.
Type: attribute set of attribute set of (INI atom (null, bool, int, float or string))
Default: { }
Example:
{
jim_edit_etc_hosts_as_root = {
editmode = 644;
name = "jim";
require_pass = true;
rule = "/etc/hosts";
target = "root";
type = "edit";
};
jim_run_any_as_root = {
name = "jim";
require_pass = false;
rule = ".*";
target = "root";
type = "run";
};
}Declared by:
<nixpkgs/nixos/modules/security/please.nix>
|
security.please.wheelNeedsPasswordWhether users of the wheel group must provide a password to run
commands or edit files with please and
pleaseedit respectively.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/security/please.nix>
|
security.polkit.enableWhether to enable polkit.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/security/polkit.nix>
|
security.polkit.adminIdentitiesSpecifies which users are considered “administrators”, for those
actions that require the user to authenticate as an
administrator (i.e. have an auth_admin
value). By default, this is all users in the wheel group.
Type: list of string
Default:
[ "unix-group:wheel" ]
Example:
[ "unix-user:alice" "unix-group:admin" ]
Declared by:
<nixpkgs/nixos/modules/security/polkit.nix>
|
security.polkit.debugWhether to enable debug logs from polkit. This is required in order to see log messages from rule definitions..
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/security/polkit.nix>
|
security.polkit.extraConfigAny polkit rules to be added to config (in JavaScript ;-). See: http://www.freedesktop.org/software/polkit/docs/latest/polkit.8.html#polkit-rules
Type: strings concatenated with "\n"
Default: ""
Example:
''
/* Log authorization checks. */
polkit.addRule(function(action, subject) {
// Make sure to set { security.polkit.debug = true; } in configuration.nix
polkit.log("user " + subject.user + " is attempting action " + action.id + " from PID " + subject.pid);
});
/* Allow any local user to do anything (dangerous!). */
polkit.addRule(function(action, subject) {
if (subject.local) return "yes";
});
''Declared by:
<nixpkgs/nixos/modules/security/polkit.nix>
|
security.protectKernelImageWhether to prevent replacing the running kernel image.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/misc.nix>
|
security.rtkit.enableWhether to enable the RealtimeKit system service, which hands out realtime scheduling priority to user processes on demand. For example, the PulseAudio server uses this to acquire realtime priority.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/rtkit.nix>
|
security.sudo.enableWhether to enable the sudo command, which allows non-root users to execute commands as root.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/security/sudo.nix>
|
security.sudo.packageWhich package to use for sudo.
Type: package
Default: pkgs.sudo
Declared by:
<nixpkgs/nixos/modules/security/sudo.nix>
|
security.sudo.configFileThis string contains the contents of the
sudoers file.
Type: strings concatenated with "\n"
Declared by:
<nixpkgs/nixos/modules/security/sudo.nix>
|
security.sudo.execWheelOnlyOnly allow members of the wheel group to execute sudo by
setting the executable's permissions accordingly.
This prevents users that are not members of wheel from
exploiting vulnerabilities in sudo such as CVE-2021-3156.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/sudo.nix>
|
security.sudo.extraConfigExtra configuration text appended to sudoers.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/security/sudo.nix>
|
security.sudo.extraRulesDefine specific rules to be in the sudoers file.
More specific rules should come after more general ones in order to
yield the expected behavior. You can use mkBefore/mkAfter to ensure
this is the case when configuration options are merged.
Type: list of (submodule)
Default: [ ]
Example:
[
# Allow execution of any command by all users in group sudo,
# requiring a password.
{ groups = [ "sudo" ]; commands = [ "ALL" ]; }
# Allow execution of "/home/root/secret.sh" by user `backup`, `database`
# and the group with GID `1006` without a password.
{ users = [ "backup" "database" ]; groups = [ 1006 ];
commands = [ { command = "/home/root/secret.sh"; options = [ "SETENV" "NOPASSWD" ]; } ]; }
# Allow all users of group `bar` to run two executables as user `foo`
# with arguments being pre-set.
{ groups = [ "bar" ]; runAs = "foo";
commands =
[ "/home/baz/cmd1.sh hello-sudo"
{ command = ''/home/baz/cmd2.sh ""''; options = [ "SETENV" ]; } ]; }
]
Declared by:
<nixpkgs/nixos/modules/security/sudo.nix>
|
security.sudo.extraRules.*.commandsThe commands for which the rule should apply.
Type: list of (string or (submodule))
Declared by:
<nixpkgs/nixos/modules/security/sudo.nix>
|
security.sudo.extraRules.*.groupsThe groups / GIDs this rule should apply for.
Type: list of (string or signed integer)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/security/sudo.nix>
|
security.sudo.extraRules.*.hostFor what host this rule should apply.
Type: string
Default: "ALL"
Declared by:
<nixpkgs/nixos/modules/security/sudo.nix>
|
security.sudo.extraRules.*.runAsUnder which user/group the specified command is allowed to run.
A user can be specified using just the username: "foo".
It is also possible to specify a user/group combination using "foo:bar"
or to only allow running as a specific group with ":bar".
Type: string
Default: "ALL:ALL"
Declared by:
<nixpkgs/nixos/modules/security/sudo.nix>
|
security.sudo.extraRules.*.usersThe usernames / UIDs this rule should apply for.
Type: list of (string or signed integer)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/security/sudo.nix>
|
security.sudo.wheelNeedsPasswordWhether users of the wheel group must
provide a password to run commands as super user via sudo.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/security/sudo.nix>
|
security.tpm2.enableWhether to enable Trusted Platform Module 2 support.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/security/tpm2.nix>
|
security.tpm2.abrmd.enableWhether to enable Trusted Platform 2 userspace resource manager daemon .
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/security/tpm2.nix>
|
security.tpm2.abrmd.packagetpm2-abrmd package to use
Type: package
Default: pkgs.tpm2-abrmd
Declared by:
<nixpkgs/nixos/modules/security/tpm2.nix>
|
security.tpm2.applyUdevRulesWhether to make the /dev/tpm[0-9] devices accessible by the tssUser, or the /dev/tpmrm[0-9] by tssGroup respectively
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/security/tpm2.nix>
|
security.tpm2.pkcs11.enableWhether to enable TPM2 PKCS#11 tool and shared library in system path
(/run/current-system/sw/lib/libtpm2_pkcs11.so)
.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/security/tpm2.nix>
|
security.tpm2.pkcs11.packagetpm2-pkcs11 package to use
Type: package
Default: pkgs.tpm2-pkcs11
Declared by:
<nixpkgs/nixos/modules/security/tpm2.nix>
|
security.tpm2.tctiEnvironment.enableSet common TCTI environment variables to the specified value. The variables are
TPM2TOOLS_TCTI
TPM2_PKCS11_TCTI
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/tpm2.nix>
|
security.tpm2.tctiEnvironment.deviceConfConfiguration part of the device TCTI, e.g. the path to the TPM device. Applies if interface is set to "device". The format is specified in the tpm2-tools repository.
Type: string
Default: "/dev/tpmrm0"
Declared by:
<nixpkgs/nixos/modules/security/tpm2.nix>
|
security.tpm2.tctiEnvironment.interfaceThe name of the TPM command transmission interface (TCTI) library to use.
Type: one of "tabrmd", "device"
Default: "device"
Declared by:
<nixpkgs/nixos/modules/security/tpm2.nix>
|
security.tpm2.tctiEnvironment.tabrmdConfConfiguration part of the tabrmd TCTI, like the D-Bus bus name. Applies if interface is set to "tabrmd". The format is specified in the tpm2-tools repository.
Type: string
Default: "bus_name=com.intel.tss2.Tabrmd"
Declared by:
<nixpkgs/nixos/modules/security/tpm2.nix>
|
security.tpm2.tssGroupGroup of the tpm kernel resource manager (tpmrm) device-group, set if applyUdevRules is set.
Type: null or string
Default: "tss"
Declared by:
<nixpkgs/nixos/modules/security/tpm2.nix>
|
security.tpm2.tssUserName of the tpm device-owner and service user, set if applyUdevRules is set.
Type: null or string
Default: if config.security.tpm2.abrmd.enable then "tss" else "root"
Declared by:
<nixpkgs/nixos/modules/security/tpm2.nix>
|
security.unprivilegedUsernsCloneWhen disabled, unprivileged users will not be able to create new namespaces. By default unprivileged user namespaces are disabled. This option only works in a hardened profile.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/misc.nix>
|
security.virtualisation.flushL1DataCacheWhether the hypervisor should flush the L1 data cache before
entering guests.
See also security.allowSimultaneousMultithreading.
null: uses the kernel default
"never": disables L1 data cache flushing entirely.
May be appropriate if all guests are trusted.
"cond": flushes L1 data cache only for pre-determined
code paths. May leak information about the host address space
layout.
"always": flushes L1 data cache every time the hypervisor
enters the guest. May incur significant performance cost.
Type: null or one of "never", "cond", "always"
Default: null
Declared by:
<nixpkgs/nixos/modules/security/misc.nix>
|
security.wrapperDirSizeSize limit for the /run/wrappers tmpfs. Look at mount(8), tmpfs size option, for the accepted syntax. WARNING: don't set to less than 64MB.
Type: string
Default: "50%"
Example: "10G"
Declared by:
<nixpkgs/nixos/modules/security/wrappers/default.nix>
|
security.wrappersThis option effectively allows adding setuid/setgid bits, capabilities,
changing file ownership and permissions of a program without directly
modifying it. This works by creating a wrapper program under the
security.wrapperDir directory, which is then added to
the shell PATH.
Type: attribute set of (submodule)
Default: { }
Example:
{
# a setuid root program
doas =
{ setuid = true;
owner = "root";
group = "root";
source = "${pkgs.doas}/bin/doas";
};
# a setgid program
locate =
{ setgid = true;
owner = "root";
group = "mlocate";
source = "${pkgs.locate}/bin/locate";
};
# a program with the CAP_NET_RAW capability
ping =
{ owner = "root";
group = "root";
capabilities = "cap_net_raw+ep";
source = "${pkgs.iputils.out}/bin/ping";
};
}
Declared by:
<nixpkgs/nixos/modules/security/wrappers/default.nix>
|
security.wrappers.<name>.capabilitiesA comma-separated list of capability clauses to be given to the wrapper program. The format for capability clauses is described in the “TEXTUAL REPRESENTATION” section of the cap_from_text(3) manual page. For a list of capabilities supported by the system, check the capabilities(7) manual page.
cap_setpcap, which is required for the wrapper
program to be able to raise caps into the Ambient set is NOT raised
to the Ambient set so that the real program cannot modify its own
capabilities!! This may be too restrictive for cases in which the
real program needs cap_setpcap but it at least leans on the side
security paranoid vs. too relaxed.
Type: strings concatenated with ","
Default: ""
Declared by:
<nixpkgs/nixos/modules/security/wrappers/default.nix>
|
security.wrappers.<name>.groupThe group of the wrapper program.
Type: string
Declared by:
<nixpkgs/nixos/modules/security/wrappers/default.nix>
|
security.wrappers.<name>.ownerThe owner of the wrapper program.
Type: string
Declared by:
<nixpkgs/nixos/modules/security/wrappers/default.nix>
|
security.wrappers.<name>.permissionsThe permissions of the wrapper program. The format is that of a symbolic or numeric file mode understood by chmod.
Type: file mode string
Default: "u+rx,g+x,o+x"
Example: "a+rx"
Declared by:
<nixpkgs/nixos/modules/security/wrappers/default.nix>
|
security.wrappers.<name>.programThe name of the wrapper program. Defaults to the attribute name.
Type: null or string
Default: "‹name›"
Declared by:
<nixpkgs/nixos/modules/security/wrappers/default.nix>
|
security.wrappers.<name>.setgidWhether to add the setgid bit the wrapper program.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/wrappers/default.nix>
|
security.wrappers.<name>.setuidWhether to add the setuid bit the wrapper program.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/wrappers/default.nix>
|
security.wrappers.<name>.sourceThe absolute path to the program to be wrapped.
Type: path
Declared by:
<nixpkgs/nixos/modules/security/wrappers/default.nix>
|
services.packagekit.enableWhether to enable PackageKit provides a cross-platform D-Bus abstraction layer for installing software. Software utilizing PackageKit can install software regardless of the package manager. .
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/packagekit.nix>
|
services.packagekit.settingsAdditional settings passed straight through to PackageKit.conf
Type: attribute set of attribute set of (INI atom (null, bool, int, float or string))
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/misc/packagekit.nix>
|
services.packagekit.vendorSettingsAdditional settings passed straight through to Vendor.conf
Type: attribute set of attribute set of (INI atom (null, bool, int, float or string))
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/misc/packagekit.nix>
|
services.SystemdJournal2Gelf.enableWhether to enable SystemdJournal2Gelf.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/logging/SystemdJournal2Gelf.nix>
|
services.SystemdJournal2Gelf.packageSystemdJournal2Gelf package to use.
Type: package
Default: pkgs.systemd-journal2gelf
Declared by:
<nixpkgs/nixos/modules/services/logging/SystemdJournal2Gelf.nix>
|
services.SystemdJournal2Gelf.extraOptionsAny extra flags to pass to SystemdJournal2Gelf. Note that
these are basically journalctl flags.
Type: strings concatenated with " "
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/logging/SystemdJournal2Gelf.nix>
|
services.SystemdJournal2Gelf.graylogServerHost and port of your graylog2 input. This should be a GELF UDP input.
Type: string
Example: "graylog2.example.com:11201"
Declared by:
<nixpkgs/nixos/modules/services/logging/SystemdJournal2Gelf.nix>
|
services._3proxy.enableWhether to enable 3proxy.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/3proxy.nix>
|
services._3proxy.confFileIgnore all other 3proxy options and load configuration from this file.
Type: path
Example: "/var/lib/3proxy/3proxy.conf"
Declared by:
<nixpkgs/nixos/modules/services/networking/3proxy.nix>
|
services._3proxy.denyPrivateWhether to deny access to private IP ranges including loopback.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/3proxy.nix>
|
services._3proxy.extraConfigExtra configuration, appended to the 3proxy configuration file. Consult documentation for available options.
Type: null or strings concatenated with "\n"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/3proxy.nix>
|
services._3proxy.privateRangesWhat IP ranges to deny access when denyPrivate is set tu true.
Type: list of string
Default:
[ "0.0.0.0/8" "127.0.0.0/8" "10.0.0.0/8" "100.64.0.0/10" "172.16.0.0/12" "192.168.0.0/16" "::" "::1" "fc00::/7" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/3proxy.nix>
|
services._3proxy.resolutionUse this option to configure name resolution and DNS caching.
Type: submodule
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/3proxy.nix>
|
services._3proxy.resolution.nscacheSet name cache size for IPv4.
Type: signed integer
Default: 65535
Declared by:
<nixpkgs/nixos/modules/services/networking/3proxy.nix>
|
services._3proxy.resolution.nscache6Set name cache size for IPv6.
Type: signed integer
Default: 65535
Declared by:
<nixpkgs/nixos/modules/services/networking/3proxy.nix>
|
services._3proxy.resolution.nserverList of nameservers to use.
Up to 5 nservers may be specified. If no nserver is configured, default system name resolution functions are used.
Type: list of string
Default: [ ]
Example:
[ "127.0.0.53" "192.168.1.3:5353/tcp" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/3proxy.nix>
|
services._3proxy.resolution.nsrecordAdds static nsrecords.
Type: attribute set of string
Default: { }
Example:
{
"files.local" = "192.168.1.12";
"site.local" = "192.168.1.43";
}
Declared by:
<nixpkgs/nixos/modules/services/networking/3proxy.nix>
|
services._3proxy.servicesUse this option to define 3proxy services.
Type: list of (submodule)
Default: [ ]
Example:
[
{
type = "proxy";
bindAddress = "192.168.1.24";
bindPort = 3128;
auth = [ "none" ];
}
{
type = "proxy";
bindAddress = "10.10.1.20";
bindPort = 3128;
auth = [ "iponly" ];
}
{
type = "socks";
bindAddress = "172.17.0.1";
bindPort = 1080;
auth = [ "strong" ];
}
]
Declared by:
<nixpkgs/nixos/modules/services/networking/3proxy.nix>
|
services._3proxy.services.*.aclUse this option to limit user access to resources.
Type: list of (submodule)
Default: [ ]
Example:
[
{
rule = "allow";
users = [ "user1" ];
}
{
rule = "allow";
sources = [ "192.168.1.0/24" ];
}
{
rule = "deny";
}
]
Declared by:
<nixpkgs/nixos/modules/services/networking/3proxy.nix>
|
services._3proxy.services.*.acl.*.ruleACL rule. The following values are valid:
"allow": connections allowed.
"deny": connections not allowed.
Type: one of "allow", "deny"
Example: "allow"
Declared by:
<nixpkgs/nixos/modules/services/networking/3proxy.nix>
|
services._3proxy.services.*.acl.*.sourcesList of source IP range, use empty list for any.
Type: list of string
Default: [ ]
Example:
[ "127.0.0.1" "192.168.1.0/24" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/3proxy.nix>
|
services._3proxy.services.*.acl.*.targetPortsList of target ports, use empty list for any.
Type: list of signed integer
Default: [ ]
Example:
[ 80 443 ]
Declared by:
<nixpkgs/nixos/modules/services/networking/3proxy.nix>
|
services._3proxy.services.*.acl.*.targetsList of target IP ranges, use empty list for any.
May also contain host names instead of addresses.
It's possible to use wildmask in the beginning and in the the end of hostname, e.g. *badsite.com or *badcontent*.
Hostname is only checked if hostname presents in request.
Type: list of string
Default: [ ]
Example:
[ "127.0.0.1" "192.168.1.0/24" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/3proxy.nix>
|
services._3proxy.services.*.acl.*.usersList of users, use empty list for any.
Type: list of string
Default: [ ]
Example:
[ "user1" "user2" "user3" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/3proxy.nix>
|
services._3proxy.services.*.authAuthentication type. The following values are valid:
"none": disables both authentication and authorization. You can not use ACLs.
"iponly": specifies no authentication. ACLs authorization is used.
"strong": authentication by username/password. If user is not registered their access is denied regardless of ACLs.
Double authentication is possible, e.g.
{
auth = [ "iponly" "strong" ];
acl = [
{
rule = "allow";
targets = [ "192.168.0.0/16" ];
}
{
rule = "allow"
users = [ "user1" "user2" ];
}
];
}
In this example strong username authentication is not required to access 192.168.0.0/16.
Type: list of (one of "none", "iponly", "strong")
Example:
[ "iponly" "strong" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/3proxy.nix>
|
services._3proxy.services.*.bindAddressAddress used for service.
Type: string
Default: "[::]"
Example: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/3proxy.nix>
|
services._3proxy.services.*.bindPortOverride default port used for service.
Type: null or signed integer
Default: null
Example: 3128
Declared by:
<nixpkgs/nixos/modules/services/networking/3proxy.nix>
|
services._3proxy.services.*.extraArgumentsExtra arguments for service. Consult "Options" section in documentation for available arguments.
Type: null or string
Default: null
Example: "-46"
Declared by:
<nixpkgs/nixos/modules/services/networking/3proxy.nix>
|
services._3proxy.services.*.extraConfigExtra configuration for service. Use this to configure things like bandwidth limiter or ACL-based redirection. Consult documentation for available options.
Type: null or strings concatenated with "\n"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/3proxy.nix>
|
services._3proxy.services.*.maxConnectionsMaximum number of simulationeous connections to this service.
Type: signed integer
Default: 100
Example: 1000
Declared by:
<nixpkgs/nixos/modules/services/networking/3proxy.nix>
|
services._3proxy.services.*.typeService type. The following values are valid:
"proxy": HTTP/HTTPS proxy (default port 3128).
"socks": SOCKS 4/4.5/5 proxy (default port 1080).
"pop3p": POP3 proxy (default port 110).
"ftppr": FTP proxy (default port 21).
"admin": Web interface (default port 80).
"dnspr": Caching DNS proxy (default port 53).
"tcppm": TCP portmapper.
"udppm": UDP portmapper.
Type: one of "proxy", "socks", "pop3p", "ftppr", "admin", "dnspr", "tcppm", "udppm"
Example: "proxy"
Declared by:
<nixpkgs/nixos/modules/services/networking/3proxy.nix>
|
services._3proxy.usersFileLoad users and passwords from this file.
Example users file with plain-text passwords:
test1:CL:password1 test2:CL:password2
Example users file with md5-crypted passwords:
test1:CR:$1$tFkisVd2$1GA8JXkRmTXdLDytM/i3a1 test2:CR:$1$rkpibm5J$Aq1.9VtYAn0JrqZ8M.1ME.
You can generate md5-crypted passwords via https://unix4lyfe.org/crypt/ Note that htpasswd tool generates incompatible md5-crypted passwords. Consult documentation for more information.
Type: null or path
Default: null
Example: "/var/lib/3proxy/3proxy.passwd"
Declared by:
<nixpkgs/nixos/modules/services/networking/3proxy.nix>
|
services.accounts-daemon.enableWhether to enable AccountsService, a DBus service for accessing the list of user accounts and information attached to those accounts.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/desktops/accountsservice.nix>
|
services.acpid.enableWhether to enable the ACPI daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/hardware/acpid.nix>
|
services.acpid.acEventCommandsShell commands to execute on an ac_adapter.* event.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/hardware/acpid.nix>
|
services.acpid.handlersEvent handlers.
Handler can be a single command.
Type: attribute set of (submodule)
Default: { }
Example:
{
ac-power = {
action = ''
vals=($1) # space separated string to array of multiple values
case ''${vals[3]} in
00000000)
echo unplugged >> /tmp/acpi.log
;;
00000001)
echo plugged in >> /tmp/acpi.log
;;
*)
echo unknown >> /tmp/acpi.log
;;
esac
'';
event = "ac_adapter/*";
};
}Declared by:
<nixpkgs/nixos/modules/services/hardware/acpid.nix>
|
services.acpid.handlers.<name>.actionShell commands to execute when the event is triggered.
Type: strings concatenated with "\n"
Declared by:
<nixpkgs/nixos/modules/services/hardware/acpid.nix>
|
services.acpid.handlers.<name>.eventEvent type.
Type: string
Example: "button/power.*" "button/lid.*" "ac_adapter.*" "button/mute.*" "button/volumedown.*" "cd/play.*" "cd/next.*"
Declared by:
<nixpkgs/nixos/modules/services/hardware/acpid.nix>
|
services.acpid.lidEventCommandsShell commands to execute on a button/lid.* event.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/hardware/acpid.nix>
|
services.acpid.logEventsLog all event activity.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/hardware/acpid.nix>
|
services.acpid.powerEventCommandsShell commands to execute on a button/power.* event.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/hardware/acpid.nix>
|
services.activemq.enableEnable the Apache ActiveMQ message broker service.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/amqp/activemq/default.nix>
|
services.activemq.baseDirThe base directory where ActiveMQ stores its persistent data and logs.
This will be overridden if you set "activemq.base" and "activemq.data"
in the javaProperties option. You can also override
this in activemq.xml.
Type: string
Default: "/var/activemq"
Declared by:
<nixpkgs/nixos/modules/services/amqp/activemq/default.nix>
|
services.activemq.configurationDirThe base directory for ActiveMQ's configuration. By default, this directory is searched for a file named activemq.xml, which should contain the configuration for the broker service.
Type: string
Default: "${pkgs.activemq}/conf"
Declared by:
<nixpkgs/nixos/modules/services/amqp/activemq/default.nix>
|
services.activemq.configurationURIThe URI that is passed along to the BrokerFactory to
set up the configuration of the ActiveMQ broker service.
You should not need to change this. For custom configuration,
set the configurationDir instead, and create
an activemq.xml configuration file in it.
Type: string
Default: "xbean:activemq.xml"
Declared by:
<nixpkgs/nixos/modules/services/amqp/activemq/default.nix>
|
services.activemq.extraJavaOptionsAdd extra options here that you want to be sent to the Java runtime when the broker service is started.
Type: strings concatenated with " "
Default: ""
Example: "-Xmx2G -Xms2G -XX:MaxPermSize=512M"
Declared by:
<nixpkgs/nixos/modules/services/amqp/activemq/default.nix>
|
services.activemq.javaPropertiesSpecifies Java properties that are sent to the ActiveMQ broker service with the "-D" option. You can set properties here to change the behaviour and configuration of the broker. All essential properties that are not set here are automatically given reasonable defaults.
Type: attribute set
Default: { }
Example:
{
"java.net.preferIPv4Stack" = "true";
}
Declared by:
<nixpkgs/nixos/modules/services/amqp/activemq/default.nix>
|
services.actkbd.enableWhether to enable the actkbd key mapping daemon.
Turning this on will start an actkbd instance for every evdev input that has at least one key (which is okay even for systems with tiny memory footprint, since actkbd normally uses <100 bytes of memory per instance).
This allows binding keys globally without the need for e.g. X11.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/hardware/actkbd.nix>
|
services.actkbd.bindingsKey bindings for actkbd.
See actkbd README for documentation.
The example shows a piece of what sound.mediaKeys.enable does when enabled.
Type: list of (submodule)
Default: [ ]
Example:
[ { keys = [ 113 ]; events = [ "key" ]; command = "${pkgs.alsa-utils}/bin/amixer -q set Master toggle"; }
]
Declared by:
<nixpkgs/nixos/modules/services/hardware/actkbd.nix>
|
services.actkbd.bindings.*.attributesList of attributes.
Type: list of string
Default:
[ "exec" ]
Declared by:
<nixpkgs/nixos/modules/services/hardware/actkbd.nix>
|
services.actkbd.bindings.*.commandWhat to run.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/hardware/actkbd.nix>
|
services.actkbd.bindings.*.eventsList of events to match.
Type: list of (one of "key", "rep", "rel")
Default:
[ "key" ]
Declared by:
<nixpkgs/nixos/modules/services/hardware/actkbd.nix>
|
services.actkbd.bindings.*.keysList of keycodes to match.
Type: list of signed integer
Declared by:
<nixpkgs/nixos/modules/services/hardware/actkbd.nix>
|
services.actkbd.extraConfigLiteral contents to append to the end of actkbd configuration file.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/hardware/actkbd.nix>
|
services.adguardhome.enableWhether to enable AdGuard Home network-wide ad blocker.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/adguardhome.nix>
|
services.adguardhome.extraArgsExtra command line parameters to be passed to the adguardhome binary.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/adguardhome.nix>
|
services.adguardhome.mutableSettingsAllow changes made on the AdGuard Home web interface to persist between service restarts.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/adguardhome.nix>
|
services.adguardhome.openFirewallOpen ports in the firewall for the AdGuard Home web interface. Does not open the port needed to access the DNS resolver.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/adguardhome.nix>
|
services.adguardhome.settingsAdGuard Home configuration. Refer to https://github.com/AdguardTeam/AdGuardHome/wiki/Configuration#configuration-file for details on supported values.
On start and if mutableSettings is true,
these options are merged into the configuration file on start, taking
precedence over configuration changes made on the web interface.
Set this to null (default) for a non-declarative configuration without any
Nix-supplied values.
Declarative configurations are supplied with a default schema_version, bind_host, and bind_port.
Type: null or (YAML value)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/adguardhome.nix>
|
services.adguardhome.settings.bind_hostHost address to bind HTTP server to.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/networking/adguardhome.nix>
|
services.adguardhome.settings.bind_portPort to serve HTTP pages on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 3000
Declared by:
<nixpkgs/nixos/modules/services/networking/adguardhome.nix>
|
services.adguardhome.settings.schema_versionSchema version for the configuration.
Defaults to the schema_version supplied by pkgs.adguardhome.
Type: signed integer
Default: pkgs.adguardhome.schema_version
Declared by:
<nixpkgs/nixos/modules/services/networking/adguardhome.nix>
|
services.aerospike.enableWhether to enable Aerospike server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/databases/aerospike.nix>
|
services.aerospike.packageWhich Aerospike derivation to use
Type: package
Default: pkgs.aerospike
Declared by:
<nixpkgs/nixos/modules/services/databases/aerospike.nix>
|
services.aerospike.extraConfigExtra configuration
Type: strings concatenated with "\n"
Default: ""
Example:
''
namespace test {
replication-factor 2
memory-size 4G
default-ttl 30d
storage-engine memory
}
''Declared by:
<nixpkgs/nixos/modules/services/databases/aerospike.nix>
|
services.aerospike.networkConfignetwork section of configuration file
Type: strings concatenated with "\n"
Default:
''
service {
address any
port 3000
}
heartbeat {
address any
mode mesh
port 3002
interval 150
timeout 10
}
fabric {
address any
port 3001
}
info {
address any
port 3003
}
''Declared by:
<nixpkgs/nixos/modules/services/databases/aerospike.nix>
|
services.aerospike.workDirLocation where Aerospike stores its files
Type: string
Default: "/var/lib/aerospike"
Declared by:
<nixpkgs/nixos/modules/services/databases/aerospike.nix>
|
services.aesmd.enableWhether to enable Intel's Architectural Enclave Service Manager (AESM) for Intel SGX.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/security/aesmd.nix>
|
services.aesmd.debugWhether to build the PSW package in debug mode.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/security/aesmd.nix>
|
services.aesmd.settingsAESM configuration
Type: submodule
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/security/aesmd.nix>
|
services.aesmd.settings.defaultQuotingTypeAttestation quote type.
Type: null or one of "ecdsa_256", "epid_linkable", "epid_unlinkable"
Default: null
Example: "ecdsa_256"
Declared by:
<nixpkgs/nixos/modules/services/security/aesmd.nix>
|
services.aesmd.settings.proxyHTTP network proxy.
Type: null or string
Default: null
Example: "http://proxy_url:1234"
Declared by:
<nixpkgs/nixos/modules/services/security/aesmd.nix>
|
services.aesmd.settings.proxyTypeType of proxy to use. The default uses the system's default proxy.
If direct is given, uses no proxy.
A value of manual uses the proxy from
services.aesmd.settings.proxy.
Type: null or one of "default", "direct", "manual"
Default:
if (config.services.aesmd.settings.proxy != null) then "manual" else null
Example: "default"
Declared by:
<nixpkgs/nixos/modules/services/security/aesmd.nix>
|
services.aesmd.settings.whitelistUrlURL to retrieve authorized Intel SGX enclave signers.
Type: null or string
Default: null
Example: "http://whitelist.trustedservices.intel.com/SGX/LCWL/Linux/sgx_white_list_cert.bin"
Declared by:
<nixpkgs/nixos/modules/services/security/aesmd.nix>
|
services.agate.enableWhether to enable Agate Server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-servers/agate.nix>
|
services.agate.packageThe package to use
Type: package
Default: pkgs.agate
Declared by:
<nixpkgs/nixos/modules/services/web-servers/agate.nix>
|
services.agate.addressesAddresses to listen on, IP:PORT, if you haven't disabled forwarding only set IPv4.
Type: list of string
Default:
[ "0.0.0.0:1965" ]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/agate.nix>
|
services.agate.certificatesDirRoot of the certificate directory.
Type: path
Default: "/var/lib/agate/certificates"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/agate.nix>
|
services.agate.contentDirRoot of the content directory.
Type: path
Default: "/var/lib/agate/content"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/agate.nix>
|
services.agate.extraArgsExtra arguments to use running agate.
Type: list of string
Default:
[ "" ]
Example:
[ "--log-ip" ]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/agate.nix>
|
services.agate.hostnamesDomain name of this Gemini server, enables checking hostname and port in requests. (multiple occurrences means basic vhosts)
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/agate.nix>
|
services.agate.languageRFC 4646 Language code for text/gemini documents.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-servers/agate.nix>
|
services.agate.onlyTls_1_3Only use TLSv1.3 (default also allows TLSv1.2).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/agate.nix>
|
services.airsonic.enableWhether to enable Airsonic, the Free and Open Source media streaming server (fork of Subsonic and Libresonic).
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/airsonic.nix>
|
services.airsonic.contextPathThe context path, i.e., the last part of the Airsonic URL. Typically '/' or '/airsonic'. Default '/'
Type: path
Default: "/"
Declared by:
<nixpkgs/nixos/modules/services/misc/airsonic.nix>
|
services.airsonic.homeThe directory where Airsonic will create files. Make sure it is writable.
Type: path
Default: "/var/lib/airsonic"
Declared by:
<nixpkgs/nixos/modules/services/misc/airsonic.nix>
|
services.airsonic.jreJRE package to use.
Airsonic only supports Java 8, airsonic-advanced requires at least Java 11.
Type: package
Default: pkgs.jre8
Declared by:
<nixpkgs/nixos/modules/services/misc/airsonic.nix>
|
services.airsonic.jvmOptionsExtra command line options for the JVM running AirSonic. Useful for sending jukebox output to non-default alsa devices.
Type: list of string
Default: [ ]
Example:
[ "-Djavax.sound.sampled.Clip='#CODEC [plughw:1,0]'" "-Djavax.sound.sampled.Port='#Port CODEC [hw:1]'" "-Djavax.sound.sampled.SourceDataLine='#CODEC [plughw:1,0]'" "-Djavax.sound.sampled.TargetDataLine='#CODEC [plughw:1,0]'" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/airsonic.nix>
|
services.airsonic.listenAddressThe host name or IP address on which to bind Airsonic. The default value is appropriate for first launch, when the default credentials are easy to guess. It is also appropriate if you intend to use the virtualhost option in the service module. In other cases, you may want to change this to a specific IP or 0.0.0.0 to listen on all interfaces.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/misc/airsonic.nix>
|
services.airsonic.maxMemoryThe memory limit (max Java heap size) in megabytes. Default: 100
Type: signed integer
Default: 100
Declared by:
<nixpkgs/nixos/modules/services/misc/airsonic.nix>
|
services.airsonic.portThe port on which Airsonic will listen for incoming HTTP traffic. Set to 0 to disable.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 4040
Declared by:
<nixpkgs/nixos/modules/services/misc/airsonic.nix>
|
services.airsonic.transcodersList of paths to transcoder executables that should be accessible from Airsonic. Symlinks will be created to each executable inside ${config.services.airsonic.home}/transcoders.
Type: list of path
Default: [ "${pkgs.ffmpeg.bin}/bin/ffmpeg" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/airsonic.nix>
|
services.airsonic.userUser account under which airsonic runs.
Type: string
Default: "airsonic"
Declared by:
<nixpkgs/nixos/modules/services/misc/airsonic.nix>
|
services.airsonic.virtualHostName of the nginx virtualhost to use and setup. If null, do not setup any virtualhost.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/airsonic.nix>
|
services.airsonic.warAirsonic war file to use.
Type: path
Default: "${pkgs.airsonic}/webapps/airsonic.war"
Declared by:
<nixpkgs/nixos/modules/services/misc/airsonic.nix>
|
services.alerta.enableWhether to enable alerta.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/alerta.nix>
|
services.alerta.authenticationRequiredWhether users must authenticate when using the web UI or command-line tool
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/alerta.nix>
|
services.alerta.bindAddress to bind to. The default is to bind to all addresses
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/alerta.nix>
|
services.alerta.corsOriginsList of URLs that can access the API for Cross-Origin Resource Sharing (CORS)
Type: list of string
Default:
[ "http://localhost" "http://localhost:5000" ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/alerta.nix>
|
services.alerta.databaseNameName of the database instance to connect to
Type: string
Default: "monitoring"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/alerta.nix>
|
services.alerta.databaseUrlURL of the MongoDB or PostgreSQL database to connect to
Type: string
Default: "mongodb://localhost"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/alerta.nix>
|
services.alerta.extraConfigThese lines go into alertad.conf verbatim.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/alerta.nix>
|
services.alerta.logDirLocation where the logfiles are stored
Type: path
Default: "/var/log/alerta"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/alerta.nix>
|
services.alerta.portPort of Alerta
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 5000
Declared by:
<nixpkgs/nixos/modules/services/monitoring/alerta.nix>
|
services.alerta.signupEnabledWhether to prevent sign-up of new users via the web UI
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/alerta.nix>
|
services.alps.enableWhether to enable alps.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/alps.nix>
|
services.alps.bindIPThe IP the service should listen on.
Type: string
Default: "[::]"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/alps.nix>
|
services.alps.imaps.hostThe IMAPS server address.
Type: string
Default: "[::1]"
Example: "mail.example.org"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/alps.nix>
|
services.alps.imaps.portThe IMAPS server port.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 993
Declared by:
<nixpkgs/nixos/modules/services/web-apps/alps.nix>
|
services.alps.portTCP port the service should listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 1323
Declared by:
<nixpkgs/nixos/modules/services/web-apps/alps.nix>
|
services.alps.smtps.hostThe SMTPS server address.
Type: string
Default: "services.alps.imaps.host"
Example: "mail.example.org"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/alps.nix>
|
services.alps.smtps.portThe SMTPS server port.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 465
Declared by:
<nixpkgs/nixos/modules/services/web-apps/alps.nix>
|
services.alps.themeThe frontend's theme to use.
Type: one of "alps", "sourcehut"
Default: "sourcehut"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/alps.nix>
|
services.amule.enableWhether to run the AMule daemon. You need to manually run "amuled --ec-config" to configure the service for the first time.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/amuled.nix>
|
services.amule.dataDirThe directory holding configuration, incoming and temporary files.
Type: string
Default:
"/home/${config.services.amule.user}/"
Declared by:
<nixpkgs/nixos/modules/services/networking/amuled.nix>
|
services.amule.userThe user the AMule daemon should run as.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/amuled.nix>
|
services.ananicy.enableWhether to enable Ananicy, an auto nice daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/ananicy.nix>
|
services.ananicy.packageWhich ananicy package to use.
Type: package
Default: pkgs.ananicy
Example: pkgs.ananicy-cpp
Declared by:
<nixpkgs/nixos/modules/services/misc/ananicy.nix>
|
services.ananicy.extraRulesExtra rules in json format on separate lines. See: https://github.com/Nefelim4ag/Ananicy#configuration https://gitlab.com/ananicy-cpp/ananicy-cpp/#global-configuration
Type: string
Default: ""
Example:
''
{ "name": "eog", "type": "Image-View" }
{ "name": "fdupes", "type": "BG_CPUIO" }
''
Declared by:
<nixpkgs/nixos/modules/services/misc/ananicy.nix>
|
services.ananicy.settingsSee https://github.com/Nefelim4ag/Ananicy/blob/master/ananicy.d/ananicy.conf
Type: attribute set of (signed integer or boolean or string)
Default: { }
Example:
{
apply_nice = false;
}Declared by:
<nixpkgs/nixos/modules/services/misc/ananicy.nix>
|
services.ankisyncd.enableWhether to enable ankisyncd.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/ankisyncd.nix>
|
services.ankisyncd.packageThe package to use for the ankisyncd command.
Type: package
Default: pkgs.ankisyncd
Declared by:
<nixpkgs/nixos/modules/services/misc/ankisyncd.nix>
|
services.ankisyncd.hostankisyncd host
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/misc/ankisyncd.nix>
|
services.ankisyncd.openFirewallWhether to open the firewall for the specified port.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/ankisyncd.nix>
|
services.ankisyncd.portankisyncd port
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 27701
Declared by:
<nixpkgs/nixos/modules/services/misc/ankisyncd.nix>
|
services.antennas.enableWhether to enable Antennas.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/antennas.nix>
|
services.antennas.antennasUrlURL of Antennas.
Type: string
Default: "http://127.0.0.1:5004"
Declared by:
<nixpkgs/nixos/modules/services/networking/antennas.nix>
|
services.antennas.deviceUUIDDevice tuner UUID. Change this if you are running multiple instances.
Type: string
Default: "2f70c0d7-90a3-4429-8275-cbeeee9cd605"
Declared by:
<nixpkgs/nixos/modules/services/networking/antennas.nix>
|
services.antennas.tunerCountNumbers of tuners in tvheadend.
Type: signed integer
Default: 6
Declared by:
<nixpkgs/nixos/modules/services/networking/antennas.nix>
|
services.antennas.tvheadendUrlURL of Tvheadend.
Type: string
Default: "http://localhost:9981"
Declared by:
<nixpkgs/nixos/modules/services/networking/antennas.nix>
|
services.apache-kafka.enableWhether to enable Apache Kafka.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/apache-kafka.nix>
|
services.apache-kafka.packageThe kafka package to use
Type: package
Default: pkgs.apacheKafka
Declared by:
<nixpkgs/nixos/modules/services/misc/apache-kafka.nix>
|
services.apache-kafka.brokerIdBroker ID.
Type: signed integer
Default: -1
Declared by:
<nixpkgs/nixos/modules/services/misc/apache-kafka.nix>
|
services.apache-kafka.extraPropertiesExtra properties for server.properties.
Type: null or strings concatenated with "\n"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/apache-kafka.nix>
|
services.apache-kafka.hostnameHostname the broker should bind to.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/misc/apache-kafka.nix>
|
services.apache-kafka.jreThe JRE with which to run Kafka
Type: package
Default: pkgs.apacheKafka.passthru.jre
Declared by:
<nixpkgs/nixos/modules/services/misc/apache-kafka.nix>
|
services.apache-kafka.jvmOptionsExtra command line options for the JVM running Kafka.
Type: list of string
Default: [ ]
Example:
[ "-Djava.net.preferIPv4Stack=true" "-Dcom.sun.management.jmxremote" "-Dcom.sun.management.jmxremote.local.only=true" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/apache-kafka.nix>
|
services.apache-kafka.log4jPropertiesKafka log4j property configuration.
Type: strings concatenated with "\n"
Default:
'' log4j.rootLogger=INFO, stdout log4j.appender.stdout=org.apache.log4j.ConsoleAppender log4j.appender.stdout.layout=org.apache.log4j.PatternLayout log4j.appender.stdout.layout.ConversionPattern=[%d] %p %m (%c)%n ''
Declared by:
<nixpkgs/nixos/modules/services/misc/apache-kafka.nix>
|
services.apache-kafka.logDirsLog file directories
Type: list of path
Default:
[ "/tmp/kafka-logs" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/apache-kafka.nix>
|
services.apache-kafka.portPort number the broker should listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9092
Declared by:
<nixpkgs/nixos/modules/services/misc/apache-kafka.nix>
|
services.apache-kafka.serverPropertiesComplete server.properties content. Other server.properties config options will be ignored if this option is used.
Type: null or strings concatenated with "\n"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/apache-kafka.nix>
|
services.apache-kafka.zookeeperZookeeper connection string
Type: string
Default: "localhost:2181"
Declared by:
<nixpkgs/nixos/modules/services/misc/apache-kafka.nix>
|
services.apcupsd.enableWhether to enable the APC UPS daemon. apcupsd monitors your UPS and permits orderly shutdown of your computer in the event of a power failure. User manual: http://www.apcupsd.com/manual/manual.html. Note that apcupsd runs as root (to allow shutdown of computer). You can check the status of your UPS with the "apcaccess" command.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/apcupsd.nix>
|
services.apcupsd.configTextContents of the runtime configuration file, apcupsd.conf. The default settings makes apcupsd autodetect USB UPSes, limit network access to localhost and shutdown the system when the battery level is below 50 percent, or when the UPS has calculated that it has 5 minutes or less of remaining power-on time. See man apcupsd.conf for details.
Type: strings concatenated with "\n"
Default:
'' UPSTYPE usb NISIP 127.0.0.1 BATTERYLEVEL 50 MINUTES 5 ''
Declared by:
<nixpkgs/nixos/modules/services/monitoring/apcupsd.nix>
|
services.apcupsd.hooksEach attribute in this option names an apcupsd event and the string value it contains will be executed in a shell, in response to that event (prior to the default action). See "man apccontrol" for the list of events and what they represent.
A hook script can stop apccontrol from doing its default action by exiting with value 99. Do not do this unless you know what you're doing.
Type: attribute set of strings concatenated with "\n"
Default: { }
Example:
{
doshutdown = "# shell commands to notify that the computer is shutting down";
}Declared by:
<nixpkgs/nixos/modules/services/monitoring/apcupsd.nix>
|
services.arbtt.enableWhether to enable Arbtt statistics capture service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/arbtt.nix>
|
services.arbtt.packageThe package to use for the arbtt binaries.
Type: package
Default: pkgs.haskellPackages.arbtt
Declared by:
<nixpkgs/nixos/modules/services/monitoring/arbtt.nix>
|
services.arbtt.logFileThe log file for captured samples.
Type: string
Default: "%h/.arbtt/capture.log"
Example: "/home/username/.arbtt-capture.log"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/arbtt.nix>
|
services.arbtt.sampleRateThe sampling interval in seconds.
Type: signed integer
Default: 60
Example: 120
Declared by:
<nixpkgs/nixos/modules/services/monitoring/arbtt.nix>
|
services.archisteamfarm.enableIf enabled, starts the ArchisSteamFarm service. For configuring the SteamGuard token you will need to use the web-ui, which is enabled by default over on 127.0.0.1:1242. You cannot configure ASF in any way outside of nix, since all the config files get wiped on restart and replaced with the programnatically set ones by nix.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/games/asf.nix>
|
services.archisteamfarm.packagePackage to use. Should always be the latest version, for security reasons, since this module uses very new features and to not get out of sync with the Steam API.
Type: package
Default: pkgs.ArchiSteamFarm
Declared by:
<nixpkgs/nixos/modules/services/games/asf.nix>
|
services.archisteamfarm.botsBots name and configuration.
Type: attribute set of (submodule)
Default: { }
Example:
{
exampleBot = {
passwordFile = "/var/lib/asf/secrets/password";
settings = {
SteamParentalCode = "1234";
};
username = "alice";
};
}Declared by:
<nixpkgs/nixos/modules/services/games/asf.nix>
|
services.archisteamfarm.bots.<name>.enabledWhether to enable the bot on startup.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/games/asf.nix>
|
services.archisteamfarm.bots.<name>.passwordFilePath to a file containing the password. The file must be readable by the asf user/group.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/games/asf.nix>
|
services.archisteamfarm.bots.<name>.settingsAdditional settings that are documented here.
Type: attribute set
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/games/asf.nix>
|
services.archisteamfarm.bots.<name>.usernameName of the user to log in. Default is attribute name.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/games/asf.nix>
|
services.archisteamfarm.dataDirThe ASF home directory used to store all data. If left as the default value this directory will automatically be created before the ASF server starts, otherwise the sysadmin is responsible for ensuring the directory exists with appropriate ownership and permissions.
Type: path
Default: "/var/lib/asf"
Declared by:
<nixpkgs/nixos/modules/services/games/asf.nix>
|
services.archisteamfarm.ipcPasswordFilePath to a file containing the password. The file must be readable by the asf user/group.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/games/asf.nix>
|
services.archisteamfarm.ipcSettingsSettings to write to IPC.config. All options can be found here.
Type: JSON value
Default: { }
Example:
{
Kestrel = {
Endpoints = {
HTTP = {
Url = "http://*:1242";
};
};
};
}Declared by:
<nixpkgs/nixos/modules/services/games/asf.nix>
|
services.archisteamfarm.settingsThe ASF.json file, all the options are documented here.
Do note that AutoRestart and UpdateChannel is always to false respectively 0 because NixOS takes care of updating everything.
Headless is also always set to true because there is no way to provide inputs via a systemd service.
You should try to keep ASF up to date since upstream does not provide support for anything but the latest version and you're exposing yourself to all kinds of issues - as is outlined here.
Type: JSON value
Default: { }
Example:
{
Statistics = false;
}Declared by:
<nixpkgs/nixos/modules/services/games/asf.nix>
|
services.archisteamfarm.web-uiThe Web-UI hosted on 127.0.0.1:1242.
Type: submodule
Default:
{
enable = true;
}Example:
{
enable = false;
}Declared by:
<nixpkgs/nixos/modules/services/games/asf.nix>
|
services.archisteamfarm.web-ui.enableWhether to start the web-ui. This is the preferred way of configuring things such as the steam guard token.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/games/asf.nix>
|
services.archisteamfarm.web-ui.packageWeb-UI package to use. Contents must be in lib/dist.
Type: package
Default: pkgs.ArchiSteamFarm.ui
Declared by:
<nixpkgs/nixos/modules/services/games/asf.nix>
|
services.aria2.enableWhether or not to enable the headless Aria2 daemon service.
Aria2 daemon can be controlled via the RPC interface using one of many WebUI (http://localhost:6800/ by default).
Targets are downloaded to /var/lib/aria2/Downloads by default and are accessible to users in the "aria2" group.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/aria2.nix>
|
services.aria2.downloadDirDirectory to store downloaded files.
Type: path
Default: "/var/lib/aria2/Downloads"
Declared by:
<nixpkgs/nixos/modules/services/networking/aria2.nix>
|
services.aria2.extraArgumentsAdditional arguments to be passed to Aria2.
Type: strings concatenated with " "
Default: ""
Example: "--rpc-listen-all --remote-time=true"
Declared by:
<nixpkgs/nixos/modules/services/networking/aria2.nix>
|
services.aria2.listenPortRangeSet UDP listening port range used by DHT(IPv4, IPv6) and UDP tracker.
Type: list of (attribute set)
Default:
[
{
from = 6881;
to = 6999;
}
]Declared by:
<nixpkgs/nixos/modules/services/networking/aria2.nix>
|
services.aria2.openPortsOpen listen and RPC ports found in listenPortRange and rpcListenPort options in the firewall.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/aria2.nix>
|
services.aria2.rpcListenPortSpecify a port number for JSON-RPC/XML-RPC server to listen to. Possible Values: 1024-65535
Type: signed integer
Default: 6800
Declared by:
<nixpkgs/nixos/modules/services/networking/aria2.nix>
|
services.aria2.rpcSecretSet RPC secret authorization token. Read https://aria2.github.io/manual/en/html/aria2c.html#rpc-auth to know how this option value is used.
Type: string
Default: "aria2rpc"
Declared by:
<nixpkgs/nixos/modules/services/networking/aria2.nix>
|
services.asterisk.enableWhether to enable the Asterisk PBX server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/asterisk.nix>
|
services.asterisk.packageThe Asterisk package to use.
Type: package
Default: pkgs.asterisk
Declared by:
<nixpkgs/nixos/modules/services/networking/asterisk.nix>
|
services.asterisk.confFilesSets the content of config files (typically ending with
.conf) in the Asterisk configuration directory.
Note that if you want to change asterisk.conf, it
is preferable to use the services.asterisk.extraConfig
option over this option. If "asterisk.conf" is
specified with the confFiles option (not recommended),
you must be prepared to set your own astetcdir
path.
See http://www.asterisk.org/community/documentation for more examples of what is possible here.
Type: attribute set of string
Default: { }
Example:
{
"extensions.conf" = ''
[tests]
; Dial 100 for "hello, world"
exten => 100,1,Answer()
same => n,Wait(1)
same => n,Playback(hello-world)
same => n,Hangup()
[softphones]
include => tests
[unauthorized]
'';
"sip.conf" = ''
[general]
allowguest=no ; Require authentication
context=unauthorized ; Send unauthorized users to /dev/null
srvlookup=no ; Don't do DNS lookup
udpbindaddr=0.0.0.0 ; Listen on all interfaces
nat=force_rport,comedia ; Assume device is behind NAT
[softphone](!)
type=friend ; Match on username first, IP second
context=softphones ; Send to softphones context in
; extensions.conf file
host=dynamic ; Device will register with asterisk
disallow=all ; Manually specify codecs to allow
allow=g722
allow=ulaw
allow=alaw
[myphone](softphone)
secret=GhoshevFew ; Change this password!
'';
"logger.conf" = ''
[general]
[logfiles]
; Add debug output to log
syslog.local0 => notice,warning,error,debug
'';
}
Declared by:
<nixpkgs/nixos/modules/services/networking/asterisk.nix>
|
services.asterisk.extraArgumentsAdditional command line arguments to pass to Asterisk.
Type: list of string
Default: [ ]
Example:
[ "-vvvddd" "-e" "1024" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/asterisk.nix>
|
services.asterisk.extraConfigExtra configuration options appended to the default
asterisk.conf file.
Type: strings concatenated with "\n"
Default: ""
Example:
'' [options] verbose=3 debug=3 ''
Declared by:
<nixpkgs/nixos/modules/services/networking/asterisk.nix>
|
services.asterisk.useTheseDefaultConfFilesSets these config files to the default content. The default value for
this option contains all necesscary files to avoid errors at startup.
This does not override settings via services.asterisk.confFiles.
Type: list of string
Default:
[ "ari.conf" "acl.conf" "agents.conf" "amd.conf" "calendar.conf" "cdr.conf" "cdr_syslog.conf" "cdr_custom.conf" "cel.conf" "cel_custom.conf" "cli_aliases.conf" "confbridge.conf" "dundi.conf" "features.conf" "hep.conf" "iax.conf" "pjsip.conf" "pjsip_wizard.conf" "phone.conf" "phoneprov.conf" "queues.conf" "res_config_sqlite3.conf" "res_parking.conf" "statsd.conf" "udptl.conf" "unistim.conf" ]
Example:
[ "sip.conf" "dundi.conf" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/asterisk.nix>
|
services.asusd.enableWhether to enable the asusd service for ASUS ROG laptops.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/hardware/asusd.nix>
|
services.asusd.enableUserServiceActivate the asusd-user service.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/hardware/asusd.nix>
|
services.asusd.animeConfigThe content of /etc/asusd/anime.conf. See https://asus-linux.org/asusctl/#anime-control.
Type: JSON value
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/hardware/asusd.nix>
|
services.asusd.asusdConfigThe content of /etc/asusd/asusd.conf. See https://asus-linux.org/asusctl/.
Type: JSON value
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/hardware/asusd.nix>
|
services.asusd.auraConfigThe content of /etc/asusd/aura.conf. See https://asus-linux.org/asusctl/#led-keyboard-control.
Type: JSON value
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/hardware/asusd.nix>
|
services.asusd.ledModesConfigThe content of /etc/asusd/asusd-ledmodes.toml. Leave null to use default settings.
See https://asus-linux.org/asusctl/#led-keyboard-control.
Type: null or TOML value
Default: null
Declared by:
<nixpkgs/nixos/modules/services/hardware/asusd.nix>
|
services.asusd.profileConfigThe content of /etc/asusd/profile.conf. See https://asus-linux.org/asusctl/#profiles.
Type: null or string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/hardware/asusd.nix>
|
services.asusd.userLedModesConfigThe content of /etc/asusd/asusd-user-ledmodes.toml. See https://asus-linux.org/asusctl/#led-keyboard-control.
Type: null or TOML value
Default: null
Declared by:
<nixpkgs/nixos/modules/services/hardware/asusd.nix>
|
services.atd.enableWhether to enable the at daemon, a command scheduler.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/scheduling/atd.nix>
|
services.atd.allowEveryoneWhether to make /var/spool/at{jobs,spool}
writeable by everyone (and sticky). This is normally not
needed since the at commands are
setuid/setgid atd.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/scheduling/atd.nix>
|
services.atftpd.enableWhether to enable the atftpd TFTP server. By default, the server binds to address 0.0.0.0.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/atftpd.nix>
|
services.atftpd.extraOptionsExtra command line arguments to pass to atftp.
Type: list of string
Default: [ ]
Example:
[ "--bind-address 192.168.9.1" "--verbose=7" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/atftpd.nix>
|
services.atftpd.rootDocument root directory for the atftpd.
Type: path
Default: "/srv/tftp"
Declared by:
<nixpkgs/nixos/modules/services/networking/atftpd.nix>
|
services.atuin.enableWhether to enable Enable server for shell history sync with atuin..
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/atuin.nix>
|
services.atuin.hostThe host address the atuin server should listen on.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/misc/atuin.nix>
|
services.atuin.openFirewallOpen ports in the firewall for the atuin server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/atuin.nix>
|
services.atuin.openRegistrationAllow new user registrations with the atuin server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/atuin.nix>
|
services.atuin.pathA path to prepend to all the routes of the server.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/misc/atuin.nix>
|
services.atuin.portThe port the atuin server should listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8888
Declared by:
<nixpkgs/nixos/modules/services/misc/atuin.nix>
|
services.auto-cpufreq.enableWhether to enable auto-cpufreq daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/hardware/auto-cpufreq.nix>
|
services.autofs.enableMount filesystems on demand. Unmount them automatically. You may also be interested in afuse.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/autofs.nix>
|
services.autofs.autoMasterContents of /etc/auto.master file. See auto.master(5) and autofs(5).
Type: string
Example:
let
mapConf = pkgs.writeText "auto" ''
kernel -ro,soft,intr ftp.kernel.org:/pub/linux
boot -fstype=ext2 :/dev/hda1
windoze -fstype=smbfs ://windoze/c
removable -fstype=ext2 :/dev/hdd
cd -fstype=iso9660,ro :/dev/hdc
floppy -fstype=auto :/dev/fd0
server -rw,hard,intr / -ro myserver.me.org:/ \
/usr myserver.me.org:/usr \
/home myserver.me.org:/home
'';
in ''
/auto file:${mapConf}
''
Declared by:
<nixpkgs/nixos/modules/services/misc/autofs.nix>
|
services.autofs.debugPass -d and -7 to automount and write log to the system journal.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/autofs.nix>
|
services.autofs.timeoutSet the global minimum timeout, in seconds, until directories are unmounted
Type: signed integer
Default: 600
Declared by:
<nixpkgs/nixos/modules/services/misc/autofs.nix>
|
services.automatic-timezoned.enableEnable automatic-timezoned, simple daemon for keeping the system
timezone up-to-date based on the current location. It uses geoclue2 to
determine the current location and systemd-timedated to actually set
the timezone.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/system/automatic-timezoned.nix>
|
services.automatic-timezoned.packageWhich automatic-timezoned package to use.
Type: package
Default: pkgs.automatic-timezoned
Declared by:
<nixpkgs/nixos/modules/services/system/automatic-timezoned.nix>
|
services.automysqlbackup.enableWhether to enable AutoMySQLBackup.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/backup/automysqlbackup.nix>
|
services.automysqlbackup.calendarConfigured when to run the backup service systemd unit (DayOfWeek Year-Month-Day Hour:Minute:Second).
Type: string
Default: "01:15:00"
Declared by:
<nixpkgs/nixos/modules/services/backup/automysqlbackup.nix>
|
services.automysqlbackup.configautomysqlbackup configuration. Refer to
${pkgs.automysqlbackup}/etc/automysqlbackup.conf
for details on supported values.
Type: attribute set of (string or signed integer or boolean or list of string)
Default: { }
Example:
{
db_names = [ "nextcloud" "matomo" ];
table_exclude = [ "nextcloud.oc_users" "nextcloud.oc_whats_new" ];
mailcontent = "log";
mail_address = "admin@example.org";
}
Declared by:
<nixpkgs/nixos/modules/services/backup/automysqlbackup.nix>
|
services.autorandr.enableWhether to enable handling of hotplug and sleep events by autorandr.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/autorandr.nix>
|
services.autorandr.defaultTargetFallback if no monitor layout can be detected. See the docs (https://github.com/phillipberndt/autorandr/blob/v1.0/README.md#how-to-use) for further reference.
Type: string
Default: "default"
Declared by:
<nixpkgs/nixos/modules/services/misc/autorandr.nix>
|
services.autorandr.hooksGlobal hook scripts
Type: submodule
Default: { }
Example:
{
postswitch = {
"notify-i3" = "${pkgs.i3}/bin/i3-msg restart";
"change-background" = readFile ./change-background.sh;
"change-dpi" = ''
case "$AUTORANDR_CURRENT_PROFILE" in
default)
DPI=120
;;
home)
DPI=192
;;
work)
DPI=144
;;
*)
echo "Unknown profle: $AUTORANDR_CURRENT_PROFILE"
exit 1
esac
echo "Xft.dpi: $DPI" | ${pkgs.xorg.xrdb}/bin/xrdb -merge
'';
};
}
Declared by:
<nixpkgs/nixos/modules/services/misc/autorandr.nix>
|
services.autorandr.hooks.postswitchPostswitch hook executed after mode switch.
Type: attribute set of strings concatenated with "\n"
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/misc/autorandr.nix>
|
services.autorandr.hooks.predetectPredetect hook executed before autorandr attempts to run xrandr.
Type: attribute set of strings concatenated with "\n"
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/misc/autorandr.nix>
|
services.autorandr.hooks.preswitchPreswitch hook executed before mode switch.
Type: attribute set of strings concatenated with "\n"
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/misc/autorandr.nix>
|
services.autorandr.profilesAutorandr profiles specification.
Type: attribute set of (submodule)
Default: { }
Example:
{
"work" = {
fingerprint = {
eDP1 = "<EDID>";
DP1 = "<EDID>";
};
config = {
eDP1.enable = false;
DP1 = {
enable = true;
crtc = 0;
primary = true;
position = "0x0";
mode = "3840x2160";
gamma = "1.0:0.909:0.833";
rate = "60.00";
rotate = "left";
};
};
hooks.postswitch = readFile ./work-postswitch.sh;
};
}
Declared by:
<nixpkgs/nixos/modules/services/misc/autorandr.nix>
|
services.autorandr.profiles.<name>.configPer output profile configuration.
Type: attribute set of (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/misc/autorandr.nix>
|
services.autorandr.profiles.<name>.config.<name>.enableWhether to enable the output.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/misc/autorandr.nix>
|
services.autorandr.profiles.<name>.config.<name>.crtcOutput video display controller.
Type: null or unsigned integer, meaning >=0
Default: null
Example: 0
Declared by:
<nixpkgs/nixos/modules/services/misc/autorandr.nix>
|
services.autorandr.profiles.<name>.config.<name>.dpiOutput DPI configuration.
Type: null or positive integer, meaning >0
Default: null
Example: 96
Declared by:
<nixpkgs/nixos/modules/services/misc/autorandr.nix>
|
services.autorandr.profiles.<name>.config.<name>.gammaOutput gamma configuration.
Type: string
Default: ""
Example: "1.0:0.909:0.833"
Declared by:
<nixpkgs/nixos/modules/services/misc/autorandr.nix>
|
services.autorandr.profiles.<name>.config.<name>.modeOutput resolution.
Type: string
Default: ""
Example: "3840x2160"
Declared by:
<nixpkgs/nixos/modules/services/misc/autorandr.nix>
|
services.autorandr.profiles.<name>.config.<name>.positionOutput position
Type: string
Default: ""
Example: "5760x0"
Declared by:
<nixpkgs/nixos/modules/services/misc/autorandr.nix>
|
services.autorandr.profiles.<name>.config.<name>.primaryWhether output should be marked as primary
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/autorandr.nix>
|
services.autorandr.profiles.<name>.config.<name>.rateOutput framerate.
Type: string
Default: ""
Example: "60.00"
Declared by:
<nixpkgs/nixos/modules/services/misc/autorandr.nix>
|
services.autorandr.profiles.<name>.config.<name>.rotateOutput rotate configuration.
Type: null or one of "normal", "left", "right", "inverted"
Default: null
Example: "left"
Declared by:
<nixpkgs/nixos/modules/services/misc/autorandr.nix>
|
services.autorandr.profiles.<name>.config.<name>.scaleOutput scale configuration.
Either configure by pixels or a scaling factor. When using pixel method the
xrandr(1)
option
--scale-from
will be used; when using factor method the option
--scale
will be used.
This option is a shortcut version of the transform option and they are mutually exclusive.
Type: null or (submodule)
Default: null
Example:
{
x = 1.25;
y = 1.25;
}
Declared by:
<nixpkgs/nixos/modules/services/misc/autorandr.nix>
|
services.autorandr.profiles.<name>.config.<name>.scale.methodOutput scaling method.
Type: one of "factor", "pixel"
Default: "factor"
Example: "pixel"
Declared by:
<nixpkgs/nixos/modules/services/misc/autorandr.nix>
|
services.autorandr.profiles.<name>.config.<name>.scale.xHorizontal scaling factor/pixels.
Type: floating point number or positive integer, meaning >0
Declared by:
<nixpkgs/nixos/modules/services/misc/autorandr.nix>
|
services.autorandr.profiles.<name>.config.<name>.scale.yVertical scaling factor/pixels.
Type: floating point number or positive integer, meaning >0
Declared by:
<nixpkgs/nixos/modules/services/misc/autorandr.nix>
|
services.autorandr.profiles.<name>.config.<name>.transformRefer to xrandr(1) for the documentation of the transform matrix.
Type: null or (3×3 matrix of floating point numbers)
Default: null
Example:
[ [ 0.6 0.0 0.0 ] [ 0.0 0.6 0.0 ] [ 0.0 0.0 1.0 ] ]
Declared by:
<nixpkgs/nixos/modules/services/misc/autorandr.nix>
|
services.autorandr.profiles.<name>.fingerprintOutput name to EDID mapping.
Use autorandr --fingerprint to get current setup values.
Type: attribute set of string
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/misc/autorandr.nix>
|
services.autorandr.profiles.<name>.hooksProfile hook scripts.
Type: submodule
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/misc/autorandr.nix>
|
services.autorandr.profiles.<name>.hooks.postswitchPostswitch hook executed after mode switch.
Type: attribute set of strings concatenated with "\n"
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/misc/autorandr.nix>
|
services.autorandr.profiles.<name>.hooks.predetectPredetect hook executed before autorandr attempts to run xrandr.
Type: attribute set of strings concatenated with "\n"
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/misc/autorandr.nix>
|
services.autorandr.profiles.<name>.hooks.preswitchPreswitch hook executed before mode switch.
Type: attribute set of strings concatenated with "\n"
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/misc/autorandr.nix>
|
services.autossh.sessionsList of AutoSSH sessions to start as systemd services. Each service is named 'autossh-{session.name}'.
Type: list of (submodule)
Default: [ ]
Example:
[
{
extraArguments = "-N -D4343 billremote@socks.host.net";
monitoringPort = 20000;
name = "socks-peer";
user = "bill";
}
]Declared by:
<nixpkgs/nixos/modules/services/networking/autossh.nix>
|
services.autossh.sessions.*.extraArgumentsArguments to be passed to AutoSSH and retransmitted to SSH process. Some meaningful options include -N (don't run remote command), -D (open SOCKS proxy on local port), -R (forward remote port), -L (forward local port), -v (Enable debug). Check ssh manual for the complete list.
Type: strings concatenated with " "
Example: "-N -D4343 bill@socks.example.net"
Declared by:
<nixpkgs/nixos/modules/services/networking/autossh.nix>
|
services.autossh.sessions.*.monitoringPortPort to be used by AutoSSH for peer monitoring. Note, that AutoSSH also uses mport+1. Value of 0 disables the keep-alive style monitoring
Type: signed integer
Default: 0
Example: 20000
Declared by:
<nixpkgs/nixos/modules/services/networking/autossh.nix>
|
services.autossh.sessions.*.nameName of the local AutoSSH session
Type: string
Example: "socks-peer"
Declared by:
<nixpkgs/nixos/modules/services/networking/autossh.nix>
|
services.autossh.sessions.*.userName of the user the AutoSSH session should run as
Type: string
Example: "bill"
Declared by:
<nixpkgs/nixos/modules/services/networking/autossh.nix>
|
services.avahi.enableWhether to run the Avahi daemon, which allows Avahi clients to use Avahi's service discovery facilities and also allows the local machine to advertise its presence and services (through the mDNS responder implemented by `avahi-daemon').
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
|
services.avahi.allowPointToPointWhether to use POINTTOPOINT interfaces. Might make mDNS unreliable due to usually large latencies with such links and opens a potential security hole by allowing mDNS access from Internet connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
|
services.avahi.browseDomainsList of non-local DNS domains to be browsed.
Type: list of string
Default: [ ]
Example:
[ "0pointer.de" "zeroconf.org" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
|
services.avahi.cacheEntriesMaxNumber of resource records to be cached per interface. Use 0 to disable caching. Avahi daemon defaults to 4096 if not set.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
|
services.avahi.domainNameDomain name for all advertisements.
Type: string
Default: "local"
Declared by:
<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
|
services.avahi.extraConfigExtra config to append to avahi-daemon.conf.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
|
services.avahi.extraServiceFilesSpecify custom service definitions which are placed in the avahi service directory. See the avahi.service(5) manpage for detailed information.
Type: attribute set of (string or path)
Default: { }
Example:
{
ssh = "${pkgs.avahi}/etc/avahi/services/ssh.service";
smb = ''
<?xml version="1.0" standalone='no'?><!--*-nxml-*-->
<!DOCTYPE service-group SYSTEM "avahi-service.dtd">
<service-group>
<name replace-wildcards="yes">%h</name>
<service>
<type>_smb._tcp</type>
<port>445</port>
</service>
</service-group>
'';
}
Declared by:
<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
|
services.avahi.hostNameHost name advertised on the LAN. If not set, avahi will use the value
of config.networking.hostName.
Type: string
Default: config.networking.hostName
Declared by:
<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
|
services.avahi.interfacesList of network interfaces that should be used by the avahi-daemon.
Other interfaces will be ignored. If null, all local interfaces
except loopback and point-to-point will be used.
Type: null or (list of string)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
|
services.avahi.ipv4Whether to use IPv4.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
|
services.avahi.ipv6Whether to use IPv6.
Type: boolean
Default: config.networking.enableIPv6
Declared by:
<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
|
services.avahi.nssmdnsWhether to enable the mDNS NSS (Name Service Switch) plug-in. Enabling it allows applications to resolve names in the `.local' domain by transparently querying the Avahi daemon.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
|
services.avahi.openFirewallWhether to open the firewall for UDP port 5353. Disabling this setting also disables discovering of network devices.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
|
services.avahi.publish.enableWhether to allow publishing in general.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
|
services.avahi.publish.addressesWhether to register mDNS address records for all local IP addresses.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
|
services.avahi.publish.domainWhether to announce the locally used domain name for browsing by other hosts.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
|
services.avahi.publish.hinfoWhether to register a mDNS HINFO record which contains information about the local operating system and CPU.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
|
services.avahi.publish.userServicesWhether to publish user services. Will set addresses=true.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
|
services.avahi.publish.workstationWhether to register a service of type "_workstation._tcp" on the local LAN.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
|
services.avahi.reflectorReflect incoming mDNS requests to all allowed network interfaces.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
|
services.avahi.wideAreaWhether to enable wide-area service discovery.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/avahi-daemon.nix>
|
services.awstats.enableWhether to enable awstats.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/logging/awstats.nix>
|
services.awstats.configsAttribute set of domains to collect stats for.
Type: attribute set of (submodule)
Default: { }
Example:
{
"mysite" = {
domain = "example.com";
logFile = "/var/log/nginx/access.log";
};
}
Declared by:
<nixpkgs/nixos/modules/services/logging/awstats.nix>
|
services.awstats.configs.<name>.domainThe domain name to collect stats for.
Type: string
Default: "‹name›"
Example: "example.com"
Declared by:
<nixpkgs/nixos/modules/services/logging/awstats.nix>
|
services.awstats.configs.<name>.extraConfigExtra configuration to be appended to awstats.${name}.conf.
Type: attribute set of string
Default: { }
Example:
{
"ValidHTTPCodes" = "404";
}
Declared by:
<nixpkgs/nixos/modules/services/logging/awstats.nix>
|
services.awstats.configs.<name>.hostAliasesList of aliases the site has.
Type: list of string
Default: [ ]
Example:
[ "www.example.org" ]
Declared by:
<nixpkgs/nixos/modules/services/logging/awstats.nix>
|
services.awstats.configs.<name>.logFileThe log file to be scanned.
For mail, set this to
journalctl $OLD_CURSOR -u postfix.service | ${pkgs.perl}/bin/perl ${pkgs.awstats.out}/share/awstats/tools/maillogconvert.pl standard |
Type: string
Example: "/var/log/nginx/access.log"
Declared by:
<nixpkgs/nixos/modules/services/logging/awstats.nix>
|
services.awstats.configs.<name>.logFormatThe log format being used.
For mail, set this to
%time2 %email %email_r %host %host_r %method %url %code %bytesd
Type: string
Default: "1"
Declared by:
<nixpkgs/nixos/modules/services/logging/awstats.nix>
|
services.awstats.configs.<name>.typeThe type of log being collected.
Type: one of "mail", "web"
Default: "web"
Example: "mail"
Declared by:
<nixpkgs/nixos/modules/services/logging/awstats.nix>
|
services.awstats.configs.<name>.webService.enableWhether to enable awstats web service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/logging/awstats.nix>
|
services.awstats.configs.<name>.webService.hostnameThe hostname the web service appears under.
Type: string
Default: "‹name›"
Declared by:
<nixpkgs/nixos/modules/services/logging/awstats.nix>
|
services.awstats.configs.<name>.webService.urlPrefixThe URL prefix under which the awstats pages appear.
Type: string
Default: "/awstats"
Declared by:
<nixpkgs/nixos/modules/services/logging/awstats.nix>
|
services.awstats.dataDirThe directory where awstats data will be stored.
Type: path
Default: "/var/lib/awstats"
Declared by:
<nixpkgs/nixos/modules/services/logging/awstats.nix>
|
services.awstats.updateAtSpecification of the time at which awstats will get updated. (in the format described by systemd.time(7))
Type: null or string
Default: null
Example: "hourly"
Declared by:
<nixpkgs/nixos/modules/services/logging/awstats.nix>
|
services.babeld.enableWhether to enable the babeld network routing daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/babeld.nix>
|
services.babeld.extraConfigOptions that will be copied to babeld.conf. See babeld(8) for details.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/babeld.nix>
|
services.babeld.interfaceDefaultsA set describing default parameters for babeld interfaces. See babeld(8) for options.
Type: null or (attribute set of unspecified value)
Default: null
Example:
{
split-horizon = true;
type = "tunnel";
}Declared by:
<nixpkgs/nixos/modules/services/networking/babeld.nix>
|
services.babeld.interfacesA set describing babeld interfaces. See babeld(8) for options.
Type: attribute set of attribute set of unspecified value
Default: { }
Example:
{
enp0s2 = {
hello-interval = 5;
split-horizon = "auto";
type = "wired";
};
}Declared by:
<nixpkgs/nixos/modules/services/networking/babeld.nix>
|
services.bacula-dir.enableWhether to enable Bacula Director Daemon.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-dir.extraConfigExtra configuration for Bacula Director Daemon.
Type: strings concatenated with "\n"
Default: ""
Example:
'' TODO ''
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-dir.extraDirectorConfigExtra configuration to be passed in Director directive.
Type: strings concatenated with "\n"
Default: ""
Example:
'' Maximum Concurrent Jobs = 20; Heartbeat Interval = 30; ''
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-dir.extraMessagesConfigExtra configuration to be passed in Messages directive.
Type: strings concatenated with "\n"
Default: ""
Example:
'' console = all ''
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-dir.nameThe director name used by the system administrator. This directive is required.
Type: string
Default: "${config.networking.hostName}-dir"
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-dir.passwordSpecifies the password that must be supplied for a Director.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-dir.portSpecify the port (a positive integer) on which the Director daemon will listen for Bacula Console connections. This same port number must be specified in the Director resource of the Console configuration file. The default is 9101, so normally this directive need not be specified. This directive should not be used if you specify DirAddresses (N.B plural) directive.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9101
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-fd.enableWhether to enable the Bacula File Daemon.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-fd.directorThis option defines director resources in Bacula File Daemon.
Type: attribute set of (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-fd.director.<name>.monitorIf Monitor is set to no, this director will have
full access to this Storage daemon. If Monitor is set to
yes, this director will only be able to fetch the
current status of this Storage daemon.
Please note that if this director is being used by a Monitor, we highly recommend to set this directive to yes to avoid serious security problems.
Type: one of "no", "yes"
Default: "no"
Example: "yes"
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-fd.director.<name>.passwordSpecifies the password that must be supplied for the default Bacula Console to be authorized. The same password must appear in the Director resource of the Console configuration file. For added security, the password is never passed across the network but instead a challenge response hash code created with the password. This directive is required. If you have either /dev/random or bc on your machine, Bacula will generate a random password during the configuration process, otherwise it will be left blank and you must manually supply it.
The password is plain text. It is not generated through any special process but as noted above, it is better to use random text for security reasons.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-fd.extraClientConfigExtra configuration to be passed in Client directive.
Type: strings concatenated with "\n"
Default: ""
Example:
'' Maximum Concurrent Jobs = 20; Heartbeat Interval = 30; ''
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-fd.extraMessagesConfigExtra configuration to be passed in Messages directive.
Type: strings concatenated with "\n"
Default: ""
Example:
'' console = all ''
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-fd.nameThe client name that must be used by the Director when connecting. Generally, it is a good idea to use a name related to the machine so that error messages can be easily identified if you have multiple Clients. This directive is required.
Type: string
Default: "${config.networking.hostName}-fd"
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-fd.portThis specifies the port number on which the Client listens for Director connections. It must agree with the FDPort specified in the Client resource of the Director's configuration file.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9102
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-sd.enableWhether to enable Bacula Storage Daemon.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-sd.autochangerThis option defines Autochanger resources in Bacula Storage Daemon.
Type: attribute set of (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-sd.autochanger.<name>.changerCommandThe name-string specifies an external program to be called that will automatically change volumes as required by Bacula. Normally, this directive will be specified only in the AutoChanger resource, which is then used for all devices. However, you may also specify the different Changer Command in each Device resource. Most frequently, you will specify the Bacula supplied mtx-changer script as follows:
"/path/mtx-changer %c %o %S %a %d"
and you will install the mtx on your system (found in the depkgs release). An example of this command is in the default bacula-sd.conf file. For more details on the substitution characters that may be specified to configure your autochanger please see the AutochangersAutochangersChapter chapter of this manual. For FreeBSD users, you might want to see one of the several chio scripts in examples/autochangers.
Type: string
Default: "/etc/bacula/mtx-changer %c %o %S %a %d"
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-sd.autochanger.<name>.changerDeviceThe specified name-string must be the generic SCSI device name of the
autochanger that corresponds to the normal read/write Archive Device
specified in the Device resource. This generic SCSI device name
should be specified if you have an autochanger or if you have a
standard tape drive and want to use the Alert Command (see below).
For example, on Linux systems, for an Archive Device name of
/dev/nst0, you would specify
/dev/sg0 for the Changer Device name. Depending
on your exact configuration, and the number of autochangers or the
type of autochanger, what you specify here can vary. This directive
is optional. See the Using AutochangersAutochangersChapter chapter of
this manual for more details of using this and the following
autochanger directives.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-sd.autochanger.<name>.devices
Type: list of string
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-sd.autochanger.<name>.extraAutochangerConfigExtra configuration to be passed in Autochanger directive.
Type: strings concatenated with "\n"
Default: ""
Example:
'' ''
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-sd.deviceThis option defines Device resources in Bacula Storage Daemon.
Type: attribute set of (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-sd.device.<name>.archiveDeviceThe specified name-string gives the system file name of the storage
device managed by this storage daemon. This will usually be the
device file name of a removable storage device (tape drive), for
example /dev/nst0 or
/dev/rmt/0mbn. For a DVD-writer, it will be for
example /dev/hdc. It may also be a directory name
if you are archiving to disk storage. In this case, you must supply
the full absolute path to the directory. When specifying a tape
device, it is preferable that the "non-rewind" variant of the device
file name be given.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-sd.device.<name>.extraDeviceConfigExtra configuration to be passed in Device directive.
Type: strings concatenated with "\n"
Default: ""
Example:
'' LabelMedia = yes Random Access = no AutomaticMount = no RemovableMedia = no MaximumOpenWait = 60 AlwaysOpen = no ''
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-sd.device.<name>.mediaTypeThe specified name-string names the type of media supported by this
device, for example, DLT7000. Media type names are
arbitrary in that you set them to anything you want, but they must be
known to the volume database to keep track of which storage daemons
can read which volumes. In general, each different storage type
should have a unique Media Type associated with it. The same
name-string must appear in the appropriate Storage resource
definition in the Director's configuration file.
Even though the names you assign are arbitrary (i.e. you choose the name you want), you should take care in specifying them because the Media Type is used to determine which storage device Bacula will select during restore. Thus you should probably use the same Media Type specification for all drives where the Media can be freely interchanged. This is not generally an issue if you have a single Storage daemon, but it is with multiple Storage daemons, especially if they have incompatible media.
For example, if you specify a Media Type of DDS-4
then during the restore, Bacula will be able to choose any Storage
Daemon that handles DDS-4. If you have an
autochanger, you might want to name the Media Type in a way that is
unique to the autochanger, unless you wish to possibly use the
Volumes in other drives. You should also ensure to have unique Media
Type names if the Media is not compatible between drives. This
specification is required for all devices.
In addition, if you are using disk storage, each Device resource will generally have a different mount point or directory. In order for Bacula to select the correct Device resource, each one must have a unique Media Type.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-sd.directorThis option defines Director resources in Bacula Storage Daemon.
Type: attribute set of (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-sd.director.<name>.monitorIf Monitor is set to no, this director will have
full access to this Storage daemon. If Monitor is set to
yes, this director will only be able to fetch the
current status of this Storage daemon.
Please note that if this director is being used by a Monitor, we highly recommend to set this directive to yes to avoid serious security problems.
Type: one of "no", "yes"
Default: "no"
Example: "yes"
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-sd.director.<name>.passwordSpecifies the password that must be supplied for the default Bacula Console to be authorized. The same password must appear in the Director resource of the Console configuration file. For added security, the password is never passed across the network but instead a challenge response hash code created with the password. This directive is required. If you have either /dev/random or bc on your machine, Bacula will generate a random password during the configuration process, otherwise it will be left blank and you must manually supply it.
The password is plain text. It is not generated through any special process but as noted above, it is better to use random text for security reasons.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-sd.extraMessagesConfigExtra configuration to be passed in Messages directive.
Type: strings concatenated with "\n"
Default: ""
Example:
'' console = all ''
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-sd.extraStorageConfigExtra configuration to be passed in Storage directive.
Type: strings concatenated with "\n"
Default: ""
Example:
'' Maximum Concurrent Jobs = 20; Heartbeat Interval = 30; ''
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-sd.nameSpecifies the Name of the Storage daemon.
Type: string
Default: "${config.networking.hostName}-sd"
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.bacula-sd.portSpecifies port number on which the Storage daemon listens for Director connections.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9103
Declared by:
<nixpkgs/nixos/modules/services/backup/bacula.nix>
|
services.baget.enableWhether to enable BaGet NuGet-compatible server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/baget.nix>
|
services.baget.apiKeyFilePrivate API key for BaGet.
Type: path
Example: "/root/baget.key"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/baget.nix>
|
services.baget.extraConfigExtra configuration options for BaGet. Refer to https://loic-sharma.github.io/BaGet/configuration/ for details. Default value is merged with values from here.
Type: JSON value
Default:
{
"PackageDeletionBehavior" = "Unlist";
"AllowPackageOverwrites" = false;
"Database" = {
"Type" = "Sqlite";
"ConnectionString" = "Data Source=baget.db";
};
"Storage" = {
"Type" = "FileSystem";
"Path" = "";
};
"Search" = {
"Type" = "Database";
};
"Mirror" = {
"Enabled" = false;
"PackageSource" = "https://api.nuget.org/v3/index.json";
};
"Logging" = {
"IncludeScopes" = false;
"Debug" = {
"LogLevel" = {
"Default" = "Warning";
};
};
"Console" = {
"LogLevel" = {
"Microsoft.Hosting.Lifetime" = "Information";
"Default" = "Warning";
};
};
};
}
Example:
{
Database = {
ConnectionString = "Server=/run/postgresql;Port=5432;";
Type = "PostgreSql";
};
}Declared by:
<nixpkgs/nixos/modules/services/web-apps/baget.nix>
|
services.bamf.enableWhether to enable bamf.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/desktops/bamf.nix>
|
services.bazarr.enableWhether to enable bazarr, a subtitle manager for Sonarr and Radarr.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/bazarr.nix>
|
services.bazarr.groupGroup under which bazarr runs.
Type: string
Default: "bazarr"
Declared by:
<nixpkgs/nixos/modules/services/misc/bazarr.nix>
|
services.bazarr.listenPortPort on which the bazarr web interface should listen
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 6767
Declared by:
<nixpkgs/nixos/modules/services/misc/bazarr.nix>
|
services.bazarr.openFirewallOpen ports in the firewall for the bazarr web interface.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/bazarr.nix>
|
services.bazarr.userUser account under which bazarr runs.
Type: string
Default: "bazarr"
Declared by:
<nixpkgs/nixos/modules/services/misc/bazarr.nix>
|
services.beanstalkd.enableWhether to enable the Beanstalk work queue.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/beanstalkd.nix>
|
services.beanstalkd.listen.addressIP address to listen on.
Type: string
Default: "127.0.0.1"
Example: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/misc/beanstalkd.nix>
|
services.beanstalkd.listen.portTCP port that will be used to accept client connections.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 11300
Declared by:
<nixpkgs/nixos/modules/services/misc/beanstalkd.nix>
|
services.beanstalkd.openFirewallWhether to open ports in the firewall for the server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/beanstalkd.nix>
|
services.bee.enableWhether to enable Ethereum Swarm Bee.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/bee.nix>
|
services.bee.packageThe package providing the bee binary for the service.
Type: package
Default: pkgs.bee
Example: pkgs.bee-unstable
Declared by:
<nixpkgs/nixos/modules/services/networking/bee.nix>
|
services.bee.daemonNiceLevelDaemon process priority for bee. 0 is the default Unix process priority, 19 is the lowest.
Type: signed integer
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/networking/bee.nix>
|
services.bee.groupGroup the bee binary should execute under.
Type: string
Default: "bee"
Declared by:
<nixpkgs/nixos/modules/services/networking/bee.nix>
|
services.bee.settingsEthereum Swarm Bee configuration. Refer to https://gateway.ethswarm.org/bzz/docs.swarm.eth/docs/installation/configuration/ for details on supported values.
Type: YAML value
Declared by:
<nixpkgs/nixos/modules/services/networking/bee.nix>
|
services.bee.userUser the bee binary should execute under.
Type: string
Default: "bee"
Declared by:
<nixpkgs/nixos/modules/services/networking/bee.nix>
|
services.bee-clef.enableWhether to enable clef external signer instance for Ethereum Swarm Bee.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/bee-clef.nix>
|
services.bee-clef.dataDirData dir for bee-clef. Beware that some helper scripts may not work when changed! The service itself should work fine, though.
Type: null or string
Default: "/var/lib/bee-clef"
Declared by:
<nixpkgs/nixos/modules/services/networking/bee-clef.nix>
|
services.bee-clef.groupGroup the bee-clef daemon should execute under.
Type: string
Default: "bee-clef"
Declared by:
<nixpkgs/nixos/modules/services/networking/bee-clef.nix>
|
services.bee-clef.passwordFilePassword file for bee-clef.
Type: null or string
Default: "/var/lib/bee-clef/password"
Declared by:
<nixpkgs/nixos/modules/services/networking/bee-clef.nix>
|
services.bee-clef.userUser the bee-clef daemon should execute under.
Type: string
Default: "bee-clef"
Declared by:
<nixpkgs/nixos/modules/services/networking/bee-clef.nix>
|
services.beesd.filesystemsBTRFS filesystems to run block-level deduplication on.
Type: attribute set of (submodule)
Default: { }
Example:
{
root = {
spec = "LABEL=root";
hashTableSizeMB = 2048;
verbosity = "crit";
extraOptions = [ "--loadavg-target" "5.0" ];
};
}
Declared by:
<nixpkgs/nixos/modules/services/misc/bees.nix>
|
services.beesd.filesystems.<name>.extraOptionsExtra command-line options passed to the daemon. See upstream bees documentation.
Type: list of string
Default: [ ]
Example:
[ "--thread-count" "4" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/bees.nix>
|
services.beesd.filesystems.<name>.hashTableSizeMBHash table size in MB; must be a multiple of 16.
A larger ratio of index size to storage size means smaller blocks of duplicate content are recognized.
If you have 1TB of data, a 4GB hash table (which is to say, a value of 4096) will permit 4KB extents (the smallest possible size) to be recognized, whereas a value of 1024 -- creating a 1GB hash table -- will recognize only aligned duplicate blocks of 16KB.
Type: signed integer
Default: 1024
Declared by:
<nixpkgs/nixos/modules/services/misc/bees.nix>
|
services.beesd.filesystems.<name>.specDescription of how to identify the filesystem to be duplicated by this instance of bees. Note that deduplication crosses subvolumes; one must not configure multiple instances for subvolumes of the same filesystem (or block devices which are part of the same filesystem), but only for completely independent btrfs filesystems.
This must be in a format usable by findmnt; that could be a key=value pair, or a bare path to a mount point. Using bare paths will allow systemd to start the beesd service only after mounting the associated path.
Type: string
Example: "LABEL=MyBulkDataDrive"
Declared by:
<nixpkgs/nixos/modules/services/misc/bees.nix>
|
services.beesd.filesystems.<name>.verbosityLog verbosity (syslog keyword/level).
Type: one of "alert", "crit", "debug", "emerg", "err", "info", "notice", "warning", 1, 2, 7, 0, 3, 6, 5, 4
Default: "info"
Declared by:
<nixpkgs/nixos/modules/services/misc/bees.nix>
|
services.beesd.filesystems.<name>.workDirName (relative to the root of the filesystem) of the subvolume where the hash table will be stored.
Type: string
Default: ".beeshome"
Declared by:
<nixpkgs/nixos/modules/services/misc/bees.nix>
|
services.bepasty.enableWhether to enable Bepasty servers.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/bepasty.nix>
|
services.bepasty.serversconfigure a number of bepasty servers which will be started with gunicorn.
Type: attribute set of (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/misc/bepasty.nix>
|
services.bepasty.servers.<name>.bindBind address to be used for this server.
Type: string
Default: "127.0.0.1:8000"
Example: "0.0.0.0:8000"
Declared by:
<nixpkgs/nixos/modules/services/misc/bepasty.nix>
|
services.bepasty.servers.<name>.dataDirPath to the directory where the pastes will be saved to
Type: string
Default: "/var/lib/bepasty/data"
Declared by:
<nixpkgs/nixos/modules/services/misc/bepasty.nix>
|
services.bepasty.servers.<name>.defaultPermissionsdefault permissions for all unauthenticated accesses.
Type: string
Default: "read"
Example: "read,create,delete"
Declared by:
<nixpkgs/nixos/modules/services/misc/bepasty.nix>
|
services.bepasty.servers.<name>.extraConfigExtra configuration for bepasty server to be appended on the configuration. see https://bepasty-server.readthedocs.org/en/latest/quickstart.html#configuring-bepasty for all options.
Type: strings concatenated with "\n"
Default: ""
Example:
''
PERMISSIONS = {
'myadminsecret': 'admin,list,create,read,delete',
}
MAX_ALLOWED_FILE_SIZE = 5 * 1000 * 1000
''Declared by:
<nixpkgs/nixos/modules/services/misc/bepasty.nix>
|
services.bepasty.servers.<name>.secretKeyserver secret for safe session cookies, must be set.
Warning: this secret is stored in the WORLD-READABLE Nix store!
It's recommended to use secretKeyFile
which takes precedence over secretKey.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/misc/bepasty.nix>
|
services.bepasty.servers.<name>.secretKeyFileA file that contains the server secret for safe session cookies, must be set.
secretKeyFile takes precedence over secretKey.
Warning: when secretKey is non-empty secretKeyFile
defaults to a file in the WORLD-READABLE Nix store containing that secret.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/bepasty.nix>
|
services.bepasty.servers.<name>.workDirPath to the working directory (used for config and pidfile). Defaults to the users home directory.
Type: string
Default: "/var/lib/bepasty"
Declared by:
<nixpkgs/nixos/modules/services/misc/bepasty.nix>
|
services.biboumi.enableWhether to enable the Biboumi XMPP gateway to IRC.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/biboumi.nix>
|
services.biboumi.credentialsFilePath to a configuration file to be merged with the settings. Beware not to surround "=" with spaces when setting biboumi's options in this file. Useful to merge a file which is better kept out of the Nix store because it contains sensible data like password.
Type: path
Default: "/dev/null"
Example: "/run/keys/biboumi.cfg"
Declared by:
<nixpkgs/nixos/modules/services/networking/biboumi.nix>
|
services.biboumi.openFirewallWhether to enable opening of the identd port in the firewall.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/biboumi.nix>
|
services.biboumi.settingsSee biboumi 8.5 for documentation.
Type: settings option
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/biboumi.nix>
|
services.biboumi.settings.adminThe bare JID of the gateway administrator. This JID will have more privileges than other standard users, for example some administration ad-hoc commands will only be available to that JID.
Type: list of string
Default: [ ]
Example:
[ "admin@example.org" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/biboumi.nix>
|
services.biboumi.settings.ca_fileSpecifies which file should be used as the list of trusted CA when negotiating a TLS session.
Type: path
Default: "/etc/ssl/certs/ca-certificates.crt"
Declared by:
<nixpkgs/nixos/modules/services/networking/biboumi.nix>
|
services.biboumi.settings.db_nameThe name of the database to use.
Type: path or string
Default: "/var/lib/biboumi/biboumi.sqlite"
Example: "postgresql://user:secret@localhost"
Declared by:
<nixpkgs/nixos/modules/services/networking/biboumi.nix>
|
services.biboumi.settings.hostnameThe hostname served by the XMPP gateway. This domain must be configured in the XMPP server as an external component.
Type: string
Example: "biboumi.example.org"
Declared by:
<nixpkgs/nixos/modules/services/networking/biboumi.nix>
|
services.biboumi.settings.identd_portThe TCP port on which to listen for identd queries.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 113
Example: 0
Declared by:
<nixpkgs/nixos/modules/services/networking/biboumi.nix>
|
services.biboumi.settings.log_levelIndicate what type of log messages to write in the logs. 0 is debug, 1 is info, 2 is warning, 3 is error.
Type: integer between 0 and 3 (both inclusive)
Default: 1
Declared by:
<nixpkgs/nixos/modules/services/networking/biboumi.nix>
|
services.biboumi.settings.passwordThe password used to authenticate the XMPP component to your XMPP server. This password must be configured in the XMPP server, associated with the external component on hostname.
Set it to null and use credentialsFile if you do not want this password to go into the Nix store.
Type: null or string
Declared by:
<nixpkgs/nixos/modules/services/networking/biboumi.nix>
|
services.biboumi.settings.persistent_by_defaultWhether all rooms will be persistent by default: the value of the “persistent” option in the global configuration of each user will be “true”, but the value of each individual room will still default to false. This means that a user just needs to change the global “persistent” configuration option to false in order to override this.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/biboumi.nix>
|
services.biboumi.settings.policy_directoryA directory that should contain the policy files, used to customize Botan’s behaviour when negotiating the TLS connections with the IRC servers.
Type: path
Default: "${pkgs.biboumi}/etc/biboumi"
Declared by:
<nixpkgs/nixos/modules/services/networking/biboumi.nix>
|
services.biboumi.settings.portThe TCP port to use to connect to the local XMPP component.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 5347
Declared by:
<nixpkgs/nixos/modules/services/networking/biboumi.nix>
|
services.biboumi.settings.realname_customizationWhether the users will be able to use the ad-hoc commands that lets them configure their realname and username.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/biboumi.nix>
|
services.biboumi.settings.realname_from_jidWhether the realname and username of each biboumi user will be extracted from their JID. Otherwise they will be set to the nick they used to connect to the IRC server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/biboumi.nix>
|
services.biboumi.settings.xmpp_server_ipThe IP address to connect to the XMPP server on. The connection to the XMPP server is unencrypted, so the biboumi instance and the server should normally be on the same host.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/biboumi.nix>
|
services.bind.enableWhether to enable BIND domain name server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/bind.nix>
|
services.bind.packageThe BIND package to use.
Type: package
Default: pkgs.bind
Declared by:
<nixpkgs/nixos/modules/services/networking/bind.nix>
|
services.bind.blockedNetworksWhat networks are just blocked.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/bind.nix>
|
services.bind.cacheNetworksWhat networks are allowed to use us as a resolver. Note
that this is for recursive queries -- all networks are
allowed to query zones configured with the zones option.
It is recommended that you limit cacheNetworks to avoid your
server being used for DNS amplification attacks.
Type: list of string
Default:
[ "127.0.0.0/24" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/bind.nix>
|
services.bind.configFileOverridable config file to use for named. By default, that generated by nixos.
Type: path
Default: confFile
Declared by:
<nixpkgs/nixos/modules/services/networking/bind.nix>
|
services.bind.directoryWorking directory of BIND.
Type: string
Default: "/run/named"
Declared by:
<nixpkgs/nixos/modules/services/networking/bind.nix>
|
services.bind.extraConfigExtra lines to be added verbatim to the generated named configuration file.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/bind.nix>
|
services.bind.extraOptionsExtra lines to be added verbatim to the options section of the generated named configuration file.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/bind.nix>
|
services.bind.forwardWhether to forward 'first' (try forwarding but lookup directly if forwarding fails) or 'only'.
Type: one of "first", "only"
Default: "first"
Declared by:
<nixpkgs/nixos/modules/services/networking/bind.nix>
|
services.bind.forwardersList of servers we should forward requests to.
Type: list of string
Default: config.networking.nameservers
Declared by:
<nixpkgs/nixos/modules/services/networking/bind.nix>
|
services.bind.ipv4OnlyOnly use ipv4, even if the host supports ipv6.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/bind.nix>
|
services.bind.listenOnInterfaces to listen on.
Type: list of string
Default:
[ "any" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/bind.nix>
|
services.bind.listenOnIpv6Ipv6 interfaces to listen on.
Type: list of string
Default:
[ "any" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/bind.nix>
|
services.bind.zonesList of zones we claim authority over.
Type: (attribute set of (submodule)) or (list of (attribute set)) convertible to it
Default: [ ]
Example:
{
"example.com" = {
extraConfig = "";
file = "/var/dns/example.com";
master = false;
masters = [
"192.168.0.1"
];
slaves = [ ];
};
}Declared by:
<nixpkgs/nixos/modules/services/networking/bind.nix>
|
services.bind.zones.<name>.extraConfigExtra zone config to be appended at the end of the zone section.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/bind.nix>
|
services.bind.zones.<name>.fileZone file resource records contain columns of data, separated by whitespace, that define the record.
Type: string or path
Declared by:
<nixpkgs/nixos/modules/services/networking/bind.nix>
|
services.bind.zones.<name>.masterMaster=false means slave server
Type: boolean
Declared by:
<nixpkgs/nixos/modules/services/networking/bind.nix>
|
services.bind.zones.<name>.mastersList of servers for inclusion in stub and secondary zones.
Type: list of string
Declared by:
<nixpkgs/nixos/modules/services/networking/bind.nix>
|
services.bind.zones.<name>.nameName of the zone.
Type: string
Default: "‹name›"
Declared by:
<nixpkgs/nixos/modules/services/networking/bind.nix>
|
services.bind.zones.<name>.slavesAddresses who may request zone transfers.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/bind.nix>
|
services.bird-lg.packageThe Bird Looking Glass package to use.
Type: package
Default: pkgs.bird-lg
Declared by:
<nixpkgs/nixos/modules/services/networking/bird-lg.nix>
|
services.bird-lg.frontend.enableWhether to enable Bird Looking Glass Frontend Webserver.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/bird-lg.nix>
|
services.bird-lg.frontend.bgpMapInfoInformation displayed in bgpmap.
Type: list of string
Default:
[ "asn" "as-name" "ASName" "descr" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/bird-lg.nix>
|
services.bird-lg.frontend.dnsInterfaceDNS zone to query ASN information.
Type: string
Default: "asn.cymru.com"
Declared by:
<nixpkgs/nixos/modules/services/networking/bird-lg.nix>
|
services.bird-lg.frontend.domainServer name domain suffixes.
Type: string
Default: ""
Example: "dn42.lantian.pub"
Declared by:
<nixpkgs/nixos/modules/services/networking/bird-lg.nix>
|
services.bird-lg.frontend.extraArgsExtra parameters documented here.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/bird-lg.nix>
|
services.bird-lg.frontend.listenAddressAddress to listen on.
Type: string
Default: "127.0.0.1:5000"
Declared by:
<nixpkgs/nixos/modules/services/networking/bird-lg.nix>
|
services.bird-lg.frontend.nameFilterProtocol names to hide in summary tables (RE2 syntax),
Type: string
Default: ""
Example: "^ospf"
Declared by:
<nixpkgs/nixos/modules/services/networking/bird-lg.nix>
|
services.bird-lg.frontend.navbar.allServersText of 'All server' button in the navigation bar.
Type: string
Default: "ALL Servers"
Declared by:
<nixpkgs/nixos/modules/services/networking/bird-lg.nix>
|
services.bird-lg.frontend.navbar.allServersURLURL of 'All servers' button.
Type: string
Default: "all"
Declared by:
<nixpkgs/nixos/modules/services/networking/bird-lg.nix>
|
services.bird-lg.frontend.navbar.brandBrand to show in the navigation bar .
Type: string
Default: "Bird-lg Go"
Declared by:
<nixpkgs/nixos/modules/services/networking/bird-lg.nix>
|
services.bird-lg.frontend.navbar.brandURLURL of the brand to show in the navigation bar.
Type: string
Default: "/"
Declared by:
<nixpkgs/nixos/modules/services/networking/bird-lg.nix>
|
services.bird-lg.frontend.netSpecificModeApply network-specific changes for some networks.
Type: string
Default: ""
Example: "dn42"
Declared by:
<nixpkgs/nixos/modules/services/networking/bird-lg.nix>
|
services.bird-lg.frontend.protocolFilterInformation displayed in bgpmap.
Type: list of string
Default: [ ]
Example:
[ "ospf" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/bird-lg.nix>
|
services.bird-lg.frontend.proxyPortPort bird-lg-proxy is running on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8000
Declared by:
<nixpkgs/nixos/modules/services/networking/bird-lg.nix>
|
services.bird-lg.frontend.serversServer name prefixes.
Type: list of string
Default: [ ]
Example:
[ "gigsgigscloud" "hostdare" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/bird-lg.nix>
|
services.bird-lg.frontend.timeoutTime before request timed out, in seconds.
Type: signed integer
Default: 120
Declared by:
<nixpkgs/nixos/modules/services/networking/bird-lg.nix>
|
services.bird-lg.frontend.titleBrandPrefix of page titles in browser tabs.
Type: string
Default: "Bird-lg Go"
Declared by:
<nixpkgs/nixos/modules/services/networking/bird-lg.nix>
|
services.bird-lg.frontend.whoisWhois server for queries.
Type: string
Default: "whois.verisign-grs.com"
Declared by:
<nixpkgs/nixos/modules/services/networking/bird-lg.nix>
|
services.bird-lg.groupGroup to run the service.
Type: string
Default: "bird-lg"
Declared by:
<nixpkgs/nixos/modules/services/networking/bird-lg.nix>
|
services.bird-lg.proxy.enableWhether to enable Bird Looking Glass Proxy.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/bird-lg.nix>
|
services.bird-lg.proxy.allowedIPsList of IPs to allow (default all allowed).
Type: list of string
Default: [ ]
Example:
[ "192.168.25.52" "192.168.25.53" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/bird-lg.nix>
|
services.bird-lg.proxy.birdSocketBird control socket path.
Type: string
Default: "/run/bird.ctl"
Example: "/var/run/bird/bird.ctl"
Declared by:
<nixpkgs/nixos/modules/services/networking/bird-lg.nix>
|
services.bird-lg.proxy.extraArgsExtra parameters documented here.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/bird-lg.nix>
|
services.bird-lg.proxy.listenAddressAddress to listen on.
Type: string
Default: "127.0.0.1:8000"
Declared by:
<nixpkgs/nixos/modules/services/networking/bird-lg.nix>
|
services.bird-lg.proxy.traceroute.binaryTraceroute's binary path.
Type: string
Default: "${pkgs.traceroute}/bin/traceroute"
Declared by:
<nixpkgs/nixos/modules/services/networking/bird-lg.nix>
|
services.bird-lg.proxy.traceroute.rawOutputDisplay traceroute output in raw format.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/bird-lg.nix>
|
services.bird-lg.userUser to run the service.
Type: string
Default: "bird-lg"
Declared by:
<nixpkgs/nixos/modules/services/networking/bird-lg.nix>
|
services.bird2.enableWhether to enable BIRD Internet Routing Daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/bird.nix>
|
services.bird2.checkConfigWhether the config should be checked at build time.
When the config can't be checked during build time, for example when it includes
other files, either disable this option or use preCheckConfig to create
the included files before checking.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/bird.nix>
|
services.bird2.configBIRD Internet Routing Daemon configuration file. http://bird.network.cz/
Type: strings concatenated with "\n"
Declared by:
<nixpkgs/nixos/modules/services/networking/bird.nix>
|
services.bird2.preCheckConfigCommands to execute before the config file check. The file to be checked will be
available as bird2.conf in the current directory.
Files created with this option will not be available at service runtime, only during build time checking.
Type: strings concatenated with "\n"
Default: ""
Example:
'' echo "cost 100;" > include.conf ''
Declared by:
<nixpkgs/nixos/modules/services/networking/bird.nix>
|
services.bitcoindSpecification of one or more bitcoind instances.
Type: attribute set of (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/bitcoind.nix>
|
services.bitcoind.<name>.enableWhether to enable Bitcoin daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/bitcoind.nix>
|
services.bitcoind.<name>.packageThe package providing bitcoin binaries.
Type: package
Default: pkgs.bitcoind
Declared by:
<nixpkgs/nixos/modules/services/networking/bitcoind.nix>
|
services.bitcoind.<name>.configFileThe configuration file path to supply bitcoind.
Type: null or path
Default: null
Example: "/var/lib/‹name›/bitcoin.conf"
Declared by:
<nixpkgs/nixos/modules/services/networking/bitcoind.nix>
|
services.bitcoind.<name>.dataDirThe data directory for bitcoind.
Type: path
Default: "/var/lib/bitcoind-‹name›"
Declared by:
<nixpkgs/nixos/modules/services/networking/bitcoind.nix>
|
services.bitcoind.<name>.dbCacheOverride the default database cache size in MiB.
Type: null or integer between 4 and 16384 (both inclusive)
Default: null
Example: 4000
Declared by:
<nixpkgs/nixos/modules/services/networking/bitcoind.nix>
|
services.bitcoind.<name>.extraCmdlineOptionsExtra command line options to pass to bitcoind. Run bitcoind --help to list all available options.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/bitcoind.nix>
|
services.bitcoind.<name>.extraConfigAdditional configurations to be appended to bitcoin.conf.
Type: strings concatenated with "\n"
Default: ""
Example:
'' par=16 rpcthreads=16 logips=1 ''
Declared by:
<nixpkgs/nixos/modules/services/networking/bitcoind.nix>
|
services.bitcoind.<name>.groupThe group as which to run bitcoind.
Type: string
Default: "bitcoind-‹name›"
Declared by:
<nixpkgs/nixos/modules/services/networking/bitcoind.nix>
|
services.bitcoind.<name>.pidFileLocation of bitcoind pid file.
Type: path
Default: "/var/lib/bitcoind-‹name›/bitcoind.pid"
Declared by:
<nixpkgs/nixos/modules/services/networking/bitcoind.nix>
|
services.bitcoind.<name>.portOverride the default port on which to listen for connections.
Type: null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/bitcoind.nix>
|
services.bitcoind.<name>.pruneReduce storage requirements by enabling pruning (deleting) of old blocks. This allows the pruneblockchain RPC to be called to delete specific blocks, and enables automatic pruning of old blocks if a target size in MiB is provided. This mode is incompatible with -txindex and -rescan. Warning: Reverting this setting requires re-downloading the entire blockchain. ("disable" = disable pruning blocks, "manual" = allow manual pruning via RPC, >=550 = automatically prune block files to stay under the specified target size in MiB).
Type: null or (unsigned integer, meaning >=0 or (one of "disable", "manual") convertible to it)
Default: null
Example: 10000
Declared by:
<nixpkgs/nixos/modules/services/networking/bitcoind.nix>
|
services.bitcoind.<name>.rpc.portOverride the default port on which to listen for JSON-RPC connections.
Type: null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/bitcoind.nix>
|
services.bitcoind.<name>.rpc.usersRPC user information for JSON-RPC connections.
Type: attribute set of (submodule)
Default: { }
Example:
{
alice.passwordHMAC = "f7efda5c189b999524f151318c0c86$d5b51b3beffbc02b724e5d095828e0bc8b2456e9ac8757ae3211a5d9b16a22ae";
bob.passwordHMAC = "b2dd077cb54591a2f3139e69a897ac$4e71f08d48b4347cf8eff3815c0e25ae2e9a4340474079f55705f40574f4ec99";
}
Declared by:
<nixpkgs/nixos/modules/services/networking/bitcoind.nix>
|
services.bitcoind.<name>.rpc.users.<name>.nameUsername for JSON-RPC connections.
Type: string
Example: "alice"
Declared by:
<nixpkgs/nixos/modules/services/networking/bitcoind.nix>
|
services.bitcoind.<name>.rpc.users.<name>.passwordHMACPassword HMAC-SHA-256 for JSON-RPC connections. Must be a string of the format <SALT-HEX>$<HMAC-HEX>.
Tool (Python script) for HMAC generation is available here: https://github.com/bitcoin/bitcoin/blob/master/share/rpcauth/rpcauth.py
Type: string matching the pattern [0-9a-f]+\$[0-9a-f]{64}
Example: "f7efda5c189b999524f151318c0c86$d5b51b3beffbc02b724e5d095828e0bc8b2456e9ac8757ae3211a5d9b16a22ae"
Declared by:
<nixpkgs/nixos/modules/services/networking/bitcoind.nix>
|
services.bitcoind.<name>.testnetWhether to use the testnet instead of mainnet.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/bitcoind.nix>
|
services.bitcoind.<name>.userThe user as which to run bitcoind.
Type: string
Default: "bitcoind-‹name›"
Declared by:
<nixpkgs/nixos/modules/services/networking/bitcoind.nix>
|
services.bitlbee.enableWhether to run the BitlBee IRC to other chat network gateway. Running it allows you to access the MSN, Jabber, Yahoo! and ICQ chat networks via an IRC client.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/bitlbee.nix>
|
services.bitlbee.authBackendHow users are authenticated storage -- save passwords internally pam -- Linux PAM authentication
Type: one of "storage", "pam"
Default: "storage"
Declared by:
<nixpkgs/nixos/modules/services/networking/bitlbee.nix>
|
services.bitlbee.authModeThe following authentication modes are available: Open -- Accept connections from anyone, use NickServ for user authentication. Closed -- Require authorization (using the PASS command during login) before allowing the user to connect at all. Registered -- Only allow registered users to use this server; this disables the register- and the account command until the user identifies himself.
Type: one of "Open", "Closed", "Registered"
Default: "Open"
Declared by:
<nixpkgs/nixos/modules/services/networking/bitlbee.nix>
|
services.bitlbee.configDirSpecify an alternative directory to store all the per-user configuration files.
Type: path
Default: "/var/lib/bitlbee"
Declared by:
<nixpkgs/nixos/modules/services/networking/bitlbee.nix>
|
services.bitlbee.extraDefaultsWill be inserted in the Default section of the config file.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/bitlbee.nix>
|
services.bitlbee.extraSettingsWill be inserted in the Settings section of the config file.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/bitlbee.nix>
|
services.bitlbee.hostNameNormally, BitlBee gets a hostname using getsockname(). If you have a nicer alias for your BitlBee daemon, you can set it here and BitlBee will identify itself with that name instead.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/bitlbee.nix>
|
services.bitlbee.interfaceThe interface the BitlBee daemon will be listening to. If 127.0.0.1,
only clients on the local host can connect to it; if 0.0.0.0, clients
can access it from any network interface.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/bitlbee.nix>
|
services.bitlbee.libpurple_pluginsThe list of libpurple plugins to install.
Type: list of package
Default: [ ]
Example: [ pkgs.purple-matrix ]
Declared by:
<nixpkgs/nixos/modules/services/networking/bitlbee.nix>
|
services.bitlbee.pluginsThe list of bitlbee plugins to install.
Type: list of package
Default: [ ]
Example: [ pkgs.bitlbee-facebook ]
Declared by:
<nixpkgs/nixos/modules/services/networking/bitlbee.nix>
|
services.bitlbee.portNumberNumber of the port BitlBee will be listening to.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 6667
Declared by:
<nixpkgs/nixos/modules/services/networking/bitlbee.nix>
|
services.bitlbee.protocolsThis option allows to remove the support of protocol, even if compiled in. If nothing is given, there are no restrictions.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/bitlbee.nix>
|
services.blackfire-agent.enableWhether to enable Blackfire profiler agent.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/development/blackfire.nix>
|
services.blackfire-agent.settingsSee https://blackfire.io/docs/up-and-running/configuration/agent
Type: attribute set of string
Declared by:
<nixpkgs/nixos/modules/services/development/blackfire.nix>
|
services.blackfire-agent.settings.server-idSets the server id used to authenticate with Blackfire
You can find your personal server-id at https://blackfire.io/my/settings/credentials
Type: string
Declared by:
<nixpkgs/nixos/modules/services/development/blackfire.nix>
|
services.blackfire-agent.settings.server-tokenSets the server token used to authenticate with Blackfire
You can find your personal server-token at https://blackfire.io/my/settings/credentials
Type: string
Declared by:
<nixpkgs/nixos/modules/services/development/blackfire.nix>
|
services.blockbook-frontendSpecification of one or more blockbook-frontend instances.
Type: attribute set of (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/blockbook-frontend.nix>
|
services.blockbook-frontend.<name>.enableWhether to enable blockbook-frontend application..
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/blockbook-frontend.nix>
|
services.blockbook-frontend.<name>.packageWhich blockbook package to use.
Type: package
Default: pkgs.blockbook
Declared by:
<nixpkgs/nixos/modules/services/networking/blockbook-frontend.nix>
|
services.blockbook-frontend.<name>.certFileTo enable SSL, specify path to the name of certificate files without extension.
Expecting certFile.crt and certFile.key.
Type: null or path
Default: null
Example: "/etc/secrets/blockbook-frontend-‹name›/certFile"
Declared by:
<nixpkgs/nixos/modules/services/networking/blockbook-frontend.nix>
|
services.blockbook-frontend.<name>.coinNameSee https://github.com/trezor/blockbook/blob/master/bchain/coins/blockchain.go#L61 for current of coins supported in master (Note: may differ from release).
Type: string
Default: "Bitcoin"
Declared by:
<nixpkgs/nixos/modules/services/networking/blockbook-frontend.nix>
|
services.blockbook-frontend.<name>.configFileLocation of the blockbook configuration file.
Type: null or path
Default: null
Example: "/var/lib/blockbook-frontend-‹name›/config.json"
Declared by:
<nixpkgs/nixos/modules/services/networking/blockbook-frontend.nix>
|
services.blockbook-frontend.<name>.cssDirLocation of the dir with main.css CSS file.
By default, the one shipped with the package is used.
Type: path
Default: "${package}/share/css/"
Example: "${dataDir}/static/css/"
Declared by:
<nixpkgs/nixos/modules/services/networking/blockbook-frontend.nix>
|
services.blockbook-frontend.<name>.dataDirLocation of blockbook-frontend-‹name› data directory.
Type: path
Default: "/var/lib/blockbook-frontend-‹name›"
Declared by:
<nixpkgs/nixos/modules/services/networking/blockbook-frontend.nix>
|
services.blockbook-frontend.<name>.debugDebug mode, return more verbose errors, reload templates on each request.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/blockbook-frontend.nix>
|
services.blockbook-frontend.<name>.extraCmdLineOptionsExtra command line options to pass to Blockbook. Run blockbook --help to list all available options.
Type: list of string
Default: [ ]
Example:
[ "-workers=1" "-dbcache=0" "-logtosderr" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/blockbook-frontend.nix>
|
services.blockbook-frontend.<name>.extraConfigAdditional configurations to be appended to coin.conf.
Overrides any already defined configuration options.
See https://github.com/trezor/blockbook/tree/master/configs/coins
for current configuration options supported in master (Note: may differ from release).
Type: attribute set
Default: { }
Example:
{
"alternative_estimate_fee" = "whatthefee-disabled";
"alternative_estimate_fee_params" = "{\"url\": \"https://whatthefee.io/data.json\", \"periodSeconds\": 60}";
"fiat_rates" = "coingecko";
"fiat_rates_params" = "{\"url\": \"https://api.coingecko.com/api/v3\", \"coin\": \"bitcoin\", \"periodSeconds\": 60}";
"coin_shortcut" = "BTC";
"coin_label" = "Bitcoin";
"parse" = true;
"subversion" = "";
"address_format" = "";
"xpub_magic" = 76067358;
"xpub_magic_segwit_p2sh" = 77429938;
"xpub_magic_segwit_native" = 78792518;
"mempool_workers" = 8;
"mempool_sub_workers" = 2;
"block_addresses_to_keep" = 300;
}Declared by:
<nixpkgs/nixos/modules/services/networking/blockbook-frontend.nix>
|
services.blockbook-frontend.<name>.groupThe group as which to run blockbook-frontend-‹name›.
Type: string
Default: "blockbook-frontend-‹name›"
Declared by:
<nixpkgs/nixos/modules/services/networking/blockbook-frontend.nix>
|
services.blockbook-frontend.<name>.internalInternal http server binding [address]:port.
Type: null or string
Default: ":9030"
Declared by:
<nixpkgs/nixos/modules/services/networking/blockbook-frontend.nix>
|
services.blockbook-frontend.<name>.messageQueueBindingMessage Queue Binding address:port.
Type: string
Default: "tcp://127.0.0.1:38330"
Declared by:
<nixpkgs/nixos/modules/services/networking/blockbook-frontend.nix>
|
services.blockbook-frontend.<name>.publicPublic http server binding [address]:port.
Type: null or string
Default: ":9130"
Declared by:
<nixpkgs/nixos/modules/services/networking/blockbook-frontend.nix>
|
services.blockbook-frontend.<name>.rpc.passwordRPC password for JSON-RPC connections.
Warning: this is stored in cleartext in the Nix store!!!
Use configFile or passwordFile if needed.
Type: string
Default: "rpc"
Declared by:
<nixpkgs/nixos/modules/services/networking/blockbook-frontend.nix>
|
services.blockbook-frontend.<name>.rpc.passwordFileFile containing password of the RPC user.
Note: This options is ignored when configFile is used.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/blockbook-frontend.nix>
|
services.blockbook-frontend.<name>.rpc.portPort for JSON-RPC connections.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8030
Declared by:
<nixpkgs/nixos/modules/services/networking/blockbook-frontend.nix>
|
services.blockbook-frontend.<name>.rpc.urlURL for JSON-RPC connections.
Type: string
Default: "http://127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/blockbook-frontend.nix>
|
services.blockbook-frontend.<name>.rpc.userUsername for JSON-RPC connections.
Type: string
Default: "rpc"
Declared by:
<nixpkgs/nixos/modules/services/networking/blockbook-frontend.nix>
|
services.blockbook-frontend.<name>.syncSynchronizes until tip, if together with zeromq, keeps index synchronized.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/blockbook-frontend.nix>
|
services.blockbook-frontend.<name>.templateDirLocation of the HTML templates. By default, ones shipped with the package are used.
Type: path
Default: "${package}/share/templates/"
Example: "${dataDir}/templates/static/"
Declared by:
<nixpkgs/nixos/modules/services/networking/blockbook-frontend.nix>
|
services.blockbook-frontend.<name>.userThe user as which to run blockbook-frontend-‹name›.
Type: string
Default: "blockbook-frontend-‹name›"
Declared by:
<nixpkgs/nixos/modules/services/networking/blockbook-frontend.nix>
|
services.blocky.enableWhether to enable blocky, a fast and lightweight DNS proxy as ad-blocker for local network with many features.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/blocky.nix>
|
services.blocky.settingsBlocky configuration. Refer to https://0xerr0r.github.io/blocky/configuration/ for details on supported values.
Type: YAML value
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/blocky.nix>
|
services.bloop.extraOptionsSpecifies additional command line argument to pass to bloop java process.
Type: list of string
Default: [ ]
Example:
[ "-J-Xmx2G" "-J-XX:MaxInlineLevel=20" "-J-XX:+UseParallelGC" ]
Declared by:
<nixpkgs/nixos/modules/services/development/bloop.nix>
|
services.bloop.installWhether to install a user service for the Bloop server.
The service must be manually started for each user with "systemctl --user start bloop".
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/development/bloop.nix>
|
services.blueman.enableWhether to enable blueman.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/desktops/blueman.nix>
|
services.boinc.enableWhether to enable the BOINC distributed computing client. If this option is set to true, the boinc_client daemon will be run as a background service. The boinccmd command can be used to control the daemon.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/computing/boinc/client.nix>
|
services.boinc.packageWhich BOINC package to use.
Type: package
Default: pkgs.boinc
Declared by:
<nixpkgs/nixos/modules/services/computing/boinc/client.nix>
|
services.boinc.allowRemoteGuiRpcIf set to true, any remote host can connect to and control this BOINC
client (subject to password authentication). If instead set to false,
only the hosts listed in dataDir/remote_hosts.cfg will be allowed to
connect.
See also: http://boinc.berkeley.edu/wiki/Controlling_BOINC_remotely#Remote_access
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/computing/boinc/client.nix>
|
services.boinc.dataDirThe directory in which to store BOINC's configuration and data files.
Type: path
Default: "/var/lib/boinc"
Declared by:
<nixpkgs/nixos/modules/services/computing/boinc/client.nix>
|
services.boinc.extraEnvPackagesAdditional packages to make available in the environment in which BOINC will run. Common choices are:
pkgs.virtualbox:
The VirtualBox virtual machine framework. Required by some BOINC
projects, such as ATLAS@home.
pkgs.ocl-icd:
OpenCL infrastructure library. Required by BOINC projects that
use OpenCL, in addition to a device-specific OpenCL driver.
pkgs.linuxPackages.nvidia_x11:
Provides CUDA libraries. Required by BOINC projects that use
CUDA. Note that this requires an NVIDIA graphics device to be
present on the system.
Also provides OpenCL drivers for NVIDIA GPUs;
pkgs.ocl-icd is also needed in this case.
Type: list of package
Default: [ ]
Example: [ pkgs.virtualbox ]
Declared by:
<nixpkgs/nixos/modules/services/computing/boinc/client.nix>
|
services.bookstack.enableWhether to enable BookStack.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.appKeyFileA file containing the Laravel APP_KEY - a 32 character long,
base64 encoded key used for encryption where needed. Can be
generated with head -c 32 /dev/urandom | base64.
Type: path
Example: "/run/keys/bookstack-appkey"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.appURLThe root URL that you want to host BookStack on. All URLs in BookStack will be generated using this value.
If you change this in the future you may need to run a command to update stored URLs in the database. Command example: php artisan bookstack:update-url https://old.example.com https://new.example.com
Type: string
Default: "http\${lib.optionalString tlsEnabled \"s\"}://\${cfg.hostname}"
Example: "https://example.com"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.configBookStack configuration options to set in the
.env file.
Refer to https://www.bookstackapp.com/docs/ for details on supported values.
Settings containing secret data should be set to an attribute
set containing the attribute _secret - a
string pointing to a file containing the value the option
should be set to. See the example to get a better picture of
this: in the resulting .env file, the
OIDC_CLIENT_SECRET key will be set to the
contents of the /run/keys/oidc_secret
file.
Type: attribute set of (null or boolean or signed integer or 16 bit unsigned integer; between 0 and 65535 (both inclusive) or path or string or (submodule))
Default: { }
Example:
{
ALLOWED_IFRAME_HOSTS = "https://example.com";
WKHTMLTOPDF = "/home/user/bins/wkhtmltopdf";
AUTH_METHOD = "oidc";
OIDC_NAME = "MyLogin";
OIDC_DISPLAY_NAME_CLAIMS = "name";
OIDC_CLIENT_ID = "bookstack";
OIDC_CLIENT_SECRET = {_secret = "/run/keys/oidc_secret"};
OIDC_ISSUER = "https://keycloak.example.com/auth/realms/My%20Realm";
OIDC_ISSUER_DISCOVER = true;
}
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.dataDirBookStack data directory
Type: path
Default: "/var/lib/bookstack"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.database.createLocallyCreate the database and database user locally.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.database.hostDatabase host address.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.database.nameDatabase name.
Type: string
Default: "bookstack"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.database.passwordFileA file containing the password corresponding to
database.user.
Type: null or path
Default: null
Example: "/run/keys/bookstack-dbpassword"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.database.portDatabase host port.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 3306
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.database.userDatabase username.
Type: string
Default: user
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.groupGroup bookstack runs as.
Type: string
Default: "bookstack"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.hostnameThe hostname to serve BookStack on.
Type: string
Default: config.networking.fqdnOrHostName
Example: "bookstack.example.com"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.mail.driverMail driver to use.
Type: one of "smtp", "sendmail"
Default: "smtp"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.mail.encryptionSMTP encryption mechanism to use.
Type: null or value "tls" (singular enum)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.mail.fromMail "from" email.
Type: string
Default: "mail@bookstackapp.com"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.mail.fromNameMail "from" name.
Type: string
Default: "BookStack"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.mail.hostMail host address.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.mail.passwordFileA file containing the password corresponding to
mail.user.
Type: null or path
Default: null
Example: "/run/keys/bookstack-mailpassword"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.mail.portMail host port.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 1025
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.mail.userMail username.
Type: null or string
Default: null
Example: "bookstack"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.maxUploadSizeThe maximum size for uploads (e.g. images).
Type: string
Default: "18M"
Example: "1G"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.nginxWith this option, you can customize the nginx virtualHost settings.
Type: submodule
Default: { }
Example:
{
serverAliases = [
"bookstack.${config.networking.domain}"
];
# To enable encryption and let let's encrypt take care of certificate
forceSSL = true;
enableACME = true;
}
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.nginx.enableACMEWhether to ask Let's Encrypt to sign a certificate for this vhost.
Alternately, you can use an existing certificate through useACMEHost.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.nginx.acmeFallbackHostHost which to proxy requests to if ACME challenge is not found. Useful if you want multiple hosts to be able to verify the same domain name.
With this option, you could request certificates for the present domain with an ACME client that is running on another host, which you would specify here.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.nginx.acmeRootDirectory for the ACME challenge, which is public. Don't put certs or keys in here. Set to null to inherit from config.security.acme.
Type: null or string
Default: "/var/lib/acme/acme-challenge"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.nginx.addSSLWhether to enable HTTPS in addition to plain HTTP. This will set defaults for
listen to listen on all interfaces on the respective default
ports (80, 443).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.nginx.basicAuthBasic Auth protection for a vhost.
WARNING: This is implemented to store the password in plain text in the Nix store.
Type: attribute set of string
Default: { }
Example:
{
user = "password";
};
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.nginx.basicAuthFileBasic Auth password file for a vhost. Can be created via: htpasswd -c <filename> <username>.
WARNING: The generate file contains the users' passwords in a non-cryptographically-securely hashed way.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.nginx.defaultMakes this vhost the default.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.nginx.extraConfigThese lines go to the end of the vhost verbatim.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.nginx.forceSSLWhether to add a separate nginx server block that permanently redirects (301)
all plain HTTP traffic to HTTPS. This will set defaults for
listen to listen on all interfaces on the respective default
ports (80, 443), where the non-SSL listens are used for the redirect vhosts.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.nginx.globalRedirectIf set, all requests for this host are redirected permanently to the given hostname.
Type: null or string
Default: null
Example: "newserver.example.org"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.nginx.http2Whether to enable HTTP 2. Note that (as of writing) due to nginx's implementation, to disable HTTP 2 you have to disable it on all vhosts that use a given IP address / port. If there is one server block configured to enable http2,then it is enabled for all server blocks on this IP. See https://stackoverflow.com/a/39466948/263061.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.nginx.http3Whether to enable HTTP 3.
This requires using pkgs.nginxQuic package
which can be achieved by setting services.nginx.package = pkgs.nginxQuic;.
Note that HTTP 3 support is experimental and
not yet recommended for production.
Read more at https://quic.nginx.org/
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.nginx.kTLSWhether to enable kTLS support. Implementing TLS in the kernel (kTLS) improves performance by significantly reducing the need for copying operations between user space and the kernel. Required Nginx version 1.21.4 or later.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.nginx.listenListen addresses and ports for this virtual host.
IPv6 addresses must be enclosed in square brackets.
Note: this option overrides addSSL
and onlySSL.
If you only want to set the addresses manually and not
the ports, take a look at listenAddresses
Type: list of (submodule)
Default: [ ]
Example:
[
{
addr = "195.154.1.1";
port = 443;
ssl = true;
}
{
addr = "192.154.1.1";
port = 80;
}
]Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.nginx.listen.*.addrIP address.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.nginx.listen.*.extraParametersExtra parameters of this listen directive.
Type: list of string
Default: [ ]
Example:
[ "backlog=1024" "deferred" ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.nginx.listen.*.portPort number.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 80
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.nginx.listen.*.sslEnable SSL.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.nginx.listenAddressesListen addresses for this virtual host.
Compared to listen this only sets the addresses
and the ports are chosen automatically.
Note: This option overrides enableIPv6
Type: list of string
Default: [ ]
Example:
[ "127.0.0.1" "[::1]" ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.nginx.locationsDeclarative location config
Type: attribute set of (submodule)
Default: { }
Example:
{
"/" = {
proxyPass = "http://localhost:3000";
};
};
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.nginx.locations.<name>.aliasAlias directory for requests.
Type: null or path
Default: null
Example: "/your/alias/directory"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.nginx.locations.<name>.basicAuthBasic Auth protection for a vhost.
WARNING: This is implemented to store the password in plain text in the Nix store.
Type: attribute set of string
Default: { }
Example:
{
user = "password";
};
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.nginx.locations.<name>.basicAuthFileBasic Auth password file for a vhost. Can be created via: htpasswd -c <filename> <username>.
WARNING: The generate file contains the users' passwords in a non-cryptographically-securely hashed way.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.nginx.locations.<name>.extraConfigThese lines go to the end of the location verbatim.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.nginx.locations.<name>.fastcgiParamsFastCGI parameters to override. Unlike in the Nginx configuration file, overriding only some default parameters won't unset the default values for other parameters.
Type: attribute set of (string or path)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.nginx.locations.<name>.indexAdds index directive.
Type: null or string
Default: null
Example: "index.php index.html"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.nginx.locations.<name>.priorityOrder of this location block in relation to the others in the vhost.
The semantics are the same as with lib.mkOrder. Smaller values have
a greater priority.
Type: signed integer
Default: 1000
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.nginx.locations.<name>.proxyPassAdds proxy_pass directive and sets recommended proxy headers if recommendedProxySettings is enabled.
Type: null or string
Default: null
Example: "http://www.example.org/"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.nginx.locations.<name>.proxyWebsocketsWhether to support proxying websocket connections with HTTP/1.1.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.nginx.locations.<name>.recommendedProxySettingsEnable recommended proxy settings.
Type: boolean
Default: config.services.nginx.recommendedProxySettings
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.nginx.locations.<name>.returnAdds a return directive, for e.g. redirections.
Type: null or string
Default: null
Example: "301 http://example.com$request_uri"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.nginx.locations.<name>.rootRoot directory for requests.
Type: null or path
Default: null
Example: "/your/root/directory"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.nginx.locations.<name>.tryFilesAdds try_files directive.
Type: null or string
Default: null
Example: "$uri =404"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.nginx.onlySSLWhether to enable HTTPS and reject plain HTTP connections. This will set
defaults for listen to listen on all interfaces on port 443.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.nginx.rejectSSLWhether to listen for and reject all HTTPS connections to this vhost. Useful in
default
server blocks to avoid serving the certificate for another vhost. Uses the
ssl_reject_handshake directive available in nginx versions
1.19.4 and above.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.nginx.reuseportCreate an individual listening socket . It is required to specify only once on one of the hosts.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.nginx.rootThe path of the web root directory.
Type: null or path
Default: null
Example: "/data/webserver/docs"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.nginx.serverAliasesAdditional names of virtual hosts served by this virtual host configuration.
Type: list of string
Default: [ ]
Example:
[ "www.example.org" "example.org" ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.nginx.serverNameName of this virtual host. Defaults to attribute name in virtualHosts.
Type: null or string
Default: null
Example: "example.org"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.nginx.sslCertificatePath to server SSL certificate.
Type: path
Example: "/var/host.cert"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.nginx.sslCertificateKeyPath to server SSL certificate key.
Type: path
Example: "/var/host.key"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.nginx.sslTrustedCertificatePath to root SSL certificate for stapling and client certificates.
Type: null or path
Default: null
Example: "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.nginx.useACMEHostA host of an existing Let's Encrypt certificate to use.
This is useful if you have many subdomains and want to avoid hitting the
rate limit.
Alternately, you can generate a certificate through enableACME.
Note that this option does not create any certificates, nor it does add subdomains to existing ones – you will need to create them manually using security.acme.certs.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.poolConfigOptions for the bookstack PHP pool. See the documentation on php-fpm.conf
for details on configuration directives.
Type: attribute set of (string or signed integer or boolean)
Default:
{
pm = "dynamic";
"pm.max_children" = 32;
"pm.max_requests" = 500;
"pm.max_spare_servers" = 4;
"pm.min_spare_servers" = 2;
"pm.start_servers" = 2;
}Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.bookstack.userUser bookstack runs as.
Type: string
Default: "bookstack"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/bookstack.nix>
|
services.borgbackup.jobsDeduplicating backups using BorgBackup. Adding a job will cause a borg-job-NAME wrapper to be added to your system path, so that you can perform maintenance easily. See also the chapter about BorgBackup in the NixOS manual.
Type: attribute set of (submodule)
Default: { }
Example:
{ # for a local backup
rootBackup = {
paths = "/";
exclude = [ "/nix" ];
repo = "/path/to/local/repo";
encryption = {
mode = "repokey";
passphrase = "secret";
};
compression = "auto,lzma";
startAt = "weekly";
};
}
{ # Root backing each day up to a remote backup server. We assume that you have
# * created a password less key: ssh-keygen -N "" -t ed25519 -f /path/to/ssh_key
# best practices are: use -t ed25519, /path/to = /run/keys
# * the passphrase is in the file /run/keys/borgbackup_passphrase
# * you have initialized the repository manually
paths = [ "/etc" "/home" ];
exclude = [ "/nix" "'**/.cache'" ];
doInit = false;
repo = "user3@arep.repo.borgbase.com:repo";
encryption = {
mode = "repokey-blake2";
passCommand = "cat /path/to/passphrase";
};
environment = { BORG_RSH = "ssh -i /path/to/ssh_key"; };
compression = "auto,lzma";
startAt = "daily";
};
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.appendFailedSuffixAppend a .failed suffix
to the archive name, which is only removed if
borg create has a zero exit status.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.archiveBaseNameHow to name the created archives. A timestamp, whose format is
determined by dateFormat, will be appended. The full
name can be modified at runtime ($archiveName).
Placeholders like {hostname} must not be used.
Use null for no base name.
Type: null or string matching the pattern [^/{}]+
Default: "${config.networking.hostName}-<name>"
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.compressionCompression method to use. Refer to borg help compression for all available options.
Type: string matching the pattern none|(auto,)?(lz4|zstd|zlib|lzma)(,[[:digit:]]{1,2})?
Default: "lz4"
Example: "auto,lzma"
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.dateFormatArguments passed to date to create a timestamp suffix for the archive name.
Type: string
Default: "+%Y-%m-%dT%H:%M:%S"
Example: "-u +%s"
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.doInitRun borg init if the
specified repo does not exist.
You should set this to false
if the repository is located on an external drive
that might not always be mounted.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.dumpCommandBackup the stdout of this program instead of filesystem paths.
Mutually exclusive with paths.
Type: null or path
Default: null
Example: "/path/to/createZFSsend.sh"
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.encryption.modeEncryption mode to use. Setting a mode
other than "none" requires
you to specify a passCommand
or a passphrase.
Type: one of "repokey", "keyfile", "repokey-blake2", "keyfile-blake2", "authenticated", "authenticated-blake2", "none"
Example: "repokey-blake2"
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.encryption.passCommandA command which prints the passphrase to stdout.
Mutually exclusive with passphrase.
Type: null or string
Default: null
Example: "cat /path/to/passphrase_file"
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.encryption.passphraseThe passphrase the backups are encrypted with.
Mutually exclusive with passCommand.
If you do not want the passphrase to be stored in the
world-readable Nix store, use passCommand.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.environmentEnvironment variables passed to the backup script. You can for example specify which SSH key to use.
Type: attribute set of string
Default: { }
Example:
{
BORG_RSH = "ssh -i /path/to/key";
}Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.excludeExclude paths matching any of the given patterns. See borg help patterns for pattern syntax.
Type: list of string
Default: [ ]
Example:
[ "/home/*/.cache" "/nix" ]
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.extraArgsAdditional arguments for all borg calls the service has. Handle with care.
Type: string
Default: ""
Example: "--remote-path=/path/to/borg"
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.extraCreateArgsAdditional arguments for borg create.
Can also be set at runtime using $extraCreateArgs.
Type: string
Default: ""
Example: "--stats --checkpoint-interval 600"
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.extraInitArgsAdditional arguments for borg init.
Can also be set at runtime using $extraInitArgs.
Type: string
Default: ""
Example: "--append-only"
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.extraPruneArgsAdditional arguments for borg prune.
Can also be set at runtime using $extraPruneArgs.
Type: string
Default: ""
Example: "--save-space"
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.groupThe group borg is run as. User or group needs read permission
for the specified paths.
Type: string
Default: "root"
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.inhibitsSleepPrevents the system from sleeping while backing up.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.pathsPath(s) to back up.
Mutually exclusive with dumpCommand.
Type: null or ((list of string) or string convertible to it)
Default: null
Example: "/home/user"
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.patternsInclude/exclude paths matching the given patterns. The first
matching patterns is used, so if an include pattern (prefix +)
matches before an exclude pattern (prefix -), the file is
backed up. See borg help patterns for pattern syntax.
Type: list of string
Default: [ ]
Example:
[ "+ /home/susan" "- /home/*" ]
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.persistentTimerSet the persistentTimer option for the
systemd.timer(5)
which triggers the backup immediately if the last trigger
was missed (e.g. if the system was powered down).
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.postCreateShell commands to run after borg create. The name
of the created archive is stored in $archiveName.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.postHookShell commands to run just before exit. They are executed
even if a previous command exits with a non-zero exit code.
The latter is available as $exitStatus.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.postInitShell commands to run after borg init.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.postPruneShell commands to run after borg prune.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.preHookShell commands to run before the backup. This can for example be used to mount file systems.
Type: strings concatenated with "\n"
Default: ""
Example:
'' # To add excluded paths at runtime extraCreateArgs="$extraCreateArgs --exclude /some/path" ''
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.privateTmpSet the PrivateTmp option for
the systemd-service. Set to false if you need sockets
or other files from global /tmp.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.prune.keepPrune a repository by deleting all archives not matching any of the specified retention options. See borg help prune for the available options.
Type: attribute set of (signed integer or string matching the pattern [[:digit:]]+[Hdwmy])
Default: { }
Example:
{
within = "1d"; # Keep all archives from the last day
daily = 7;
weekly = 4;
monthly = -1; # Keep at least one archive for each month
}
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.prune.prefixOnly consider archive names starting with this prefix for pruning.
By default, only archives created by this job are considered.
Use "" or null to consider all archives.
Type: null or string
Default: archiveBaseName
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.readWritePathsBy default, borg cannot write anywhere on the system but
$HOME/.config/borg and $HOME/.cache/borg.
If, for example, your preHook script needs to dump files
somewhere, put those directories here.
Type: list of path
Default: [ ]
Example:
[ "/var/backup/mysqldump" ]
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.removableDeviceWhether the repo (which must be local) is a removable device.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.repoRemote or local repository to back up to.
Type: string
Example: "user@machine:/path/to/repo"
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.startAtWhen or how often the backup should run.
Must be in the format described in
systemd.time(7).
If you do not want the backup to start
automatically, use [ ].
It will generate a systemd service borgbackup-job-NAME.
You may trigger it manually via systemctl restart borgbackup-job-NAME.
Type: string or list of string
Default: "daily"
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.jobs.<name>.userThe user borg is run as.
User or group need read permission
for the specified paths.
Type: string
Default: "root"
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.reposServe BorgBackup repositories to given public SSH keys,
restricting their access to the repository only.
See also the chapter about BorgBackup in the NixOS manual.
Also, clients do not need to specify the absolute path when accessing the repository,
i.e. user@machine:. is enough. (Note colon and dot.)
Type: attribute set of (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.repos.<name>.allowSubReposAllow clients to create repositories in subdirectories of the
specified path. These can be accessed using
user@machine:path/to/subrepo. Note that a
quota applies to repositories independently.
Therefore, if this is enabled, clients can create multiple
repositories and upload an arbitrary amount of data.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.repos.<name>.authorizedKeysPublic SSH keys that are given full write access to this repository. You should use a different SSH key for each repository you write to, because the specified keys are restricted to running borg serve and can only access this single repository.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.repos.<name>.authorizedKeysAppendOnlyPublic SSH keys that can only be used to append new data (archives) to the repository. Note that archives can still be marked as deleted and are subsequently removed from disk upon accessing the repo with full write access, e.g. when pruning.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.repos.<name>.groupThe group borg serve is run as.
User or group needs write permission
for the specified path.
Type: string
Default: "borg"
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.repos.<name>.pathWhere to store the backups. Note that the directory is created automatically, with correct permissions.
Type: path
Default: "/var/lib/borgbackup"
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.repos.<name>.quotaStorage quota for the repository. This quota is ensured for all
sub-repositories if allowSubRepos is enabled
but not for the overall storage space used.
Type: null or string matching the pattern [[:digit:].]+[KMGTP]?
Default: null
Example: "100G"
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgbackup.repos.<name>.userThe user borg serve is run as.
User or group needs write permission
for the specified path.
Type: string
Default: "borg"
Declared by:
<nixpkgs/nixos/modules/services/backup/borgbackup.nix>
|
services.borgmatic.enableWhether to enable borgmatic.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/backup/borgmatic.nix>
|
services.borgmatic.settingsSee https://torsion.org/borgmatic/docs/reference/configuration/
Type: YAML value
Declared by:
<nixpkgs/nixos/modules/services/backup/borgmatic.nix>
|
services.borgmatic.settings.location.repositoriesPaths to local or remote repositories (required). Tildes are expanded. Multiple repositories are backed up to in sequence. Borg placeholders can be used. See the output of "borg help placeholders" for details. See ssh_command for SSH options like identity file or port. If systemd service is used, then add local repository paths in the systemd service file to the ReadWritePaths list.
Type: list of string
Example:
[
"user@backupserver:sourcehostname.borg"
"user@backupserver:{fqdn}"
]Declared by:
<nixpkgs/nixos/modules/services/backup/borgmatic.nix>
|
services.borgmatic.settings.location.source_directoriesList of source directories to backup (required). Globs and tildes are expanded.
Type: list of string
Example:
[ "/home" "/etc" "/var/log/syslog*" ]
Declared by:
<nixpkgs/nixos/modules/services/backup/borgmatic.nix>
|
services.bosun.enableWhether to enable bosun.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/bosun.nix>
|
services.bosun.packagebosun binary to use.
Type: package
Default: pkgs.bosun
Declared by:
<nixpkgs/nixos/modules/services/monitoring/bosun.nix>
|
services.bosun.checkFrequencyBosun's check frequency
Type: string
Default: "5m"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/bosun.nix>
|
services.bosun.extraConfigExtra configuration options for Bosun. You should describe your desired templates, alerts, macros, etc through this configuration option.
A detailed description of the supported syntax can be found at-spi2-atk http://bosun.org/configuration.html
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/bosun.nix>
|
services.bosun.groupGroup account under which bosun runs.
Type: string
Default: "bosun"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/bosun.nix>
|
services.bosun.influxHostHost and port of the influxdb database.
Type: null or string
Default: null
Example: "localhost:8086"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/bosun.nix>
|
services.bosun.ledisDirPath to bosun's ledis data dir
Type: path
Default: "/var/lib/bosun/ledis_data"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/bosun.nix>
|
services.bosun.listenAddressThe host address and port that bosun's web interface will listen on.
Type: string
Default: ":8070"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/bosun.nix>
|
services.bosun.opentsdbHostHost and port of the OpenTSDB database that stores bosun data. To disable opentsdb you can pass null as parameter.
Type: null or string
Default: "localhost:4242"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/bosun.nix>
|
services.bosun.stateFilePath to bosun's state file.
Type: path
Default: "/var/lib/bosun/bosun.state"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/bosun.nix>
|
services.bosun.userUser account under which bosun runs.
Type: string
Default: "bosun"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/bosun.nix>
|
services.botamusique.enableWhether to enable botamusique, a bot to play audio streams on mumble.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/audio/botamusique.nix>
|
services.botamusique.packageThe botamusique package to use.
Type: package
Default: pkgs.botamusique
Declared by:
<nixpkgs/nixos/modules/services/audio/botamusique.nix>
|
services.botamusique.settingsYour configuration.ini as a Nix attribute set. Look up
possible options in the configuration.example.ini.
Type: attribute set of attribute set of (INI atom (null, bool, int, float or string))
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/audio/botamusique.nix>
|
services.botamusique.settings.bot.commentComment displayed for the bot.
Type: string
Default: "Hi, I'm here to play radio, local music or youtube/soundcloud music. Have fun!"
Declared by:
<nixpkgs/nixos/modules/services/audio/botamusique.nix>
|
services.botamusique.settings.bot.usernameName the bot should appear with.
Type: string
Default: "botamusique"
Declared by:
<nixpkgs/nixos/modules/services/audio/botamusique.nix>
|
services.botamusique.settings.server.hostHostname of the mumble server to connect to.
Type: string
Default: "localhost"
Example: "mumble.example.com"
Declared by:
<nixpkgs/nixos/modules/services/audio/botamusique.nix>
|
services.botamusique.settings.server.portPort of the mumble server to connect to.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 64738
Declared by:
<nixpkgs/nixos/modules/services/audio/botamusique.nix>
|
services.brltty.enableWhether to enable the BRLTTY daemon.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/hardware/brltty.nix>
|
services.btrbk.extraPackagesExtra packages for btrbk, like compression utilities for stream_compress
Type: list of package
Default: [ ]
Example: [ pkgs.xz ]
Declared by:
<nixpkgs/nixos/modules/services/backup/btrbk.nix>
|
services.btrbk.instancesSet of btrbk instances. The instance named btrbk is the default one.
Type: attribute set of (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/backup/btrbk.nix>
|
services.btrbk.instances.<name>.onCalendarHow often this btrbk instance is started. See systemd.time(7) for more information about the format. Setting it to null disables the timer, thus this instance can only be started manually.
Type: null or string
Default: "daily"
Declared by:
<nixpkgs/nixos/modules/services/backup/btrbk.nix>
|
services.btrbk.instances.<name>.settingsconfiguration options for btrbk. Nested attrsets translate to subsections.
Type: attribute set of (string or instances of this type recursively)
Default: { }
Example:
{
snapshot_preserve = "14d";
snapshot_preserve_min = "2d";
volume = {
"/mnt/btr_pool" = {
subvolume = {
home = {
snapshot_create = "always";
};
rootfs = { };
};
target = "/mnt/btr_backup/mylaptop";
};
};
}Declared by:
<nixpkgs/nixos/modules/services/backup/btrbk.nix>
|
services.btrbk.ioSchedulingClassIO scheduling class for btrbk (see ionice(1) for a quick description). Applies to local instances, and remote ones connecting by ssh if set to idle.
Type: one of "idle", "best-effort", "realtime"
Default: "best-effort"
Declared by:
<nixpkgs/nixos/modules/services/backup/btrbk.nix>
|
services.btrbk.nicenessNiceness for local instances of btrbk. Also applies to remote ones connecting via ssh when positive.
Type: integer between -20 and 19 (both inclusive)
Default: 10
Declared by:
<nixpkgs/nixos/modules/services/backup/btrbk.nix>
|
services.btrbk.sshAccessSSH keys that should be able to make or push snapshots on this system remotely with btrbk
Type: list of (submodule)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/backup/btrbk.nix>
|
services.btrbk.sshAccess.*.keySSH public key allowed to login as user btrbk to run remote backups.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/backup/btrbk.nix>
|
services.btrbk.sshAccess.*.rolesWhat actions can be performed with this SSH key. See ssh_filter_btrbk(1) for details
Type: list of (one of "info", "source", "target", "delete", "snapshot", "send", "receive")
Example:
[ "source" "info" "send" ]
Declared by:
<nixpkgs/nixos/modules/services/backup/btrbk.nix>
|
services.btrfs.autoScrub.enableWhether to enable regular btrfs scrub.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/btrfs.nix>
|
services.btrfs.autoScrub.fileSystemsList of paths to btrfs filesystems to regularily call btrfs scrub on. Defaults to all mount points with btrfs filesystems. If you mount a filesystem multiple times or additionally mount subvolumes, you need to manually specify this list to avoid scrubbing multiple times.
Type: list of path
Example:
[ "/" ]
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/btrfs.nix>
|
services.btrfs.autoScrub.intervalSystemd calendar expression for when to scrub btrfs filesystems. The recommended period is a month but could be less (btrfs-scrub(8)). See systemd.time(7) for more information on the syntax.
Type: string
Default: "monthly"
Example: "weekly"
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/btrfs.nix>
|
services.buildbot-master.enableWhether to enable the Buildbot continuous integration server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
|
services.buildbot-master.packagePackage to use for buildbot.
Type: package
Default: pkgs.python3Packages.buildbot-full
Example: pkgs.python3Packages.buildbot
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
|
services.buildbot-master.packagesPackages to add to PATH for the buildbot process.
Type: list of package
Default: [ pkgs.git ]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
|
services.buildbot-master.buildbotDirSpecifies the Buildbot directory.
Type: path
Default: "${config.services.buildbot-master.home}/master"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
|
services.buildbot-master.buildbotUrlSpecifies the Buildbot URL.
Type: string
Default: "http://localhost:8010/"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
|
services.buildbot-master.buildersList of Builders.
Type: list of string
Default:
[ "util.BuilderConfig(name='runtests',workernames=['example-worker'],factory=factory)" ]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
|
services.buildbot-master.changeSourceList of Change Sources.
Type: list of string
Default: [ ]
Example:
[
"changes.GitPoller('https://github.com/buildbot/pyflakes.git', workdir='gitpoller-workdir', branch='master', pollinterval=300)"
]Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
|
services.buildbot-master.dbUrlSpecifies the database connection string.
Type: string
Default: "sqlite:///state.sqlite"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
|
services.buildbot-master.extraConfigExtra configuration to append to master.cfg
Type: string
Default: "c['buildbotNetUsageData'] = None"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
|
services.buildbot-master.extraGroupsList of extra groups that the buildbot user should be a part of.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
|
services.buildbot-master.factoryStepsFactory Steps
Type: list of string
Default: [ ]
Example:
[ "steps.Git(repourl='https://github.com/buildbot/pyflakes.git', mode='incremental')" "steps.ShellCommand(command=['trial', 'pyflakes'])" ]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
|
services.buildbot-master.groupPrimary group of buildbot user.
Type: string
Default: "buildbot"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
|
services.buildbot-master.homeBuildbot home directory.
Type: path
Default: "/home/buildbot"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
|
services.buildbot-master.listenAddressSpecifies the bind address on which the buildbot HTTP interface listens.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
|
services.buildbot-master.masterCfgOptionally pass master.cfg path. Other options in this configuration will be ignored.
Type: path
Default: generated configuration file
Example: "/etc/nixos/buildbot/master.cfg"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
|
services.buildbot-master.pbPortThe buildmaster will listen on a TCP port of your choosing for connections from workers. It can also use this port for connections from remote Change Sources, status clients, and debug tools. This port should be visible to the outside world, and you’ll need to tell your worker admins about your choice. If put in (single) quotes, this can also be used as a connection string, as defined in the ConnectionStrings guide.
Type: string or signed integer
Default: 9989
Example: "'tcp:9990:interface=127.0.0.1'"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
|
services.buildbot-master.portSpecifies port number on which the buildbot HTTP interface listens.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8010
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
|
services.buildbot-master.pythonPackagesPackages to add the to the PYTHONPATH of the buildbot process.
Type: function that evaluates to a(n) list of package
Default: pythonPackages: with pythonPackages; [ ]
Example: pythonPackages: with pythonPackages; [ requests ]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
|
services.buildbot-master.reportersList of reporter objects used to present build status to various users.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
|
services.buildbot-master.schedulersList of Schedulers.
Type: list of string
Default:
[ "schedulers.SingleBranchScheduler(name='all', change_filter=util.ChangeFilter(branch='master'), treeStableTimer=None, builderNames=['runtests'])" "schedulers.ForceScheduler(name='force',builderNames=['runtests'])" ]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
|
services.buildbot-master.titleSpecifies the Buildbot Title.
Type: string
Default: "Buildbot"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
|
services.buildbot-master.titleUrlSpecifies the Buildbot TitleURL.
Type: string
Default: "Buildbot"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
|
services.buildbot-master.userUser the buildbot server should execute under.
Type: string
Default: "buildbot"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
|
services.buildbot-master.workersList of Workers.
Type: list of string
Default:
[
"worker.Worker('example-worker', 'pass')"
]Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/master.nix>
|
services.buildbot-worker.enableWhether to enable the Buildbot Worker.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/worker.nix>
|
services.buildbot-worker.packagePackage to use for buildbot worker.
Type: package
Default: pkgs.python3Packages.buildbot-worker
Example: pkgs.python2Packages.buildbot-worker
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/worker.nix>
|
services.buildbot-worker.packagesPackages to add to PATH for the buildbot process.
Type: list of package
Default: [ pkgs.git ]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/worker.nix>
|
services.buildbot-worker.adminMessageName of the administrator of this worker
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/worker.nix>
|
services.buildbot-worker.buildbotDirSpecifies the Buildbot directory.
Type: path
Default: "${config.services.buildbot-worker.home}/worker"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/worker.nix>
|
services.buildbot-worker.extraGroupsList of extra groups that the Buildbot Worker user should be a part of.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/worker.nix>
|
services.buildbot-worker.groupPrimary group of buildbot Worker user.
Type: string
Default: "bbworker"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/worker.nix>
|
services.buildbot-worker.homeBuildbot home directory.
Type: path
Default: "/home/bbworker"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/worker.nix>
|
services.buildbot-worker.hostMessageDescription of this worker
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/worker.nix>
|
services.buildbot-worker.keepaliveThis is a number that indicates how frequently keepalive messages should be sent from the worker to the buildmaster, expressed in seconds.
Type: signed integer
Default: 600
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/worker.nix>
|
services.buildbot-worker.masterUrlSpecifies the Buildbot Worker connection string.
Type: string
Default: "localhost:9989"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/worker.nix>
|
services.buildbot-worker.userUser the buildbot Worker should execute under.
Type: string
Default: "bbworker"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/worker.nix>
|
services.buildbot-worker.workerPassSpecifies the Buildbot Worker password.
Type: string
Default: "pass"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/worker.nix>
|
services.buildbot-worker.workerPassFileFile used to store the Buildbot Worker password
Type: path
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/worker.nix>
|
services.buildbot-worker.workerUserSpecifies the Buildbot Worker user.
Type: string
Default: "example-worker"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildbot/worker.nix>
|
services.buildkite-agentsAttribute set of buildkite agents.
The attribute key is combined with the hostname and a unique integer to
create the final agent name. This can be overridden by setting the name
attribute.
Type: attribute set of (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildkite-agents.nix>
|
services.buildkite-agents.<name>.enableWhether to enable this buildkite agent
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildkite-agents.nix>
|
services.buildkite-agents.<name>.packageWhich buildkite-agent derivation to use
Type: package
Default: pkgs.buildkite-agent
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildkite-agents.nix>
|
services.buildkite-agents.<name>.dataDirThe workdir for the agent
Type: string
Default: "/var/lib/buildkite-agent-‹name›"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildkite-agents.nix>
|
services.buildkite-agents.<name>.extraConfigExtra lines to be added verbatim to the configuration file.
Type: strings concatenated with "\n"
Default: ""
Example: "debug=true"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildkite-agents.nix>
|
services.buildkite-agents.<name>.hooks.checkoutThe checkout hook script will replace the default checkout routine of the
bootstrap.sh script. You can use this hook to do your own SCM checkout
behaviour
Type: null or strings concatenated with "\n"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildkite-agents.nix>
|
services.buildkite-agents.<name>.hooks.commandThe command hook script will replace the default implementation of running
the build command.
Type: null or strings concatenated with "\n"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildkite-agents.nix>
|
services.buildkite-agents.<name>.hooks.environmentThe environment hook will run before all other commands, and can be used
to set up secrets, data, etc. Anything exported in hooks will be available
to the build script.
Note: the contents of this file will be copied to the world-readable Nix store.
Type: null or strings concatenated with "\n"
Default: null
Example:
'' export SECRET_VAR=`head -1 /run/keys/secret` ''
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildkite-agents.nix>
|
services.buildkite-agents.<name>.hooks.post-artifactThe post-artifact hook will run just after artifacts are uploaded
Type: null or strings concatenated with "\n"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildkite-agents.nix>
|
services.buildkite-agents.<name>.hooks.post-checkoutThe post-checkout hook will run after the bootstrap script has checked out
your projects source code.
Type: null or strings concatenated with "\n"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildkite-agents.nix>
|
services.buildkite-agents.<name>.hooks.post-commandThe post-command hook will run after the bootstrap script has run your
build commands
Type: null or strings concatenated with "\n"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildkite-agents.nix>
|
services.buildkite-agents.<name>.hooks.pre-artifactThe pre-artifact hook will run just before artifacts are uploaded
Type: null or strings concatenated with "\n"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildkite-agents.nix>
|
services.buildkite-agents.<name>.hooks.pre-checkoutThe pre-checkout hook will run just before your projects source code is
checked out from your SCM provider
Type: null or strings concatenated with "\n"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildkite-agents.nix>
|
services.buildkite-agents.<name>.hooks.pre-commandThe pre-command hook will run just before your build command runs
Type: null or strings concatenated with "\n"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildkite-agents.nix>
|
services.buildkite-agents.<name>.hooks.pre-exitThe pre-exit hook will run just before your build job finishes
Type: null or strings concatenated with "\n"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildkite-agents.nix>
|
services.buildkite-agents.<name>.hooksPathPath to the directory storing the hooks.
Consider using services.buildkite-agents.<name>.hooks.<name>
instead.
Type: path
Default: generated from services.buildkite-agents.<name>.hooks
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildkite-agents.nix>
|
services.buildkite-agents.<name>.nameThe name of the agent as seen in the buildkite dashboard.
Type: string
Default: "%hostname-‹name›-%n"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildkite-agents.nix>
|
services.buildkite-agents.<name>.privateSshKeyPathOpenSSH private key
A run-time path to the key file, which is supposed to be provisioned outside of Nix store.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildkite-agents.nix>
|
services.buildkite-agents.<name>.runtimePackagesAdd programs to the buildkite-agent environment
Type: list of package
Default: [ pkgs.bash pkgs.gnutar pkgs.gzip pkgs.git pkgs.nix ]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildkite-agents.nix>
|
services.buildkite-agents.<name>.shellCommand that buildkite-agent 3 will execute when it spawns a shell.
Type: string
Default: "${pkgs.bash}/bin/bash -e -c"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildkite-agents.nix>
|
services.buildkite-agents.<name>.tagsTags for the agent.
Type: attribute set of (string or list of string)
Default: { }
Example:
{
docker = "true";
queue = "default";
ruby2 = "true";
}Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildkite-agents.nix>
|
services.buildkite-agents.<name>.tokenPathThe token from your Buildkite "Agents" page.
A run-time path to the token file, which is supposed to be provisioned outside of Nix store.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/buildkite-agents.nix>
|
services.cachefilesd.enableWhether to enable cachefilesd network filesystems caching daemon.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/cachefilesd.nix>
|
services.cachefilesd.cacheDirDirectory to contain filesystem cache.
Type: string
Default: "/var/cache/fscache"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/cachefilesd.nix>
|
services.cachefilesd.extraConfigAdditional configuration file entries. See cachefilesd.conf(5) for more information.
Type: strings concatenated with "\n"
Default: ""
Example: "brun 10%"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/cachefilesd.nix>
|
services.cachix-agent.enableWhether to enable Cachix Deploy Agent: https://docs.cachix.org/deploy/.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/system/cachix-agent/default.nix>
|
services.cachix-agent.packageCachix Client package to use.
Type: package
Default: pkgs.cachix
Declared by:
<nixpkgs/nixos/modules/services/system/cachix-agent/default.nix>
|
services.cachix-agent.credentialsFileRequired file that needs to contain CACHIX_AGENT_TOKEN=...
Type: path
Default: "/etc/cachix-agent.token"
Declared by:
<nixpkgs/nixos/modules/services/system/cachix-agent/default.nix>
|
services.cachix-agent.hostCachix uri to use.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/system/cachix-agent/default.nix>
|
services.cachix-agent.nameAgent name, usually same as the hostname
Type: string
Default: "config.networking.hostName"
Declared by:
<nixpkgs/nixos/modules/services/system/cachix-agent/default.nix>
|
services.cachix-agent.profileProfile name, defaults to 'system' (NixOS).
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/system/cachix-agent/default.nix>
|
services.cachix-agent.verboseEnable verbose output
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/system/cachix-agent/default.nix>
|
services.cachix-watch-store.enableWhether to enable Cachix Watch Store: https://docs.cachix.org.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/system/cachix-watch-store.nix>
|
services.cachix-watch-store.packageCachix Client package to use.
Type: package
Default: pkgs.cachix
Declared by:
<nixpkgs/nixos/modules/services/system/cachix-watch-store.nix>
|
services.cachix-watch-store.cacheNameCachix binary cache name
Type: string
Declared by:
<nixpkgs/nixos/modules/services/system/cachix-watch-store.nix>
|
services.cachix-watch-store.cachixTokenFileRequired file that needs to contain the cachix auth token.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/system/cachix-watch-store.nix>
|
services.cachix-watch-store.compressionLevelThe compression level for XZ compression (between 0 and 9)
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/system/cachix-watch-store.nix>
|
services.cachix-watch-store.hostCachix host to connect to
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/system/cachix-watch-store.nix>
|
services.cachix-watch-store.jobsNumber of threads used for pushing store paths
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/system/cachix-watch-store.nix>
|
services.cachix-watch-store.verboseEnable verbose output
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/system/cachix-watch-store.nix>
|
services.caddy.enableWhether to enable Caddy web server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-servers/caddy/default.nix>
|
services.caddy.packageCaddy package to use.
Type: package
Default: pkgs.caddy
Declared by:
<nixpkgs/nixos/modules/services/web-servers/caddy/default.nix>
|
services.caddy.acmeCAThe URL to the ACME CA's directory. It is strongly recommended to set this to Let's Encrypt's staging endpoint for testing or development.
Set it to null if you want to write a more
fine-grained configuration manually.
Type: null or string
Default: "https://acme-v02.api.letsencrypt.org/directory"
Example: "https://acme-staging-v02.api.letsencrypt.org/directory"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/caddy/default.nix>
|
services.caddy.adapterName of the config adapter to use. See https://caddyserver.com/docs/config-adapters for the full list.
If null is specified, the --adapter argument is omitted when
starting or restarting Caddy. Notably, this allows specification of a
configuration file in Caddy's native JSON format, as long as the
filename does not start with Caddyfile (in which case the caddyfile
adapter is implicitly enabled). See
https://caddyserver.com/docs/command-line#caddy-run for details.
Any value other than null or caddyfile is only valid when providing
your own configFile.
Type: null or string
Default: null
Example: nginx
Declared by:
<nixpkgs/nixos/modules/services/web-servers/caddy/default.nix>
|
services.caddy.configFileOverride the configuration file used by Caddy. By default, NixOS generates one automatically.
Type: path
Default: "A Caddyfile automatically generated by values from services.caddy.*"
Example:
pkgs.writeTextDir "Caddyfile" '' example.com root * /var/www/wordpress php_fastcgi unix//run/php/php-version-fpm.sock file_server '';
Declared by:
<nixpkgs/nixos/modules/services/web-servers/caddy/default.nix>
|
services.caddy.dataDirThe data directory for caddy.
If left as the default value this directory will automatically be created
before the Caddy server starts, otherwise you are responsible for ensuring
the directory exists with appropriate ownership and permissions.
Caddy v2 replaced CADDYPATH with XDG directories.
See https://caddyserver.com/docs/conventions#file-locations.
Type: path
Default: "/var/lib/caddy"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/caddy/default.nix>
|
services.caddy.emailYour email address. Mainly used when creating an ACME account with your CA, and is highly recommended in case there are problems with your certificates.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-servers/caddy/default.nix>
|
services.caddy.extraConfigAdditional lines of configuration appended to the automatically
generated Caddyfile.
Type: strings concatenated with "\n"
Default: ""
Example:
''
example.com {
encode gzip
log
root /srv/http
}
''Declared by:
<nixpkgs/nixos/modules/services/web-servers/caddy/default.nix>
|
services.caddy.globalConfigAdditional lines of configuration appended to the global config section
of the Caddyfile.
Refer to https://caddyserver.com/docs/caddyfile/options#global-options for details on supported values.
Type: strings concatenated with "\n"
Default: ""
Example:
''
debug
servers {
protocol {
experimental_http3
}
}
''Declared by:
<nixpkgs/nixos/modules/services/web-servers/caddy/default.nix>
|
services.caddy.groupGroup account under which caddy runs.
If left as the default value this user will automatically be created on system activation, otherwise you are responsible for ensuring the user exists before the Caddy service starts.
Type: string
Default: "caddy"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/caddy/default.nix>
|
services.caddy.logDirDirectory for storing Caddy access logs.
If left as the default value this directory will automatically be created before the Caddy server starts, otherwise the sysadmin is responsible for ensuring the directory exists with appropriate ownership and permissions.
Type: path
Default: "/var/log/caddy"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/caddy/default.nix>
|
services.caddy.logFormatConfiguration for the default logger. See https://caddyserver.com/docs/caddyfile/options#log for details.
Type: strings concatenated with "\n"
Default:
'' level ERROR ''
Example:
mkForce "level INFO";
Declared by:
<nixpkgs/nixos/modules/services/web-servers/caddy/default.nix>
|
services.caddy.resumeUse saved config, if any (and prefer over any specified configuration passed with --config).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/caddy/default.nix>
|
services.caddy.userUser account under which caddy runs.
If left as the default value this user will automatically be created on system activation, otherwise you are responsible for ensuring the user exists before the Caddy service starts.
Type: string
Default: "caddy"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/caddy/default.nix>
|
services.caddy.virtualHostsDeclarative specification of virtual hosts served by Caddy.
Type: attribute set of (submodule)
Default: { }
Example:
{
"hydra.example.com" = {
serverAliases = [ "www.hydra.example.com" ];
extraConfig = ''
encode gzip
root /srv/http
'';
};
};
Declared by:
<nixpkgs/nixos/modules/services/web-servers/caddy/default.nix>
|
services.caddy.virtualHosts.<name>.extraConfigAdditional lines of configuration appended to this virtual host in the
automatically generated Caddyfile.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-servers/caddy/default.nix>
|
services.caddy.virtualHosts.<name>.hostNameCanonical hostname for the server.
Type: string
Default: "‹name›"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/caddy/default.nix>
|
services.caddy.virtualHosts.<name>.listenAddressesA list of host interfaces to bind to for this virtual host.
Type: list of string
Default: [ ]
Example:
[ "127.0.0.1" "::1" ]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/caddy/default.nix>
|
services.caddy.virtualHosts.<name>.logFormatConfiguration for HTTP request logging (also known as access logs). See https://caddyserver.com/docs/caddyfile/directives/log#log for details.
Type: strings concatenated with "\n"
Default:
''
output file ''${config.services.caddy.logDir}/access-''${hostName}.log
''Example:
mkForce '' output discard '';
Declared by:
<nixpkgs/nixos/modules/services/web-servers/caddy/default.nix>
|
services.caddy.virtualHosts.<name>.serverAliasesAdditional names of virtual hosts served by this virtual host configuration.
Type: list of string
Default: [ ]
Example:
[ "www.example.org" "example.org" ]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/caddy/default.nix>
|
services.caddy.virtualHosts.<name>.useACMEHostA host of an existing Let's Encrypt certificate to use. This is mostly useful if you use DNS challenges but Caddy does not currently support your provider.
Note that this option does not create any certificates, nor
does it add subdomains to existing ones – you will need to create them
manually using security.acme.certs.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-servers/caddy/default.nix>
|
services.cadvisor.enableWhether to enable Cadvisor service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/cadvisor.nix>
|
services.cadvisor.extraOptionsAdditional cadvisor options.
See https://github.com/google/cadvisor/blob/master/docs/runtime_options.md for available options.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/cadvisor.nix>
|
services.cadvisor.listenAddressCadvisor listening host
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/cadvisor.nix>
|
services.cadvisor.portCadvisor listening port
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8080
Declared by:
<nixpkgs/nixos/modules/services/monitoring/cadvisor.nix>
|
services.cadvisor.storageDriverCadvisor storage driver.
Type: null or string
Default: null
Example: "influxdb"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/cadvisor.nix>
|
services.cadvisor.storageDriverDbCadvisord storage driver database name.
Type: string
Default: "root"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/cadvisor.nix>
|
services.cadvisor.storageDriverHostCadvisor storage driver host.
Type: string
Default: "localhost:8086"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/cadvisor.nix>
|
services.cadvisor.storageDriverPasswordCadvisor storage driver password.
Warning: this password is stored in the world-readable Nix store. It's
recommended to use the storageDriverPasswordFile option
since that gives you control over the security of the password.
storageDriverPasswordFile also takes precedence over storageDriverPassword.
Type: string
Default: "root"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/cadvisor.nix>
|
services.cadvisor.storageDriverPasswordFileFile that contains the cadvisor storage driver password.
storageDriverPasswordFile takes precedence over storageDriverPassword
Warning: when storageDriverPassword is non-empty this defaults to a file in the
world-readable Nix store that contains the value of storageDriverPassword.
It's recommended to override this with a path not in the Nix store. Tip: use nixops key management
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/cadvisor.nix>
|
services.cadvisor.storageDriverSecureCadvisor storage driver, enable secure communication.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/cadvisor.nix>
|
services.cadvisor.storageDriverUserCadvisor storage driver username.
Type: string
Default: "root"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/cadvisor.nix>
|
services.cage.enableWhether to enable cage kiosk service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/wayland/cage.nix>
|
services.cage.extraArgumentsAdditional command line arguments to pass to Cage.
Type: list of string
Default: []
Example:
[ "-d" ]
Declared by:
<nixpkgs/nixos/modules/services/wayland/cage.nix>
|
services.cage.programProgram to run in cage.
Type: path
Default: "${pkgs.xterm}/bin/xterm"
Declared by:
<nixpkgs/nixos/modules/services/wayland/cage.nix>
|
services.cage.userUser to log-in as.
Type: string
Default: "demo"
Declared by:
<nixpkgs/nixos/modules/services/wayland/cage.nix>
|
services.calibre-server.enableWhether to enable calibre-server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/calibre-server.nix>
|
services.calibre-server.groupThe group under which calibre-server runs.
Type: string
Default: "calibre-server"
Declared by:
<nixpkgs/nixos/modules/services/misc/calibre-server.nix>
|
services.calibre-server.librariesThe directories of the libraries to serve. They must be readable for the user under which the server runs.
Type: list of path
Declared by:
<nixpkgs/nixos/modules/services/misc/calibre-server.nix>
|
services.calibre-server.userThe user under which calibre-server runs.
Type: string
Default: "calibre-server"
Declared by:
<nixpkgs/nixos/modules/services/misc/calibre-server.nix>
|
services.calibre-web.enableWhether to enable Calibre-Web.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/calibre-web.nix>
|
services.calibre-web.dataDirThe directory below /var/lib where Calibre-Web stores its data.
Type: string
Default: "calibre-web"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/calibre-web.nix>
|
services.calibre-web.groupGroup account under which Calibre-Web runs.
Type: string
Default: "calibre-web"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/calibre-web.nix>
|
services.calibre-web.listen.ipIP address that Calibre-Web should listen on.
Type: string
Default: "::1"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/calibre-web.nix>
|
services.calibre-web.listen.portListen port for Calibre-Web.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8083
Declared by:
<nixpkgs/nixos/modules/services/web-apps/calibre-web.nix>
|
services.calibre-web.openFirewallOpen ports in the firewall for the server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/calibre-web.nix>
|
services.calibre-web.options.enableBookConversionConfigure path to the Calibre's ebook-convert in the DB.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/calibre-web.nix>
|
services.calibre-web.options.enableBookUploadingAllow books to be uploaded via Calibre-Web UI.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/calibre-web.nix>
|
services.calibre-web.options.calibreLibraryPath to Calibre library.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/calibre-web.nix>
|
services.calibre-web.options.reverseProxyAuth.enableEnable authorization using auth proxy.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/calibre-web.nix>
|
services.calibre-web.options.reverseProxyAuth.headerAuth proxy header name.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/calibre-web.nix>
|
services.calibre-web.userUser account under which Calibre-Web runs.
Type: string
Default: "calibre-web"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/calibre-web.nix>
|
services.canto-daemon.enableWhether to enable the canto RSS daemon.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/canto-daemon.nix>
|
services.cassandra.enableWhether to enable Apache Cassandra – Scalable and highly available database. .
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
|
services.cassandra.packageThe Apache Cassandra package to use.
Type: package
Default: pkgs.cassandra
Example: pkgs.cassandra_3_11
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
|
services.cassandra.allowClientsEnables or disables the native transport server (CQL binary protocol).
This server uses the same address as the rpcAddress,
but the port it uses is not rpc_port but
native_transport_port. See the official Cassandra
docs for more information on these variables and set them using
extraConfig.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
|
services.cassandra.clusterNameThe name of the cluster. This setting prevents nodes in one logical cluster from joining another. All nodes in a cluster must have the same value.
Type: string
Default: "Test Cluster"
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
|
services.cassandra.extraConfigExtra options to be merged into cassandra.yaml as nix attribute set.
Type: attribute set
Default: { }
Example:
{
commitlog_sync_batch_window_in_ms = 3;
}Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
|
services.cassandra.extraEnvShExtra shell lines to be appended onto cassandra-env.sh.
Type: strings concatenated with "\n"
Default: ""
Example: "CLASSPATH=$CLASSPATH:${extraJar}"
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
|
services.cassandra.fullRepairIntervalSet the interval how often full repairs are run, i.e. nodetool repair --full is executed. See https://cassandra.apache.org/doc/latest/operating/repair.html for more information.
Set to null to disable full repairs.
Type: null or string
Default: "3w"
Example: null
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
|
services.cassandra.fullRepairOptionsOptions passed through to the full repair command.
Type: list of string
Default: [ ]
Example:
[ "--partitioner-range" ]
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
|
services.cassandra.groupRun Apache Cassandra under this group.
Type: string
Default: "cassandra"
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
|
services.cassandra.heapNewSizeMust be left blank or set together with heapNewSize.
If left blank a sensible value for the available amount of RAM and CPU
cores is calculated.
Override to set the amount of memory to allocate to the JVM at
start-up. For production use you may wish to adjust this for your
environment. HEAP_NEWSIZE refers to the size of the young
generation.
The main trade-off for the young generation is that the larger it is, the longer GC pause times will be. The shorter it is, the more expensive GC will be (usually).
The example HEAP_NEWSIZE assumes a modern 8-core+ machine for decent pause
times. If in doubt, and if you do not particularly want to tweak, go with
100 MB per physical CPU core.
Type: null or string
Default: null
Example: "800M"
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
|
services.cassandra.homeDirHome directory for Apache Cassandra.
Type: path
Default: "/var/lib/cassandra"
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
|
services.cassandra.incrementalRepairIntervalSet the interval how often incremental repairs are run, i.e. nodetool repair is executed. See https://cassandra.apache.org/doc/latest/operating/repair.html for more information.
Set to null to disable incremental repairs.
Type: null or string
Default: "3d"
Example: null
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
|
services.cassandra.incrementalRepairOptionsOptions passed through to the incremental repair command.
Type: list of string
Default: [ ]
Example:
[ "--partitioner-range" ]
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
|
services.cassandra.jmxPortSpecifies the default port over which Cassandra will be available for JMX connections. For security reasons, you should not expose this port to the internet. Firewall it if needed.
Type: signed integer
Default: 7199
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
|
services.cassandra.jmxRolesRoles that are allowed to access the JMX (e.g. nodetool)
BEWARE: The passwords will be stored world readable in the nix store.
It's recommended to use your own protected file using
jmxRolesFile
Doesn't work in versions older than 3.11 because they don't like that it's world readable.
Type: list of (submodule)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
|
services.cassandra.jmxRoles.*.passwordPassword for JMX
Type: string
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
|
services.cassandra.jmxRoles.*.usernameUsername for JMX
Type: string
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
|
services.cassandra.jmxRolesFileSpecify your own jmx roles file.
Make sure the permissions forbid "others" from reading the file if you're using Cassandra below version 3.11.
Type: null or path
Default: generated configuration file if version is at least 3.11, otherwise null
Example: "/var/lib/cassandra/jmx.password"
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
|
services.cassandra.jvmOptsPopulate the JVM_OPT environment variable.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
|
services.cassandra.listenAddressAddress or interface to bind to and tell other Cassandra nodes to connect to. You must change this if you want multiple nodes to be able to communicate!
Set listenAddress OR listenInterface, not both.
Leaving it blank leaves it up to
InetAddress.getLocalHost(). This will always do the "Right
Thing" if the node is properly configured (hostname, name
resolution, etc), and the Right Thing is to use the address
associated with the hostname (it might not be).
Setting listenAddress to 0.0.0.0 is always wrong.
Type: null or string
Default: "127.0.0.1"
Example: null
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
|
services.cassandra.listenInterfaceSet listenAddress OR listenInterface, not both. Interfaces
must correspond to a single address, IP aliasing is not
supported.
Type: null or string
Default: null
Example: "eth1"
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
|
services.cassandra.logbackConfigXML logback configuration for cassandra
Type: strings concatenated with "\n"
Default:
''
<configuration scan="false">
<appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
<encoder>
<pattern>%-5level %date{HH:mm:ss,SSS} %msg%n</pattern>
</encoder>
</appender>
<root level="INFO">
<appender-ref ref="STDOUT" />
</root>
<logger name="com.thinkaurelius.thrift" level="ERROR"/>
</configuration>
''Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
|
services.cassandra.mallocArenaMaxSet this to control the amount of arenas per-thread in glibc.
Type: null or signed integer
Default: null
Example: 4
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
|
services.cassandra.maxHeapSizeMust be left blank or set together with heapNewSize.
If left blank a sensible value for the available amount of RAM and CPU
cores is calculated.
Override to set the amount of memory to allocate to the JVM at
start-up. For production use you may wish to adjust this for your
environment. MAX_HEAP_SIZE is the total amount of memory dedicated
to the Java heap. HEAP_NEWSIZE refers to the size of the young
generation.
The main trade-off for the young generation is that the larger it is, the longer GC pause times will be. The shorter it is, the more expensive GC will be (usually).
Type: null or string
Default: null
Example: "4G"
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
|
services.cassandra.remoteJmxCassandra ships with JMX accessible only from localhost. To enable remote JMX connections set to true.
Be sure to also enable authentication and/or TLS. See: https://wiki.apache.org/cassandra/JmxSecurity
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
|
services.cassandra.rpcAddressThe address or interface to bind the native transport server to.
Set rpcAddress OR rpcInterface, not both.
Leaving rpcAddress blank has the same effect as on
listenAddress (i.e. it will be based on the configured hostname
of the node).
Note that unlike listenAddress, you can specify "0.0.0.0", but you
must also set extraConfig.broadcast_rpc_address to a value other
than "0.0.0.0".
For security reasons, you should not expose this port to the internet. Firewall it if needed.
Type: null or string
Default: "127.0.0.1"
Example: null
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
|
services.cassandra.rpcInterfaceSet rpcAddress OR rpcInterface, not both. Interfaces must
correspond to a single address, IP aliasing is not supported.
Type: null or string
Default: null
Example: "eth1"
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
|
services.cassandra.seedAddressesThe addresses of hosts designated as contact points in the cluster. A
joining node contacts one of the nodes in the seeds list to learn the
topology of the ring.
Set to [ "127.0.0.1" ] for a single node cluster.
Type: list of string
Default:
[ "127.0.0.1" ]
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
|
services.cassandra.userRun Apache Cassandra under this user.
Type: string
Default: "cassandra"
Declared by:
<nixpkgs/nixos/modules/services/databases/cassandra.nix>
|
services.ceph.enableWhether to enable Ceph global configuration.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
|
services.ceph.client.enableWhether to enable Ceph client configuration.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
|
services.ceph.client.extraConfigExtra configuration to add to the client section. Configuration for rados gateways would be added here, with their own sections, see example.
Type: attribute set of attribute set of string
Default: { }
Example:
{
# This would create a section for a radosgw daemon named node0 and related
# configuration for it
"client.radosgw.node0" = { "some config option" = "true"; };
};
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
|
services.ceph.extraConfigExtra configuration to add to the global section. Use for setting values that are common for all daemons in the cluster.
Type: attribute set of string
Default: { }
Example:
{
"ms bind ipv6" = "true";
}Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
|
services.ceph.global.authClientRequiredEnables requiring the cluster to authenticate itself to the client.
Type: one of "cephx", "none"
Default: "cephx"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
|
services.ceph.global.authClusterRequiredEnables requiring daemons to authenticate with eachother in the cluster.
Type: one of "cephx", "none"
Default: "cephx"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
|
services.ceph.global.authServiceRequiredEnables requiring clients to authenticate with the cluster to access services in the cluster (e.g. radosgw, mds or osd).
Type: one of "cephx", "none"
Default: "cephx"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
|
services.ceph.global.clusterNameName of cluster
Type: string
Default: "ceph"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
|
services.ceph.global.clusterNetworkA comma-separated list of subnets that will be used as cluster networks in the cluster.
Type: null or strings concatenated with ","
Default: null
Example:
'' 10.10.0.0/24, 192.168.0.0/24 ''
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
|
services.ceph.global.fsidFilesystem ID, a generated uuid, its must be generated and set before attempting to start a cluster
Type: string
Example:
'' 433a2193-4f8a-47a0-95d2-209d7ca2cca5 ''
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
|
services.ceph.global.maxOpenFilesMax open files for each OSD daemon.
Type: signed integer
Default: 131072
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
|
services.ceph.global.mgrModulePathPath at which to find ceph-mgr modules.
Type: path
Default: "${pkgs.ceph.lib}/lib/ceph/mgr"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
|
services.ceph.global.monHostList of hostname shortnames/IP addresses of the initial monitors.
Type: null or strings concatenated with ","
Default: null
Example:
'' 10.10.0.1, 10.10.0.2, 10.10.0.3 ''
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
|
services.ceph.global.monInitialMembersList of hosts that will be used as monitors at startup.
Type: null or strings concatenated with ","
Default: null
Example:
'' node0, node1, node2 ''
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
|
services.ceph.global.publicNetworkA comma-separated list of subnets that will be used as public networks in the cluster.
Type: null or strings concatenated with ","
Default: null
Example:
'' 10.20.0.0/24, 192.168.1.0/24 ''
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
|
services.ceph.global.rgwMimeTypesFilePath to mime types used by radosgw.
Type: null or path
Default: "${pkgs.mailcap}/etc/mime.types"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
|
services.ceph.mds.enableWhether to enable Ceph MDS daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
|
services.ceph.mds.daemonsA list of metadata service daemons that should have a service created. The names correspond to the id part in ceph i.e. [ "name1" ] would result in mds.name1
Type: list of string
Default: [ ]
Example:
[ "name1" "name2" ]
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
|
services.ceph.mds.extraConfigExtra configuration to add to the MDS section.
Type: attribute set of string
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
|
services.ceph.mgr.enableWhether to enable Ceph MGR daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
|
services.ceph.mgr.daemonsA list of names for manager daemons that should have a service created. The names correspond to the id part in ceph i.e. [ "name1" ] would result in mgr.name1
Type: list of string
Default: [ ]
Example:
[ "name1" "name2" ]
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
|
services.ceph.mgr.extraConfigExtra configuration to add to the global section for manager daemons.
Type: attribute set of string
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
|
services.ceph.mon.enableWhether to enable Ceph MON daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
|
services.ceph.mon.daemonsA list of monitor daemons that should have a service created. The names correspond to the id part in ceph i.e. [ "name1" ] would result in mon.name1
Type: list of string
Default: [ ]
Example:
[ "name1" "name2" ]
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
|
services.ceph.mon.extraConfigExtra configuration to add to the monitor section.
Type: attribute set of string
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
|
services.ceph.osd.enableWhether to enable Ceph OSD daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
|
services.ceph.osd.daemonsA list of OSD daemons that should have a service created. The names correspond to the id part in ceph i.e. [ "name1" ] would result in osd.name1
Type: list of string
Default: [ ]
Example:
[ "name1" "name2" ]
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
|
services.ceph.osd.extraConfigExtra configuration to add to the OSD section.
Type: attribute set of string
Default:
{
"osd crush chooseleaf type" = "1";
"osd journal size" = "10000";
"osd pool default min size" = "2";
"osd pool default pg num" = "200";
"osd pool default pgp num" = "200";
"osd pool default size" = "3";
}Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
|
services.ceph.rgw.enableWhether to enable Ceph RadosGW daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
|
services.ceph.rgw.daemonsA list of rados gateway daemons that should have a service created. The names correspond to the id part in ceph i.e. [ "name1" ] would result in client.name1, radosgw daemons aren't daemons to cluster in the sense that OSD, MGR or MON daemons are. They are simply daemons, from ceph, that uses the cluster as a backend.
Type: list of string
Default: [ ]
Example:
[ "name1" "name2" ]
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/ceph.nix>
|
services.certmgr.enableWhether to enable certmgr.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/security/certmgr.nix>
|
services.certmgr.packageWhich certmgr package to use in the service.
Type: package
Default: pkgs.certmgr
Declared by:
<nixpkgs/nixos/modules/services/security/certmgr.nix>
|
services.certmgr.defaultRemoteThe default CA host:port to use.
Type: string
Default: "127.0.0.1:8888"
Declared by:
<nixpkgs/nixos/modules/services/security/certmgr.nix>
|
services.certmgr.metricsAddressThe address for the Prometheus HTTP endpoint.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/security/certmgr.nix>
|
services.certmgr.metricsPortThe port for the Prometheus HTTP endpoint.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9488
Declared by:
<nixpkgs/nixos/modules/services/security/certmgr.nix>
|
services.certmgr.renewIntervalHow often to check certificate expirations and how often to update the cert_next_expires metric.
Type: string
Default: "30m"
Declared by:
<nixpkgs/nixos/modules/services/security/certmgr.nix>
|
services.certmgr.specsCertificate specs as described by: https://github.com/cloudflare/certmgr#certificate-specs These will be added to the Nix store, so they will be world readable.
Type: attribute set of (path or (submodule))
Default: { }
Example:
{
exampleCert =
let
domain = "example.com";
secret = name: "/var/lib/secrets/${name}.pem";
in {
service = "nginx";
action = "reload";
authority = {
file.path = secret "ca";
};
certificate = {
path = secret domain;
};
private_key = {
owner = "root";
group = "root";
mode = "0600";
path = secret "${domain}-key";
};
request = {
CN = domain;
hosts = [ "mail.${domain}" "www.${domain}" ];
key = {
algo = "rsa";
size = 2048;
};
names = {
O = "Example Organization";
C = "USA";
};
};
};
otherCert = "/var/certmgr/specs/other-cert.json";
}
Declared by:
<nixpkgs/nixos/modules/services/security/certmgr.nix>
|
services.certmgr.svcManagerThis specifies the service manager to use for restarting or reloading services. See: https://github.com/cloudflare/certmgr#certmgryaml. For how to use the "command" service manager in particular, see: https://github.com/cloudflare/certmgr#command-svcmgr-and-how-to-use-it.
Type: one of "circus", "command", "dummy", "openrc", "systemd", "sysv"
Default: "systemd"
Declared by:
<nixpkgs/nixos/modules/services/security/certmgr.nix>
|
services.certmgr.validMinThe interval before a certificate expires to start attempting to renew it.
Type: string
Default: "72h"
Declared by:
<nixpkgs/nixos/modules/services/security/certmgr.nix>
|
services.cfdyndns.enableWhether to enable Cloudflare Dynamic DNS Client.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/cfdyndns.nix>
|
services.cfdyndns.apikeyFileThe path to a file containing the API Key used to authenticate with CloudFlare.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/cfdyndns.nix>
|
services.cfdyndns.emailThe email address to use to authenticate to CloudFlare.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/misc/cfdyndns.nix>
|
services.cfdyndns.recordsThe records to update in CloudFlare.
Type: list of string
Default: [ ]
Example:
[ "host.tld" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/cfdyndns.nix>
|
services.cfssl.enableWhether to enable the CFSSL CA api-server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/security/cfssl.nix>
|
services.cfssl.addressAddress to bind.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/security/cfssl.nix>
|
services.cfssl.caCA used to sign the new certificate -- accepts '[file:]fname' or 'env:varname'.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/security/cfssl.nix>
|
services.cfssl.caBundlePath to root certificate store.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/cfssl.nix>
|
services.cfssl.caKeyCA private key -- accepts '[file:]fname' or 'env:varname'.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/security/cfssl.nix>
|
services.cfssl.configFilePath to configuration file. Do not put this in nix-store as it might contain secrets.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/cfssl.nix>
|
services.cfssl.dataDirThe work directory for CFSSL.
If left as the default value this directory will automatically be created before the CFSSL server starts, otherwise you are responsible for ensuring the directory exists with appropriate ownership and permissions.
Type: path
Default: "/var/lib/cfssl"
Declared by:
<nixpkgs/nixos/modules/services/security/cfssl.nix>
|
services.cfssl.dbConfigCertificate db configuration file. Path must be writeable.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/cfssl.nix>
|
services.cfssl.intBundlePath to intermediate certificate store.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/cfssl.nix>
|
services.cfssl.intDirIntermediates directory.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/cfssl.nix>
|
services.cfssl.logLevelLog level (0 = DEBUG, 5 = FATAL).
Type: one of 0, 1, 2, 3, 4, 5
Default: 1
Declared by:
<nixpkgs/nixos/modules/services/security/cfssl.nix>
|
services.cfssl.metadataMetadata file for root certificate presence. The content of the file is a json dictionary (k,v): each key k is a SHA-1 digest of a root certificate while value v is a list of key store filenames.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/cfssl.nix>
|
services.cfssl.mutualTlsCaMutual TLS - require clients be signed by this CA.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/cfssl.nix>
|
services.cfssl.mutualTlsClientCertMutual TLS - client certificate to call remote instance requiring client certs.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/cfssl.nix>
|
services.cfssl.mutualTlsClientKeyMutual TLS - client key to call remote instance requiring client certs. Do not put this in nix-store.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/cfssl.nix>
|
services.cfssl.mutualTlsCnMutual TLS - regex for whitelist of allowed client CNs.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/cfssl.nix>
|
services.cfssl.portPort to bind.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8888
Declared by:
<nixpkgs/nixos/modules/services/security/cfssl.nix>
|
services.cfssl.remoteRemote CFSSL server.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/cfssl.nix>
|
services.cfssl.responderCertificate for OCSP responder.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/cfssl.nix>
|
services.cfssl.responderKeyPrivate key for OCSP responder certificate. Do not put this in nix-store.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/cfssl.nix>
|
services.cfssl.tlsCertOther endpoint's CA to set up TLS protocol.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/cfssl.nix>
|
services.cfssl.tlsKeyOther endpoint's CA private key. Do not put this in nix-store.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/cfssl.nix>
|
services.cfssl.tlsRemoteCaCAs to trust for remote TLS requests.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/cfssl.nix>
|
services.cgminer.enableWhether to enable cgminer, an ASIC/FPGA/GPU miner for bitcoin and litecoin.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/cgminer.nix>
|
services.cgminer.packageWhich cgminer derivation to use.
Type: package
Default: pkgs.cgminer
Declared by:
<nixpkgs/nixos/modules/services/misc/cgminer.nix>
|
services.cgminer.configAdditional config
Type: attribute set of (boolean or signed integer)
Default: { }
Example:
{
auto-fan = true;
auto-gpu = true;
expiry = 120;
failover-only = true;
gpu-threads = 2;
log = 5;
queue = 1;
scan-time = 60;
temp-histeresys = 3;
}Declared by:
<nixpkgs/nixos/modules/services/misc/cgminer.nix>
|
services.cgminer.hardwareList of config options for every GPU
Type: list of attribute set of (string or signed integer)
Default: [ ]
Example:
[
{
gpu-engine = "0-985";
gpu-fan = "0-85";
gpu-memclock = 860;
gpu-powertune = 20;
intensity = 9;
temp-cutoff = 95;
temp-overheat = 85;
temp-target = 75;
}
{
gpu-engine = "0-950";
gpu-fan = "0-85";
gpu-memclock = 825;
gpu-powertune = 20;
intensity = 9;
temp-cutoff = 95;
temp-overheat = 85;
temp-target = 75;
}
]Declared by:
<nixpkgs/nixos/modules/services/misc/cgminer.nix>
|
services.cgminer.poolsList of pools where to mine
Type: list of attribute set of string
Default: [ ]
Example:
[
{
password = "X";
url = "http://p2pool.org:9332";
username = "17EUZxTvs9uRmPsjPZSYUU3zCz9iwstudk";
}
]Declared by:
<nixpkgs/nixos/modules/services/misc/cgminer.nix>
|
services.cgminer.userUser account under which cgminer runs
Type: string
Default: "cgminer"
Declared by:
<nixpkgs/nixos/modules/services/misc/cgminer.nix>
|
services.changedetection-io.enableWhether to enable changedetection-io.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/changedetection-io.nix>
|
services.changedetection-io.baseURLThe base url used in notifications and {base_url} token.
Type: null or string
Default: null
Example: "https://changedetection-io.example"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/changedetection-io.nix>
|
services.changedetection-io.behindProxyEnable this option when changedetection-io runs behind a reverse proxy, so that it trusts X-* headers. It is recommend to run changedetection-io behind a TLS reverse proxy.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/changedetection-io.nix>
|
services.changedetection-io.chromePortA free port on which webDriverSupport or playwrightSupport listen on localhost.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 4444
Declared by:
<nixpkgs/nixos/modules/services/web-apps/changedetection-io.nix>
|
services.changedetection-io.datastorePathThe directory used to store all data for changedetection-io.
Type: string
Default: "/var/lib/changedetection-io"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/changedetection-io.nix>
|
services.changedetection-io.environmentFileSecurely pass environment variabels to changedetection-io.
This can be used to set for example a frontend password reproducible via SALTED_PASS
which convinetly also deactivates nags about the hosted version.
SALTED_PASS should be 64 characters long while the first 32 are the salt and the second the frontend password.
It can easily be retrieved from the settings file when first set via the frontend with the following command:
jq -r .settings.application.password /var/lib/changedetection-io/url-watches.json
Type: null or path
Default: null
Example: "/run/secrets/changedetection-io.env"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/changedetection-io.nix>
|
services.changedetection-io.groupGroup account under which changedetection-io runs.
Type: string
Default: "changedetection-io"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/changedetection-io.nix>
|
services.changedetection-io.listenAddressAddress the server will listen on.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/changedetection-io.nix>
|
services.changedetection-io.playwrightSupportEnable support for fetching web pages using playwright and Chromium. This starts a headless Chromium controlled by puppeteer in an oci container.
Playwright can currently leak memory. See https://github.com/dgtlmoon/changedetection.io/wiki/Playwright-content-fetcher#playwright-memory-leak
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/changedetection-io.nix>
|
services.changedetection-io.portPort the server will listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 5000
Declared by:
<nixpkgs/nixos/modules/services/web-apps/changedetection-io.nix>
|
services.changedetection-io.userUser account under which changedetection-io runs.
Type: string
Default: "changedetection-io"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/changedetection-io.nix>
|
services.changedetection-io.webDriverSupportEnable support for fetching web pages using WebDriver and Chromium. This starts a headless chromium controlled by puppeteer in an oci container.
Playwright can currently leak memory. See https://github.com/dgtlmoon/changedetection.io/wiki/Playwright-content-fetcher#playwright-memory-leak
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/changedetection-io.nix>
|
services.charybdis.enableWhether to enable Charybdis IRC daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/charybdis.nix>
|
services.charybdis.configCharybdis IRC daemon configuration file.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/charybdis.nix>
|
services.charybdis.groupCharybdis IRC daemon group.
Type: string
Default: "ircd"
Declared by:
<nixpkgs/nixos/modules/services/networking/charybdis.nix>
|
services.charybdis.motdCharybdis MOTD text.
Charybdis will read its MOTD from /etc/charybdis/ircd.motd . If set, the value of this option will be written to this path.
Type: null or strings concatenated with "\n"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/charybdis.nix>
|
services.charybdis.statedirLocation of the state directory of charybdis.
Type: path
Default: "/var/lib/charybdis"
Declared by:
<nixpkgs/nixos/modules/services/networking/charybdis.nix>
|
services.charybdis.userCharybdis IRC daemon user.
Type: string
Default: "ircd"
Declared by:
<nixpkgs/nixos/modules/services/networking/charybdis.nix>
|
services.chisel-server.enableWhether to enable Chisel Tunnel Server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/chisel-server.nix>
|
services.chisel-server.authfilePath to auth.json file
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/chisel-server.nix>
|
services.chisel-server.backendHTTP server to proxy normal requests to
Type: null or string
Default: null
Example: "http://127.0.0.1:8888"
Declared by:
<nixpkgs/nixos/modules/services/networking/chisel-server.nix>
|
services.chisel-server.hostAddress to listen on, falls back to 0.0.0.0
Type: null or string
Default: null
Example: "[::1]"
Declared by:
<nixpkgs/nixos/modules/services/networking/chisel-server.nix>
|
services.chisel-server.keepaliveKeepalive interval, falls back to 25s
Type: null or string
Default: null
Example: "5s"
Declared by:
<nixpkgs/nixos/modules/services/networking/chisel-server.nix>
|
services.chisel-server.portPort to listen on, falls back to 8080
Type: null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/chisel-server.nix>
|
services.chisel-server.reverseAllow clients reverse port forwarding
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/chisel-server.nix>
|
services.chisel-server.socks5Allow clients access to internal SOCKS5 proxy
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/chisel-server.nix>
|
services.chrony.enableWhether to synchronise your machine's time using chrony. Make sure you disable NTP if you enable this service.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/ntp/chrony.nix>
|
services.chrony.enableNTSWhether to enable Network Time Security authentication. Make sure it is supported by your selected NTP server(s).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/ntp/chrony.nix>
|
services.chrony.packageWhich chrony package to use.
Type: package
Default: pkgs.chrony
Declared by:
<nixpkgs/nixos/modules/services/networking/ntp/chrony.nix>
|
services.chrony.directoryDirectory where chrony state is stored.
Type: string
Default: "/var/lib/chrony"
Declared by:
<nixpkgs/nixos/modules/services/networking/ntp/chrony.nix>
|
services.chrony.extraConfigExtra configuration directives that should be added to
chrony.conf
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/ntp/chrony.nix>
|
services.chrony.extraFlagsExtra flags passed to the chronyd command.
Type: list of string
Default: [ ]
Example:
[ "-s" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/ntp/chrony.nix>
|
services.chrony.initstepslew.enabledAllow chronyd to make a rapid measurement of the system clock error at boot time, and to correct the system clock by stepping before normal operation begins.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/ntp/chrony.nix>
|
services.chrony.initstepslew.thresholdThe threshold of system clock error (in seconds) above which the clock will be stepped. If the correction required is less than the threshold, a slew is used instead.
Type: floating point number or signed integer
Default: 1000
Declared by:
<nixpkgs/nixos/modules/services/networking/ntp/chrony.nix>
|
services.chrony.serverOptionSet option for server directives.
Use "iburst" to rapidly poll on startup. Recommended if your machine is consistently online.
Use "offline" to prevent polling on startup. Recommended if your machine boots offline or is otherwise frequently offline.
Type: one of "iburst", "offline"
Default: "iburst"
Declared by:
<nixpkgs/nixos/modules/services/networking/ntp/chrony.nix>
|
services.chrony.serversThe set of NTP servers from which to synchronise.
Type: list of string
Default: config.networking.timeServers
Declared by:
<nixpkgs/nixos/modules/services/networking/ntp/chrony.nix>
|
services.cinnamon.apps.enableWhether to enable Cinnamon default applications.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/cinnamon.nix>
|
services.cjdns.enableWhether to enable the cjdns network encryption and routing engine. A file at /etc/cjdns.keys will be created if it does not exist to contain a random secret key that your IPv6 address will be derived from.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/cjdns.nix>
|
services.cjdns.ETHInterface.beaconAuto-connect to other cjdns nodes on the same network. Options: 0: Disabled. 1: Accept beacons, this will cause cjdns to accept incoming beacon messages and try connecting to the sender. 2: Accept and send beacons, this will cause cjdns to broadcast messages on the local network which contain a randomly generated per-session password, other nodes which have this set to 1 or 2 will hear the beacon messages and connect automatically.
Type: signed integer
Default: 2
Declared by:
<nixpkgs/nixos/modules/services/networking/cjdns.nix>
|
services.cjdns.ETHInterface.bindBind to this device for native ethernet operation.
all is a pseudo-name which will try to connect to all devices.
Type: string
Default: ""
Example: "eth0"
Declared by:
<nixpkgs/nixos/modules/services/networking/cjdns.nix>
|
services.cjdns.ETHInterface.connectToCredentials for connecting look similar to UDP credientials except they begin with the mac address.
Type: attribute set of (submodule)
Default: { }
Example:
{
"01:02:03:04:05:06" = {
hostname = "homer.hype";
password = "5kG15EfpdcKNX3f2GSQ0H1HC7yIfxoCoImnO5FHM";
publicKey = "371zpkgs8ss387tmr81q04mp0hg1skb51hw34vk1cq644mjqhup0.k";
};
}
Declared by:
<nixpkgs/nixos/modules/services/networking/cjdns.nix>
|
services.cjdns.ETHInterface.connectTo.<name>.hostnameOptional hostname to add to /etc/hosts; prevents reverse lookup failures.
Type: string
Default: ""
Example: "foobar.hype"
Declared by:
<nixpkgs/nixos/modules/services/networking/cjdns.nix>
|
services.cjdns.ETHInterface.connectTo.<name>.login(optional) name your peer has for you
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/cjdns.nix>
|
services.cjdns.ETHInterface.connectTo.<name>.passwordAuthorized password to the opposite end of the tunnel.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/cjdns.nix>
|
services.cjdns.ETHInterface.connectTo.<name>.peerName(optional) human-readable name for peer
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/cjdns.nix>
|
services.cjdns.ETHInterface.connectTo.<name>.publicKeyPublic key at the opposite end of the tunnel.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/cjdns.nix>
|
services.cjdns.UDPInterface.bindAddress and port to bind UDP tunnels to.
Type: string
Default: ""
Example: "192.168.1.32:43211"
Declared by:
<nixpkgs/nixos/modules/services/networking/cjdns.nix>
|
services.cjdns.UDPInterface.connectToCredentials for making UDP tunnels.
Type: attribute set of (submodule)
Default: { }
Example:
{
"192.168.1.1:27313" = {
hostname = "homer.hype";
password = "5kG15EfpdcKNX3f2GSQ0H1HC7yIfxoCoImnO5FHM";
publicKey = "371zpkgs8ss387tmr81q04mp0hg1skb51hw34vk1cq644mjqhup0.k";
};
}
Declared by:
<nixpkgs/nixos/modules/services/networking/cjdns.nix>
|
services.cjdns.UDPInterface.connectTo.<name>.hostnameOptional hostname to add to /etc/hosts; prevents reverse lookup failures.
Type: string
Default: ""
Example: "foobar.hype"
Declared by:
<nixpkgs/nixos/modules/services/networking/cjdns.nix>
|
services.cjdns.UDPInterface.connectTo.<name>.login(optional) name your peer has for you
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/cjdns.nix>
|
services.cjdns.UDPInterface.connectTo.<name>.passwordAuthorized password to the opposite end of the tunnel.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/cjdns.nix>
|
services.cjdns.UDPInterface.connectTo.<name>.peerName(optional) human-readable name for peer
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/cjdns.nix>
|
services.cjdns.UDPInterface.connectTo.<name>.publicKeyPublic key at the opposite end of the tunnel.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/cjdns.nix>
|
services.cjdns.addExtraHostsWhether to add cjdns peers with an associated hostname to
/etc/hosts. Beware that enabling this
incurs heavy eval-time costs.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/cjdns.nix>
|
services.cjdns.admin.bindBind the administration port to this address and port.
Type: string
Default: "127.0.0.1:11234"
Declared by:
<nixpkgs/nixos/modules/services/networking/cjdns.nix>
|
services.cjdns.authorizedPasswordsAny remote cjdns nodes that offer these passwords on connection will be allowed to route through this node.
Type: list of string
Default: [ ]
Example:
[ "snyrfgkqsc98qh1y4s5hbu0j57xw5s0" "z9md3t4p45mfrjzdjurxn4wuj0d8swv" "49275fut6tmzu354pq70sr5b95qq0vj" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/cjdns.nix>
|
services.cjdns.confFileIgnore all other cjdns options and load configuration from this file.
Type: null or path
Default: null
Example: "/etc/cjdroute.conf"
Declared by:
<nixpkgs/nixos/modules/services/networking/cjdns.nix>
|
services.cjdns.extraConfigExtra configuration, given as attrs, that will be merged recursively with the rest of the JSON generated by this module, at the root node.
Type: attribute set
Default: { }
Example:
{
router = {
interface = {
tunDevice = "tun10";
};
};
}Declared by:
<nixpkgs/nixos/modules/services/networking/cjdns.nix>
|
services.clamav.daemon.enableWhether to enable ClamAV clamd daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/security/clamav.nix>
|
services.clamav.daemon.settingsClamAV configuration. Refer to https://linux.die.net/man/5/clamd.conf, for details on supported values.
Type: attribute set of (boolean or signed integer or string or list of string)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/security/clamav.nix>
|
services.clamav.updater.enableWhether to enable ClamAV freshclam updater.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/security/clamav.nix>
|
services.clamav.updater.frequencyNumber of database checks per day.
Type: signed integer
Default: 12
Declared by:
<nixpkgs/nixos/modules/services/security/clamav.nix>
|
services.clamav.updater.intervalHow often freshclam is invoked. See systemd.time(7) for more information about the format.
Type: string
Default: "hourly"
Declared by:
<nixpkgs/nixos/modules/services/security/clamav.nix>
|
services.clamav.updater.settingsfreshclam configuration. Refer to https://linux.die.net/man/5/freshclam.conf, for details on supported values.
Type: attribute set of (boolean or signed integer or string or list of string)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/security/clamav.nix>
|
services.clamsmtp.enableWhether to enable clamsmtp.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/mail/clamsmtp.nix>
|
services.clamsmtp.instancesInstances of clamsmtp to run.
Type: list of (submodule)
Declared by:
<nixpkgs/nixos/modules/services/mail/clamsmtp.nix>
|
services.clamsmtp.instances.*.actionAction to take when a virus is detected.
Note that viruses often spoof sender addresses, so bouncing is in most cases not a good idea.
Type: one of "bounce", "drop", "pass"
Default: "drop"
Declared by:
<nixpkgs/nixos/modules/services/mail/clamsmtp.nix>
|
services.clamsmtp.instances.*.headerA header to add to scanned messages. See clamsmtpd.conf(5) for more details. Empty means no header.
Type: string
Default: ""
Example: "X-Virus-Scanned: ClamAV using ClamSMTP"
Declared by:
<nixpkgs/nixos/modules/services/mail/clamsmtp.nix>
|
services.clamsmtp.instances.*.keepAlivesNumber of seconds to wait between each NOOP sent to the sending server. 0 to disable.
This is meant for slow servers where the sending MTA times out waiting for clamd to scan the file.
Type: signed integer
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/mail/clamsmtp.nix>
|
services.clamsmtp.instances.*.listenAddress to wait for incoming SMTP connections on. See clamsmtpd.conf(5) for more details.
Type: string
Example: "127.0.0.1:10025"
Declared by:
<nixpkgs/nixos/modules/services/mail/clamsmtp.nix>
|
services.clamsmtp.instances.*.maxConnectionsMaximum number of connections to accept at once.
Type: signed integer
Default: 64
Declared by:
<nixpkgs/nixos/modules/services/mail/clamsmtp.nix>
|
services.clamsmtp.instances.*.outAddressAddress of the SMTP server to send email to once it has been scanned.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/mail/clamsmtp.nix>
|
services.clamsmtp.instances.*.quarantineWhether to quarantine files that contain viruses by leaving them in the temporary directory.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/mail/clamsmtp.nix>
|
services.clamsmtp.instances.*.tempDirectoryTemporary directory that needs to be accessible to both clamd and clamsmtpd.
Type: string
Default: "/tmp"
Declared by:
<nixpkgs/nixos/modules/services/mail/clamsmtp.nix>
|
services.clamsmtp.instances.*.timeoutTime-out for network connections.
Type: signed integer
Default: 180
Declared by:
<nixpkgs/nixos/modules/services/mail/clamsmtp.nix>
|
services.clamsmtp.instances.*.transparentProxyEnable clamsmtp's transparent proxy support.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/mail/clamsmtp.nix>
|
services.clamsmtp.instances.*.virusActionCommand to run when a virus is found. Please see VIRUS ACTION in clamsmtpd(8) for a discussion of this option and its safe use.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/mail/clamsmtp.nix>
|
services.clamsmtp.instances.*.xClientSend the XCLIENT command to the receiving server, for forwarding client addresses and connection information if the receiving server supports this feature.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/mail/clamsmtp.nix>
|
services.clickhouse.enableWhether to enable ClickHouse database server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/databases/clickhouse.nix>
|
services.clickhouse.packageClickHouse package to use.
Type: package
Default: pkgs.clickhouse
Declared by:
<nixpkgs/nixos/modules/services/databases/clickhouse.nix>
|
services.clight.enableWhether to enable clight.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/clight.nix>
|
services.clight.settingsAdditional configuration to extend clight.conf. See https://github.com/FedeDP/Clight/blob/master/Extra/clight.conf for a sample configuration file.
Type: attribute set of (null or signed integer or string or boolean or floating point number or list of (signed integer or string or boolean or floating point number) or attribute set of (signed integer or string or boolean or floating point number or list of (signed integer or string or boolean or floating point number)))
Default: { }
Example:
{
ac_capture_timeouts = [
120
300
60
];
captures = 20;
gamma_long_transition = true;
}Declared by:
<nixpkgs/nixos/modules/services/x11/clight.nix>
|
services.clight.temperature.dayColour temperature to use during the day, between
1000 and 25000 K.
Type: signed integer
Default: 5500
Declared by:
<nixpkgs/nixos/modules/services/x11/clight.nix>
|
services.clight.temperature.nightColour temperature to use at night, between
1000 and 25000 K.
Type: signed integer
Default: 3700
Declared by:
<nixpkgs/nixos/modules/services/x11/clight.nix>
|
services.clipcat.enableWhether to enable Clipcat clipboard daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/clipcat.nix>
|
services.clipcat.packageclipcat derivation to use.
Type: package
Default: pkgs.clipcat
Declared by:
<nixpkgs/nixos/modules/services/misc/clipcat.nix>
|
services.clipmenu.enableWhether to enable clipmenu, the clipboard management daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/clipmenu.nix>
|
services.clipmenu.packageclipmenu derivation to use.
Type: package
Default: pkgs.clipmenu
Declared by:
<nixpkgs/nixos/modules/services/misc/clipmenu.nix>
|
services.cloud-init.enableEnable the cloud-init service. This services reads configuration metadata in a cloud environment and configures the machine according to this metadata.
This configuration is not completely compatible with the NixOS way of doing configuration, as configuration done by cloud-init might be overridden by a subsequent nixos-rebuild call. However, some parts of cloud-init fall outside of NixOS's responsibility, like filesystem resizing and ssh public key provisioning, and cloud-init is useful for that parts. Thus, be wary that using cloud-init in NixOS might come as some cost.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/system/cloud-init.nix>
|
services.cloud-init.btrfs.enableAllow the cloud-init service to operate btrfs filesystem.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/system/cloud-init.nix>
|
services.cloud-init.configcloud-init configuration.
Type: string
Default:
''
system_info:
distro: nixos
network:
renderers: [ 'networkd' ]
users:
- root
disable_root: false
preserve_hostname: false
cloud_init_modules:
- migrator
- seed_random
- bootcmd
- write-files
- growpart
- resizefs
- update_hostname
- resolv_conf
- ca-certs
- rsyslog
- users-groups
cloud_config_modules:
- disk_setup
- mounts
- ssh-import-id
- set-passwords
- timezone
- disable-ec2-metadata
- runcmd
- ssh
cloud_final_modules:
- rightscale_userdata
- scripts-vendor
- scripts-per-once
- scripts-per-boot
- scripts-per-instance
- scripts-user
- ssh-authkey-fingerprints
- keys-to-console
- phone-home
- final-message
- power-state-change
''Declared by:
<nixpkgs/nixos/modules/services/system/cloud-init.nix>
|
services.cloud-init.ext4.enableAllow the cloud-init service to operate ext4 filesystem.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/system/cloud-init.nix>
|
services.cloud-init.network.enableAllow the cloud-init service to configure network interfaces through systemd-networkd.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/system/cloud-init.nix>
|
services.cloudflare-dyndns.enableWhether to enable Cloudflare Dynamic DNS Client.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/cloudflare-dyndns.nix>
|
services.cloudflare-dyndns.apiTokenFileThe path to a file containing the CloudFlare API token.
The file must have the form CLOUDFLARE_API_TOKEN=...
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/cloudflare-dyndns.nix>
|
services.cloudflare-dyndns.deleteMissingWhether to delete the record when no IP address is found.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/cloudflare-dyndns.nix>
|
services.cloudflare-dyndns.domainsList of domain names to update records for.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/cloudflare-dyndns.nix>
|
services.cloudflare-dyndns.ipv4Whether to enable setting IPv4 A records.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/cloudflare-dyndns.nix>
|
services.cloudflare-dyndns.ipv6Whether to enable setting IPv6 AAAA records.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/cloudflare-dyndns.nix>
|
services.cloudflare-dyndns.proxiedWhether this is a DNS-only record, or also being proxied through CloudFlare.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/cloudflare-dyndns.nix>
|
services.cloudflared.enableWhether to enable Cloudflare Tunnel client daemon (formerly Argo Tunnel).
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/cloudflared.nix>
|
services.cloudflared.packageThe package to use for Cloudflared.
Type: package
Default: "pkgs.cloudflared"
Declared by:
<nixpkgs/nixos/modules/services/networking/cloudflared.nix>
|
services.cloudflared.groupGroup under which cloudflared runs.
Type: string
Default: "cloudflared"
Declared by:
<nixpkgs/nixos/modules/services/networking/cloudflared.nix>
|
services.cloudflared.tunnelsCloudflare tunnels.
Type: attribute set of (submodule)
Default: { }
Example:
{
"00000000-0000-0000-0000-000000000000" = {
credentialsFile = "/tmp/test";
default = "http_status:404";
ingress = {
"*.domain1.com" = {
service = "http://localhost:80";
};
};
};
}Declared by:
<nixpkgs/nixos/modules/services/networking/cloudflared.nix>
|
services.cloudflared.tunnels.<name>.credentialsFileCredential file.
See [https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/install-and-setup/tunnel-useful-terms/#credentials-file](Credentials file).
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/cloudflared.nix>
|
services.cloudflared.tunnels.<name>.defaultCatch-all service if no ingress matches.
See service.
Type: null or string
Default: null
Example: "http_status:404"
Declared by:
<nixpkgs/nixos/modules/services/networking/cloudflared.nix>
|
services.cloudflared.tunnels.<name>.ingressIngress rules.
See [https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/configuration/local-management/ingress/](Ingress rules).
Type: attribute set of (string or (submodule))
Default: { }
Example:
{
"*.anotherone.com" = "http://localhost:80";
"*.domain.com" = "http://localhost:80";
}Declared by:
<nixpkgs/nixos/modules/services/networking/cloudflared.nix>
|
services.cloudflared.tunnels.<name>.originRequest.caPoolPath to the certificate authority (CA) for the certificate of your origin. This option should be used only if your certificate is not signed by Cloudflare.
Type: null or string or path
Default: null
Example: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/cloudflared.nix>
|
services.cloudflared.tunnels.<name>.originRequest.connectTimeoutTimeout for establishing a new TCP connection to your origin server. This excludes the time taken to establish TLS, which is controlled by https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/configuration/local-management/ingress/#tlstimeout.
Type: null or string
Default: null
Example: "30s"
Declared by:
<nixpkgs/nixos/modules/services/networking/cloudflared.nix>
|
services.cloudflared.tunnels.<name>.originRequest.disableChunkedEncodingDisables chunked transfer encoding. Useful if you are running a WSGI server.
Type: null or boolean
Default: null
Example: false
Declared by:
<nixpkgs/nixos/modules/services/networking/cloudflared.nix>
|
services.cloudflared.tunnels.<name>.originRequest.httpHostHeaderSets the HTTP Host header on requests sent to the local service.
Type: null or string
Default: null
Example: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/cloudflared.nix>
|
services.cloudflared.tunnels.<name>.originRequest.keepAliveConnectionsMaximum number of idle keepalive connections between Tunnel and your origin. This does not restrict the total number of concurrent connections.
Type: null or signed integer
Default: null
Example: 100
Declared by:
<nixpkgs/nixos/modules/services/networking/cloudflared.nix>
|
services.cloudflared.tunnels.<name>.originRequest.keepAliveTimeoutTimeout after which an idle keepalive connection can be discarded.
Type: null or string
Default: null
Example: "1m30s"
Declared by:
<nixpkgs/nixos/modules/services/networking/cloudflared.nix>
|
services.cloudflared.tunnels.<name>.originRequest.noHappyEyeballsDisable the “happy eyeballs” algorithm for IPv4/IPv6 fallback if your local network has misconfigured one of the protocols.
Type: null or boolean
Default: null
Example: false
Declared by:
<nixpkgs/nixos/modules/services/networking/cloudflared.nix>
|
services.cloudflared.tunnels.<name>.originRequest.noTLSVerifyDisables TLS verification of the certificate presented by your origin. Will allow any certificate from the origin to be accepted.
Type: null or boolean
Default: null
Example: false
Declared by:
<nixpkgs/nixos/modules/services/networking/cloudflared.nix>
|
services.cloudflared.tunnels.<name>.originRequest.originServerNameHostname that cloudflared should expect from your origin server certificate.
Type: null or string
Default: null
Example: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/cloudflared.nix>
|
services.cloudflared.tunnels.<name>.originRequest.proxyAddresscloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures the listen address for that proxy.
Type: null or string
Default: null
Example: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/cloudflared.nix>
|
services.cloudflared.tunnels.<name>.originRequest.proxyPortcloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures the listen port for that proxy. If set to zero, an unused port will randomly be chosen.
Type: null or signed integer
Default: null
Example: 0
Declared by:
<nixpkgs/nixos/modules/services/networking/cloudflared.nix>
|
services.cloudflared.tunnels.<name>.originRequest.proxyTypecloudflared starts a proxy server to translate HTTP traffic into TCP when proxying, for example, SSH or RDP. This configures what type of proxy will be started. Valid options are:
"" for the regular proxy
"socks" for a SOCKS5 proxy. Refer to the [https://developers.cloudflare.com/cloudflare-one/tutorials/kubectl/](tutorial on connecting through Cloudflare Access using kubectl) for more information.
Type: null or one of "", "socks"
Default: null
Example: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/cloudflared.nix>
|
services.cloudflared.tunnels.<name>.originRequest.tcpKeepAliveThe timeout after which a TCP keepalive packet is sent on a connection between Tunnel and the origin server.
Type: null or string
Default: null
Example: "30s"
Declared by:
<nixpkgs/nixos/modules/services/networking/cloudflared.nix>
|
services.cloudflared.tunnels.<name>.originRequest.tlsTimeoutTimeout for completing a TLS handshake to your origin server, if you have chosen to connect Tunnel to an HTTPS server.
Type: null or string
Default: null
Example: "10s"
Declared by:
<nixpkgs/nixos/modules/services/networking/cloudflared.nix>
|
services.cloudflared.tunnels.<name>.warp-routing.enabledEnable warp routing.
See [https://developers.cloudflare.com/cloudflare-one/tutorials/warp-to-tunnel/](Connect from WARP to a private network on Cloudflare using Cloudflare Tunnel).
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/cloudflared.nix>
|
services.cloudflared.userUser account under which Cloudflared runs.
Type: string
Default: "cloudflared"
Declared by:
<nixpkgs/nixos/modules/services/networking/cloudflared.nix>
|
services.cntlm.enableWhether to enable cntlm, which starts a local proxy.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/cntlm.nix>
|
services.cntlm.configTextVerbatim contents of cntlm.conf.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/cntlm.nix>
|
services.cntlm.domainProxy account domain/workgroup name.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/cntlm.nix>
|
services.cntlm.extraConfigAdditional config appended to the end of the generated cntlm.conf.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/cntlm.nix>
|
services.cntlm.netbios_hostnameThe hostname of your machine.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/cntlm.nix>
|
services.cntlm.noproxyA list of domains where the proxy is skipped.
Type: list of string
Default: [ ]
Example:
[ "*.example.com" "example.com" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/cntlm.nix>
|
services.cntlm.passwordProxy account password. Note: use chmod 0600 on /etc/cntlm.password for security.
Type: string
Default: "/etc/cntlm.password"
Declared by:
<nixpkgs/nixos/modules/services/networking/cntlm.nix>
|
services.cntlm.portSpecifies on which ports the cntlm daemon listens.
Type: list of 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
[ 3128 ]
Declared by:
<nixpkgs/nixos/modules/services/networking/cntlm.nix>
|
services.cntlm.proxyA list of NTLM/NTLMv2 authenticating HTTP proxies.
Parent proxy, which requires authentication. The same as proxy on the command-line, can be used more than once to specify unlimited number of proxies. Should one proxy fail, cntlm automatically moves on to the next one. The connect request fails only if the whole list of proxies is scanned and (for each request) and found to be invalid. Command-line takes precedence over the configuration file.
Type: list of string
Example:
[ "proxy.example.com:81" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/cntlm.nix>
|
services.cntlm.usernameProxy account name, without the possibility to include domain name ('at' sign is interpreted literally).
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/cntlm.nix>
|
services.cockroachdb.enableWhether to enable CockroachDB Server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/databases/cockroachdb.nix>
|
services.cockroachdb.packageThe CockroachDB derivation to use for running the service.
This would primarily be useful to enable Enterprise Edition features in your own custom CockroachDB build (Nixpkgs CockroachDB binaries only contain open source features and open source code).
Type: package
Default: pkgs.cockroachdb
Declared by:
<nixpkgs/nixos/modules/services/databases/cockroachdb.nix>
|
services.cockroachdb.cacheThe total size for caches.
This can be a percentage, expressed with a fraction sign or as a
decimal-point number, or any bytes-based unit. For example,
"25%", "0.25" both represent
25% of the available system memory. The values
"1000000000" and "1GB" both
represent 1 gigabyte of memory.
Type: string
Default: "25%"
Declared by:
<nixpkgs/nixos/modules/services/databases/cockroachdb.nix>
|
services.cockroachdb.certsDirThe path to the certificate directory.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/databases/cockroachdb.nix>
|
services.cockroachdb.extraArgsExtra CLI arguments passed to cockroach start. For the full list of supported argumemnts, check https://www.cockroachlabs.com/docs/stable/cockroach-start.html#flags
Type: list of string
Default: [ ]
Example:
[ "--advertise-addr" "[fe80::f6f2:::]" ]
Declared by:
<nixpkgs/nixos/modules/services/databases/cockroachdb.nix>
|
services.cockroachdb.groupUser account under which CockroachDB runs
Type: string
Default: "cockroachdb"
Declared by:
<nixpkgs/nixos/modules/services/databases/cockroachdb.nix>
|
services.cockroachdb.http.addressAddress to bind to for http-based Admin UI
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/databases/cockroachdb.nix>
|
services.cockroachdb.http.portPort to bind to for http-based Admin UI
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8080
Declared by:
<nixpkgs/nixos/modules/services/databases/cockroachdb.nix>
|
services.cockroachdb.insecureRun in insecure mode.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/databases/cockroachdb.nix>
|
services.cockroachdb.joinThe addresses for connecting the node to a cluster.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/databases/cockroachdb.nix>
|
services.cockroachdb.listen.addressAddress to bind to for intra-cluster communication
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/databases/cockroachdb.nix>
|
services.cockroachdb.listen.portPort to bind to for intra-cluster communication
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 26257
Declared by:
<nixpkgs/nixos/modules/services/databases/cockroachdb.nix>
|
services.cockroachdb.localityAn ordered, comma-separated list of key-value pairs that describe the topography of the machine. Topography might include country, datacenter or rack designations. Data is automatically replicated to maximize diversities of each tier. The order of tiers is used to determine the priority of the diversity, so the more inclusive localities like country should come before less inclusive localities like datacenter. The tiers and order must be the same on all nodes. Including more tiers is better than including fewer. For example:
country=us,region=us-west,datacenter=us-west-1b,rack=12
country=ca,region=ca-east,datacenter=ca-east-2,rack=4
planet=earth,province=manitoba,colo=secondary,power=3
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/databases/cockroachdb.nix>
|
services.cockroachdb.maxSqlMemoryThe maximum in-memory storage capacity available to store temporary data for SQL queries.
This can be a percentage, expressed with a fraction sign or as a
decimal-point number, or any bytes-based unit. For example,
"25%", "0.25" both represent
25% of the available system memory. The values
"1000000000" and "1GB" both
represent 1 gigabyte of memory.
Type: string
Default: "25%"
Declared by:
<nixpkgs/nixos/modules/services/databases/cockroachdb.nix>
|
services.cockroachdb.openPortsOpen firewall ports for cluster communication by default
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/databases/cockroachdb.nix>
|
services.cockroachdb.userUser account under which CockroachDB runs
Type: string
Default: "cockroachdb"
Declared by:
<nixpkgs/nixos/modules/services/databases/cockroachdb.nix>
|
services.code-server.enableWhether to enable code-server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/code-server.nix>
|
services.code-server.packageWhich code-server derivation to use.
Type: package
Default: pkgs.code-server
Declared by:
<nixpkgs/nixos/modules/services/web-apps/code-server.nix>
|
services.code-server.authThe type of authentication to use.
Type: one of "none", "password"
Default: "password"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/code-server.nix>
|
services.code-server.extraArgumentsAdditional arguments that passed to code-server
Type: list of string
Default:
[ "--disable-telemetry" ]
Example: "[ \"--verbose\" ]"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/code-server.nix>
|
services.code-server.extraEnvironmentAdditional environment variables to passed to code-server.
Type: attribute set of string
Default: { }
Example:
{
PKG_CONFIG_PATH = "/run/current-system/sw/lib/pkgconfig";
}Declared by:
<nixpkgs/nixos/modules/services/web-apps/code-server.nix>
|
services.code-server.extraGroupsAn array of additional groups for the code-server user.
Type: list of string
Default: [ ]
Example:
[ "docker" ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/code-server.nix>
|
services.code-server.extraPackagesPackages that are available in the PATH of code-server.
Type: list of package
Default: [ ]
Example: "[ pkgs.go ]"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/code-server.nix>
|
services.code-server.groupThe group to run code-server under.
By default, a group named code-server will be created.
Type: string
Default: "code-server"
Example: "yourGroup"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/code-server.nix>
|
services.code-server.hashedPasswordCreate the password with: echo -n 'thisismypassword' | npx argon2-cli -e.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/code-server.nix>
|
services.code-server.hostThe host-ip to bind to.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/code-server.nix>
|
services.code-server.portThe port where code-server runs.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 4444
Declared by:
<nixpkgs/nixos/modules/services/web-apps/code-server.nix>
|
services.code-server.userThe user to run code-server as.
By default, a user named code-server will be created.
Type: string
Default: "code-server"
Example: "yourUser"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/code-server.nix>
|
services.collectd.enableWhether to enable collectd agent.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/collectd.nix>
|
services.collectd.packageWhich collectd package to use.
Type: package
Default: pkgs.collectd
Declared by:
<nixpkgs/nixos/modules/services/monitoring/collectd.nix>
|
services.collectd.autoLoadPluginEnable plugin autoloading.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/collectd.nix>
|
services.collectd.buildMinimalPackageBuild a minimal collectd package with only the configured services.collectd.plugins
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/collectd.nix>
|
services.collectd.dataDirData directory for collectd agent.
Type: path
Default: "/var/lib/collectd"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/collectd.nix>
|
services.collectd.extraConfigExtra configuration for collectd. Use mkBefore to add lines before the default config, and mkAfter to add them below.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/collectd.nix>
|
services.collectd.includeAdditional paths to load config from.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/collectd.nix>
|
services.collectd.pluginsAttribute set of plugin names to plugin config segments
Type: attribute set of strings concatenated with "\n"
Default: { }
Example:
{
cpu = "";
memory = "";
network = "Server 192.168.1.1 25826";
}Declared by:
<nixpkgs/nixos/modules/services/monitoring/collectd.nix>
|
services.collectd.userUser under which to run collectd.
Type: null or string
Default: "collectd"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/collectd.nix>
|
services.collectd.validateConfigValidate the syntax of collectd configuration file at build time. Disable this if you use the Include directive on files unavailable in the build sandbox, or when cross-compiling.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/collectd.nix>
|
services.colord.enableWhether to enable colord, the color management daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/colord.nix>
|
services.comptonAlias of services.picom.
Type: submodule
Declared by:
<nixpkgs/nixos/modules/services/x11/picom.nix>
|
services.confd.enableWhether to enable confd service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/confd.nix>
|
services.confd.packageConfd package to use.
Type: package
Default: pkgs.confd
Declared by:
<nixpkgs/nixos/modules/services/misc/confd.nix>
|
services.confd.backendConfd config storage backend to use.
Type: one of "etcd", "consul", "redis", "zookeeper"
Default: "etcd"
Declared by:
<nixpkgs/nixos/modules/services/misc/confd.nix>
|
services.confd.confDirThe path to the confd configs.
Type: path
Default: "/etc/confd"
Declared by:
<nixpkgs/nixos/modules/services/misc/confd.nix>
|
services.confd.intervalConfd check interval.
Type: signed integer
Default: 10
Declared by:
<nixpkgs/nixos/modules/services/misc/confd.nix>
|
services.confd.logLevelConfd log level.
Type: one of "info", "debug"
Default: "info"
Declared by:
<nixpkgs/nixos/modules/services/misc/confd.nix>
|
services.confd.nodesConfd list of nodes to connect to.
Type: list of string
Default:
[ "http://127.0.0.1:2379" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/confd.nix>
|
services.confd.prefixThe string to prefix to keys.
Type: path
Default: "/"
Declared by:
<nixpkgs/nixos/modules/services/misc/confd.nix>
|
services.confd.watchConfd, whether to watch etcd config for changes.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/misc/confd.nix>
|
services.confluence.enableWhether to enable Atlassian Confluence service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/confluence.nix>
|
services.confluence.packageAtlassian Confluence package to use.
Type: package
Default: pkgs.atlassian-confluence
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/confluence.nix>
|
services.confluence.catalinaOptionsJava options to pass to catalina/tomcat.
Type: list of string
Default: [ ]
Example:
[ "-Xms1024m" "-Xmx2048m" "-Dconfluence.disable.peopledirectory.all=true" ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/confluence.nix>
|
services.confluence.groupGroup which runs confluence.
Type: string
Default: "confluence"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/confluence.nix>
|
services.confluence.homeHome directory of the confluence instance.
Type: string
Default: "/var/lib/confluence"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/confluence.nix>
|
services.confluence.jrePackageNote that Atlassian only support the Oracle JRE (JRASERVER-46152).
Type: package
Default: pkgs.oraclejre8
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/confluence.nix>
|
services.confluence.listenAddressAddress to listen on.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/confluence.nix>
|
services.confluence.listenPortPort to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8090
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/confluence.nix>
|
services.confluence.proxy.enableWhether to enable proxy support.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/confluence.nix>
|
services.confluence.proxy.nameVirtual hostname at the proxy
Type: string
Example: "confluence.example.com"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/confluence.nix>
|
services.confluence.proxy.portPort used at the proxy
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 443
Example: 80
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/confluence.nix>
|
services.confluence.proxy.schemeProtocol used at the proxy.
Type: string
Default: "https"
Example: "http"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/confluence.nix>
|
services.confluence.sso.enableWhether to enable SSO with Atlassian Crowd.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/confluence.nix>
|
services.confluence.sso.applicationNameExact name of this Confluence instance in Crowd
Type: string
Example: "jira"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/confluence.nix>
|
services.confluence.sso.applicationPasswordApplication password of this Confluence instance in Crowd
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/confluence.nix>
|
services.confluence.sso.applicationPasswordFilePath to the application password for Crowd of Confluence.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/confluence.nix>
|
services.confluence.sso.crowdCrowd Base URL without trailing slash
Type: string
Example: "http://localhost:8095/crowd"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/confluence.nix>
|
services.confluence.sso.validationIntervalSet to 0, if you want authentication checks to occur on each request. Otherwise set to the number of minutes between request to validate if the user is logged in or out of the Crowd SSO server. Setting this value to 1 or higher will increase the performance of Crowd's integration.
Type: signed integer
Default: 2
Example: 0
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/confluence.nix>
|
services.confluence.userUser which runs confluence.
Type: string
Default: "confluence"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/confluence.nix>
|
services.connman.enableWhether to use ConnMan for managing your network connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/connman.nix>
|
services.connman.enableVPNWhether to enable ConnMan VPN service.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/connman.nix>
|
services.connman.packageThe connman package / build flavor
Type: package
Default: pkgs.connman
Example: pkgs.connmanFull
Declared by:
<nixpkgs/nixos/modules/services/networking/connman.nix>
|
services.connman.extraConfigConfiguration lines appended to the generated connman configuration file.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/connman.nix>
|
services.connman.extraFlagsExtra flags to pass to connmand
Type: list of string
Default: [ ]
Example:
[ "--nodnsproxy" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/connman.nix>
|
services.connman.networkInterfaceBlacklistDefault blacklisted interfaces, this includes NixOS containers interfaces (ve).
Type: list of string
Default:
[ "vmnet" "vboxnet" "virbr" "ifb" "ve" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/connman.nix>
|
services.connman.wifi.backendSpecify the Wi-Fi backend used.
Currently supported are wpa_supplicant or iwd.
Type: one of "wpa_supplicant", "iwd"
Default: "wpa_supplicant"
Declared by:
<nixpkgs/nixos/modules/services/networking/connman.nix>
|
services.consul.enableEnables the consul daemon.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/consul.nix>
|
services.consul.packageThe package used for the Consul agent and CLI.
Type: package
Default: pkgs.consul
Declared by:
<nixpkgs/nixos/modules/services/networking/consul.nix>
|
services.consul.alerts.enableWhether to enable consul-alerts.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/consul.nix>
|
services.consul.alerts.packagePackage to use for consul-alerts.
Type: package
Default: pkgs.consul-alerts
Declared by:
<nixpkgs/nixos/modules/services/networking/consul.nix>
|
services.consul.alerts.consulAddrConsul api listening address
Type: string
Default: "localhost:8500"
Declared by:
<nixpkgs/nixos/modules/services/networking/consul.nix>
|
services.consul.alerts.listenAddrApi listening address.
Type: string
Default: "localhost:9000"
Declared by:
<nixpkgs/nixos/modules/services/networking/consul.nix>
|
services.consul.alerts.watchChecksWhether to enable check watcher.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/consul.nix>
|
services.consul.alerts.watchEventsWhether to enable event watcher.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/consul.nix>
|
services.consul.dropPrivilegesWhether the consul agent should be run as a non-root consul user.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/consul.nix>
|
services.consul.extraConfigExtra configuration options which are serialized to json and added to the config.json file.
Type: attribute set of anything
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/consul.nix>
|
services.consul.extraConfigFilesAdditional configuration files to pass to consul NOTE: These will not trigger the service to be restarted when altered.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/consul.nix>
|
services.consul.forceAddrFamilyWhether to bind ipv4/ipv6 or both kind of addresses.
Type: one of "any", "ipv4", "ipv6"
Default: "any"
Declared by:
<nixpkgs/nixos/modules/services/networking/consul.nix>
|
services.consul.forceIpv4Deprecated: Use consul.forceAddrFamily instead. Whether we should force the interfaces to only pull ipv4 addresses.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/consul.nix>
|
services.consul.interface.advertiseThe name of the interface to pull the advertise_addr from.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/consul.nix>
|
services.consul.interface.bindThe name of the interface to pull the bind_addr from.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/consul.nix>
|
services.consul.leaveOnStopIf enabled, causes a leave action to be sent when closing consul. This allows a clean termination of the node, but permanently removes it from the cluster. You probably don't want this option unless you are running a node which going offline in a permanent / semi-permanent fashion.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/consul.nix>
|
services.consul.webUiEnables the web interface on the consul http port.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/consul.nix>
|
services.convos.enableWhether to enable Convos.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/convos.nix>
|
services.convos.listenAddressAddress or host the web interface should listen on
Type: string
Default: "*"
Example: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/convos.nix>
|
services.convos.listenPortPort the web interface should listen on
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 3000
Example: 8080
Declared by:
<nixpkgs/nixos/modules/services/web-apps/convos.nix>
|
services.convos.reverseProxyEnables reverse proxy support. This will allow Convos to automatically
pick up the X-Forwarded-For and
X-Request-Base HTTP headers set in your reverse proxy
web server. Note that enabling this option without a reverse proxy in
front will be a security issue.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/convos.nix>
|
services.coredns.enableWhether to enable Coredns dns server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/coredns.nix>
|
services.coredns.packageCoredns package to use.
Type: package
Default: pkgs.coredns
Declared by:
<nixpkgs/nixos/modules/services/networking/coredns.nix>
|
services.coredns.configVerbatim Corefile to use. See https://coredns.io/manual/toc/#configuration for details.
Type: strings concatenated with "\n"
Default: ""
Example:
''
. {
whoami
}
''Declared by:
<nixpkgs/nixos/modules/services/networking/coredns.nix>
|
services.corerad.enableWhether to enable CoreRAD IPv6 NDP RA daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/corerad.nix>
|
services.corerad.packageCoreRAD package to use.
Type: package
Default: pkgs.corerad
Declared by:
<nixpkgs/nixos/modules/services/networking/corerad.nix>
|
services.corerad.configFilePath to CoreRAD TOML configuration file.
Type: path
Example: "${pkgs.corerad}/etc/corerad/corerad.toml"
Declared by:
<nixpkgs/nixos/modules/services/networking/corerad.nix>
|
services.corerad.settingsConfiguration for CoreRAD, see https://github.com/mdlayher/corerad/blob/main/internal/config/reference.toml for supported values. Ignored if configFile is set.
Type: TOML value
Example:
{
interfaces = [
# eth0 is an upstream interface monitoring for IPv6 router advertisements.
{
name = "eth0";
monitor = true;
}
# eth1 is a downstream interface advertising IPv6 prefixes for SLAAC.
{
name = "eth1";
advertise = true;
prefix = [{ prefix = "::/64"; }];
}
];
# Optionally enable Prometheus metrics.
debug = {
address = "localhost:9430";
prometheus = true;
};
}
Declared by:
<nixpkgs/nixos/modules/services/networking/corerad.nix>
|
services.corosync.enableWhether to enable corosync.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/cluster/corosync/default.nix>
|
services.corosync.packagePackage that should be used for corosync.
Type: package
Default: pkgs.corosync
Declared by:
<nixpkgs/nixos/modules/services/cluster/corosync/default.nix>
|
services.corosync.clusterNameName of the corosync cluster.
Type: string
Default: "nixcluster"
Declared by:
<nixpkgs/nixos/modules/services/cluster/corosync/default.nix>
|
services.corosync.extraOptionsAdditional options with which to start corosync.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/cluster/corosync/default.nix>
|
services.corosync.nodelistCorosync nodelist: all cluster members.
Type: list of (submodule)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/cluster/corosync/default.nix>
|
services.corosync.nodelist.*.nameNode name
Type: string
Declared by:
<nixpkgs/nixos/modules/services/cluster/corosync/default.nix>
|
services.corosync.nodelist.*.nodeidNode ID number
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/services/cluster/corosync/default.nix>
|
services.corosync.nodelist.*.ring_addrsList of addresses, one for each ring.
Type: list of string
Declared by:
<nixpkgs/nixos/modules/services/cluster/corosync/default.nix>
|
services.coturn.enableWhether to enable coturn TURN server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
|
services.coturn.alt-listening-portAlternative listening port for UDP and TCP listeners; default (or zero) value means "listening port plus one". This is needed for RFC 5780 support (STUN extension specs, NAT behavior discovery). The TURN Server supports RFC 5780 only if it is started with more than one listening IP address of the same family (IPv4 or IPv6). RFC 5780 is supported only by UDP protocol, other protocols are listening to that endpoint only for "symmetry".
Type: signed integer
Default: listening-port + 1
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
|
services.coturn.alt-tls-listening-portAlternative listening port for TLS and DTLS protocols.
Type: signed integer
Default: tls-listening-port + 1
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
|
services.coturn.certCertificate file in PEM format.
Type: null or string
Default: null
Example: "/var/lib/acme/example.com/fullchain.pem"
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
|
services.coturn.cli-ipLocal system IP address to be used for CLI server endpoint.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
|
services.coturn.cli-passwordCLI access password. For the security reasons, it is recommended to use the encrypted for of the password (see the -P command in the turnadmin utility).
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
|
services.coturn.cli-portCLI server port.
Type: signed integer
Default: 5766
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
|
services.coturn.dh-fileUse custom DH TLS key, stored in PEM format in the file.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
|
services.coturn.extraConfigAdditional configuration options
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
|
services.coturn.listening-ipsListener IP addresses of relay server. If no IP(s) specified in the config file or in the command line options, then all IPv4 and IPv6 system IPs will be used for listening.
Type: list of string
Default: [ ]
Example:
[ "203.0.113.42" "2001:DB8::42" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
|
services.coturn.listening-portTURN listener port for UDP and TCP. Note: actually, TLS and DTLS sessions can connect to the "plain" TCP and UDP port(s), too - if allowed by configuration.
Type: signed integer
Default: 3478
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
|
services.coturn.lt-cred-mechUse long-term credential mechanism.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
|
services.coturn.max-portUpper bound of UDP relay endpoints
Type: signed integer
Default: 65535
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
|
services.coturn.min-portLower bound of UDP relay endpoints
Type: signed integer
Default: 49152
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
|
services.coturn.no-authThis option is opposite to lt-cred-mech. (TURN Server with no-auth option allows anonymous access). If neither option is defined, and no users are defined, then no-auth is default. If at least one user is defined, in this file or in command line or in usersdb file, then lt-cred-mech is default.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
|
services.coturn.no-cliTurn OFF the CLI support.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
|
services.coturn.no-dtlsDisable DTLS client listener
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
|
services.coturn.no-tcpDisable TCP client listener
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
|
services.coturn.no-tcp-relayDisable TCP relay endpoints
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
|
services.coturn.no-tlsDisable TLS client listener
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
|
services.coturn.no-udpDisable UDP client listener
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
|
services.coturn.no-udp-relayDisable UDP relay endpoints
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
|
services.coturn.pkeyPrivate key file in PEM format.
Type: null or string
Default: null
Example: "/var/lib/acme/example.com/key.pem"
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
|
services.coturn.realmThe default realm to be used for the users when no explicit origin/realm relationship was found in the database, or if the TURN server is not using any database (just the commands-line settings and the userdb file). Must be used with long-term credentials mechanism or with TURN REST API.
Type: string
Default: config.networking.hostName
Example: "example.com"
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
|
services.coturn.relay-ipsRelay address (the local IP address that will be used to relay the packets to the peer). Multiple relay addresses may be used. The same IP(s) can be used as both listening IP(s) and relay IP(s).
If no relay IP(s) specified, then the turnserver will apply the default policy: it will decide itself which relay addresses to be used, and it will always be using the client socket IP address as the relay IP address of the TURN session (if the requested relay address family is the same as the family of the client socket).
Type: list of string
Default: [ ]
Example:
[ "203.0.113.42" "2001:DB8::42" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
|
services.coturn.secure-stunRequire authentication of the STUN Binding request. By default, the clients are allowed anonymous access to the STUN Binding functionality.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
|
services.coturn.static-auth-secret'Static' authentication secret value (a string) for TURN REST API only. If not set, then the turn server will try to use the 'dynamic' value in turn_secret table in user database (if present). The database-stored value can be changed on-the-fly by a separate program, so this is why that other mode is 'dynamic'.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
|
services.coturn.static-auth-secret-filePath to the file containing the static authentication secret.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
|
services.coturn.tls-listening-portTURN listener port for TLS. Note: actually, "plain" TCP and UDP sessions can connect to the TLS and DTLS port(s), too - if allowed by configuration. The TURN server "automatically" recognizes the type of traffic. Actually, two listening endpoints (the "plain" one and the "tls" one) are equivalent in terms of functionality; but we keep both endpoints to satisfy the RFC 5766 specs. For secure TCP connections, we currently support SSL version 3 and TLS version 1.0, 1.1 and 1.2. For secure UDP connections, we support DTLS version 1.
Type: signed integer
Default: 5349
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
|
services.coturn.use-auth-secretTURN REST API flag. Flag that sets a special authorization option that is based upon authentication secret. This feature can be used with the long-term authentication mechanism, only. This feature purpose is to support "TURN Server REST API", see "TURN REST API" link in the project's page https://github.com/coturn/coturn/
This option is used with timestamp:
usercombo -> "timestamp:userid" turn user -> usercombo turn password -> base64(hmac(secret key, usercombo))
This allows TURN credentials to be accounted for a specific user id. If you don't have a suitable id, the timestamp alone can be used. This option is just turning on secret-based authentication. The actual value of the secret is defined either by option static-auth-secret, or can be found in the turn_secret table in the database.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/coturn.nix>
|
services.couchdb.enableWhether to enable CouchDB Server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/databases/couchdb.nix>
|
services.couchdb.packageCouchDB package to use.
Type: package
Default: pkgs.couchdb3
Declared by:
<nixpkgs/nixos/modules/services/databases/couchdb.nix>
|
services.couchdb.adminPassCouchdb (i.e. fauxton) account with permission for all dbs and tasks.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/databases/couchdb.nix>
|
services.couchdb.adminUserCouchdb (i.e. fauxton) account with permission for all dbs and tasks.
Type: string
Default: "admin"
Declared by:
<nixpkgs/nixos/modules/services/databases/couchdb.nix>
|
services.couchdb.argsFilevm.args configuration. Overrides Couchdb's Erlang VM parameters file.
Type: path
Default: "config.services.couchdb.package/etc/vm.args"
Declared by:
<nixpkgs/nixos/modules/services/databases/couchdb.nix>
|
services.couchdb.bindAddressDefines the IP address by which CouchDB will be accessible.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/databases/couchdb.nix>
|
services.couchdb.configFileConfiguration file for persisting runtime changes. File needs to be readable and writable from couchdb user/group.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/databases/couchdb.nix>
|
services.couchdb.databaseDirSpecifies location of CouchDB database files (*.couch named). This location should be writable and readable for the user the CouchDB service runs as (couchdb by default).
Type: path
Default: "/var/lib/couchdb"
Declared by:
<nixpkgs/nixos/modules/services/databases/couchdb.nix>
|
services.couchdb.extraConfigExtra configuration. Overrides any other cofiguration.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/databases/couchdb.nix>
|
services.couchdb.groupGroup account under which couchdb runs.
Type: string
Default: "couchdb"
Declared by:
<nixpkgs/nixos/modules/services/databases/couchdb.nix>
|
services.couchdb.logFileSpecifies the location of file for logging output.
Type: path
Default: "/var/log/couchdb.log"
Declared by:
<nixpkgs/nixos/modules/services/databases/couchdb.nix>
|
services.couchdb.portDefined the port number to listen.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 5984
Declared by:
<nixpkgs/nixos/modules/services/databases/couchdb.nix>
|
services.couchdb.uriFileThis file contains the full URI that can be used to access this instance of CouchDB. It is used to help discover the port CouchDB is running on (if it was set to 0 (e.g. automatically assigned any free one). This file should be writable and readable for the user that runs the CouchDB service (couchdb by default).
Type: path
Default: "/run/couchdb/couchdb.uri"
Declared by:
<nixpkgs/nixos/modules/services/databases/couchdb.nix>
|
services.couchdb.userUser account under which couchdb runs.
Type: string
Default: "couchdb"
Declared by:
<nixpkgs/nixos/modules/services/databases/couchdb.nix>
|
services.couchdb.viewIndexDirSpecifies location of CouchDB view index files. This location should be writable and readable for the user that runs the CouchDB service (couchdb by default).
Type: path
Default: "/var/lib/couchdb"
Declared by:
<nixpkgs/nixos/modules/services/databases/couchdb.nix>
|
services.cpuminer-cryptonight.enableWhether to enable the cpuminer cryptonight miner.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/cpuminer-cryptonight.nix>
|
services.cpuminer-cryptonight.passPassword for mining server
Type: string
Default: "x"
Declared by:
<nixpkgs/nixos/modules/services/misc/cpuminer-cryptonight.nix>
|
services.cpuminer-cryptonight.threadsNumber of miner threads, defaults to available processors
Type: signed integer
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/misc/cpuminer-cryptonight.nix>
|
services.cpuminer-cryptonight.urlURL of mining server
Type: string
Declared by:
<nixpkgs/nixos/modules/services/misc/cpuminer-cryptonight.nix>
|
services.cpuminer-cryptonight.userUsername for mining server
Type: string
Declared by:
<nixpkgs/nixos/modules/services/misc/cpuminer-cryptonight.nix>
|
services.cpupower-gui.enableEnables dbus/systemd service needed by cpupower-gui. These services are responsible for retrieving and modifying cpu power saving settings.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/desktops/cpupower-gui.nix>
|
services.create_ap.enableWhether to enable setup wifi hotspots using create_ap.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/create_ap.nix>
|
services.create_ap.settingsConfiguration for create_ap.
See upstream example configuration
for supported values.
Type: attribute set of (signed integer or boolean or string)
Default: { }
Example:
{
INTERNET_IFACE = "eth0";
PASSPHRASE = "12345678";
SSID = "My Wifi Hotspot";
WIFI_IFACE = "wlan0";
}Declared by:
<nixpkgs/nixos/modules/services/networking/create_ap.nix>
|
services.croc.enableWhether to enable croc relay.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/croc.nix>
|
services.croc.debugWhether to enable debug logs.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/croc.nix>
|
services.croc.openFirewallWhether to enable opening of the peer port(s) in the firewall.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/croc.nix>
|
services.croc.passPassword or passwordfile for the relay.
Type: path or string
Default: "pass123"
Declared by:
<nixpkgs/nixos/modules/services/networking/croc.nix>
|
services.croc.portsPorts of the relay.
Type: list of 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
[ 9009 9010 9011 9012 9013 ]
Declared by:
<nixpkgs/nixos/modules/services/networking/croc.nix>
|
services.cron.enableWhether to enable the Vixie cron daemon.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/scheduling/cron.nix>
|
services.cron.cronFilesA list of extra crontab files that will be read and appended to the main crontab file when the cron service starts.
Type: list of path
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/scheduling/cron.nix>
|
services.cron.mailtoEmail address to which job output will be mailed.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/scheduling/cron.nix>
|
services.cron.systemCronJobsA list of Cron jobs to be appended to the system-wide
crontab. See the manual page for crontab for the expected
format. If you want to get the results mailed you must setuid
sendmail. See security.wrappers
If neither /var/cron/cron.deny nor /var/cron/cron.allow exist only root is allowed to have its own crontab file. The /var/cron/cron.deny file is created automatically for you, so every user can use a crontab.
Many nixos modules set systemCronJobs, so if you decide to disable vixie cron and enable another cron daemon, you may want it to get its system crontab based on systemCronJobs.
Type: list of string
Default: [ ]
Example:
[ "* * * * * test ls -l / > /tmp/cronout 2>&1" "* * * * * eelco echo Hello World > /home/eelco/cronout" ]
Declared by:
<nixpkgs/nixos/modules/services/scheduling/cron.nix>
|
services.crossfire-server.enableIf enabled, the Crossfire game server will be started at boot.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/games/crossfire-server.nix>
|
services.crossfire-server.packageThe package to use for the Crossfire server (and map/arch data, if you don't change dataDir).
Type: package
Default: pkgs.crossfire-server
Declared by:
<nixpkgs/nixos/modules/services/games/crossfire-server.nix>
|
services.crossfire-server.configFilesText to append to the corresponding configuration files. Note that the files given in the example are not the complete set of files available to customize; look in /etc/crossfire after enabling the server to see the available files, and read the comments in each file for detailed documentation on the format and what settings are available.
Note that the motd, rules, and news files, if configured here, will overwrite the example files that come with the server, rather than being appended to them as the other configuration files are.
Type: attribute set of string
Default: { }
Example:
{
dm_file = ''
admin:secret_password:localhost
alice:xyzzy:*
'';
ban_file = ''
# Bob is a jerk
bob@*
# So is everyone on 192.168.86.255/24
*@192.168.86.
'';
metaserver2 = ''
metaserver2_notification on
localhostname crossfire.example.net
'';
motd = "Welcome to CrossFire!";
news = "No news yet.";
rules = "Don't be a jerk.";
settings = ''
# be nicer to newbies and harsher to experienced players
balanced_stat_loss true
# don't let players pick up and use admin-created items
real_wiz false
'';
}
Declared by:
<nixpkgs/nixos/modules/services/games/crossfire-server.nix>
|
services.crossfire-server.dataDirWhere to load readonly data from -- maps, archetypes, treasure tables, and the like. If you plan to edit the data on the live server (rather than overlaying the crossfire-maps and crossfire-arch packages and nixos-rebuilding), point this somewhere read-write and copy the data there before starting the server.
Type: string
Default: "${config.services.crossfire.package}/share/crossfire"
Declared by:
<nixpkgs/nixos/modules/services/games/crossfire-server.nix>
|
services.crossfire-server.openFirewallWhether to open ports in the firewall for the server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/games/crossfire-server.nix>
|
services.crossfire-server.stateDirWhere to store runtime data (save files, persistent items, etc).
If left at the default, this will be automatically created on server
startup if it does not already exist. If changed, it is the admin's
responsibility to make sure that the directory exists and is writeable
by the crossfire user.
Type: string
Default: "/var/lib/crossfire"
Declared by:
<nixpkgs/nixos/modules/services/games/crossfire-server.nix>
|
services.crowd.enableWhether to enable Atlassian Crowd service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/crowd.nix>
|
services.crowd.packageAtlassian Crowd package to use.
Type: package
Default: pkgs.atlassian-crowd
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/crowd.nix>
|
services.crowd.catalinaOptionsJava options to pass to catalina/tomcat.
Type: list of string
Default: [ ]
Example:
[ "-Xms1024m" "-Xmx2048m" ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/crowd.nix>
|
services.crowd.groupGroup which runs Crowd.
Type: string
Default: "crowd"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/crowd.nix>
|
services.crowd.homeHome directory of the Crowd instance.
Type: string
Default: "/var/lib/crowd"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/crowd.nix>
|
services.crowd.jrePackageNote that Atlassian only support the Oracle JRE (JRASERVER-46152).
Type: package
Default: pkgs.oraclejre8
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/crowd.nix>
|
services.crowd.listenAddressAddress to listen on.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/crowd.nix>
|
services.crowd.listenPortPort to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8092
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/crowd.nix>
|
services.crowd.openidPasswordApplication password for OpenID server.
Type: string
Default: "WILL_NEVER_BE_SET"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/crowd.nix>
|
services.crowd.openidPasswordFilePath to the file containing the application password for OpenID server.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/crowd.nix>
|
services.crowd.proxy.enableWhether to enable reverse proxy support.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/crowd.nix>
|
services.crowd.proxy.nameVirtual hostname at the proxy
Type: string
Example: "crowd.example.com"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/crowd.nix>
|
services.crowd.proxy.portPort used at the proxy
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 443
Example: 80
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/crowd.nix>
|
services.crowd.proxy.schemeProtocol used at the proxy.
Type: string
Default: "https"
Example: "http"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/crowd.nix>
|
services.crowd.proxy.secureWhether the connections to the proxy should be considered secure.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/crowd.nix>
|
services.crowd.userUser which runs Crowd.
Type: string
Default: "crowd"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/crowd.nix>
|
services.dante.enableWhether to enable Dante SOCKS proxy.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/dante.nix>
|
services.dante.configContents of Dante's configuration file. NOTE: user.privileged, user.unprivileged and logoutput are set by the service.
Type: strings concatenated with "\n"
Declared by:
<nixpkgs/nixos/modules/services/networking/dante.nix>
|
services.darkhttpd.enableWhether to enable DarkHTTPd web server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-servers/darkhttpd.nix>
|
services.darkhttpd.addressAddress to listen on.
Pass all to listen on all interfaces.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/darkhttpd.nix>
|
services.darkhttpd.extraArgsAdditional configuration passed to the executable.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/darkhttpd.nix>
|
services.darkhttpd.hideServerIdDon't identify the server type in headers or directory listings.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-servers/darkhttpd.nix>
|
services.darkhttpd.portPort to listen on. Pass 0 to let the system choose any free port for you.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 80
Declared by:
<nixpkgs/nixos/modules/services/web-servers/darkhttpd.nix>
|
services.darkhttpd.rootDirPath from which to serve files.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/web-servers/darkhttpd.nix>
|
services.das_watchdog.enableWhether to enable realtime watchdog.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/das_watchdog.nix>
|
services.datadog-agent.enableWhether to enable Datadog-agent v7 monitoring service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/datadog-agent.nix>
|
services.datadog-agent.enableLiveProcessCollectionWhether to enable the live process collection agent.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/datadog-agent.nix>
|
services.datadog-agent.enableTraceAgentWhether to enable the trace agent.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/datadog-agent.nix>
|
services.datadog-agent.packageWhich DataDog v7 agent package to use. Note that the provided
package is expected to have an overridable pythonPackages-attribute
which configures the Python environment with the Datadog
checks.
Type: package
Default: pkgs.datadog-agent
Declared by:
<nixpkgs/nixos/modules/services/monitoring/datadog-agent.nix>
|
services.datadog-agent.apiKeyFilePath to a file containing the Datadog API key to associate the agent with your account.
Type: path
Example: "/run/keys/datadog_api_key"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/datadog-agent.nix>
|
services.datadog-agent.checksConfiguration for all Datadog checks. Keys of this attribute
set will be used as the name of the check to create the
appropriate configuration in conf.d/$check.d/conf.yaml.
The configuration is converted into JSON from the plain Nix language configuration, meaning that you should write configuration adhering to Datadog's documentation - but in Nix language.
Refer to the implementation of this module (specifically the
definition of defaultChecks) for an example.
Note: The 'disk' and 'network' check are configured in separate options because they exist by default. Attempting to override their configuration here will have no effect.
Type: attribute set of (attribute set)
Default: { }
Example:
{
http_check = {
init_config = null;
instances = [
{
name = "some-service";
tags = [
"some-service"
];
url = "http://localhost:1337/healthz";
}
];
};
}Declared by:
<nixpkgs/nixos/modules/services/monitoring/datadog-agent.nix>
|
services.datadog-agent.ddUrlCustom dd_url to configure the agent with. Useful if traffic to datadog needs to go through a proxy. Don't use this to point to another datadog site (EU) - use site instead.
Type: null or string
Default: null
Example: "http://haproxy.example.com:3834"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/datadog-agent.nix>
|
services.datadog-agent.diskCheckDisk check config
Type: attribute set
Default:
{
init_config = { };
instances = [
{
use_mount = "false";
}
];
}Declared by:
<nixpkgs/nixos/modules/services/monitoring/datadog-agent.nix>
|
services.datadog-agent.extraConfigExtra configuration options that will be merged into the
main config file datadog.yaml.
Type: attribute set
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/monitoring/datadog-agent.nix>
|
services.datadog-agent.extraIntegrationsExtra integrations from the Datadog core-integrations repository that should be built and included.
By default the included integrations are disk, mongo, network, nginx and postgres.
To include additional integrations the name of the derivation and a function to filter its dependencies from the Python package set must be provided.
Type: attribute set
Default: { }
Example:
{
ntp = pythonPackages: [ pythonPackages.ntplib ];
}
Declared by:
<nixpkgs/nixos/modules/services/monitoring/datadog-agent.nix>
|
services.datadog-agent.hostnameThe hostname to show in the Datadog dashboard (optional)
Type: null or string
Default: null
Example: "mymachine.mydomain"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/datadog-agent.nix>
|
services.datadog-agent.logLevelLogging verbosity.
Type: null or one of "DEBUG", "INFO", "WARN", "ERROR"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/datadog-agent.nix>
|
services.datadog-agent.networkCheckNetwork check config
Type: attribute set
Default:
{
init_config = { };
instances = [
{
collect_connection_state = false;
excluded_interfaces = [
"lo"
"lo0"
];
}
];
}Declared by:
<nixpkgs/nixos/modules/services/monitoring/datadog-agent.nix>
|
services.datadog-agent.siteThe datadog site to point the agent towards. Set to datadoghq.eu to point it to their EU site.
Type: null or string
Default: null
Example: "datadoghq.eu"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/datadog-agent.nix>
|
services.datadog-agent.tagsThe tags to mark this Datadog agent
Type: null or (list of string)
Default: null
Example:
[ "test" "service" ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/datadog-agent.nix>
|
services.davfs2.enableWhether to enable davfs2.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/davfs2.nix>
|
services.davfs2.davGroupThe group of the running mount.davfs daemon. Ordinary users must be member of this group in order to mount a davfs2 file system. Value must be given as name, not as numerical id.
Type: string
Default: "davfs2"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/davfs2.nix>
|
services.davfs2.davUserWhen invoked by root the mount.davfs daemon will run as this user. Value must be given as name, not as numerical id.
Type: string
Default: "davfs2"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/davfs2.nix>
|
services.davfs2.extraConfigExtra lines appended to the configuration of davfs2.
Type: strings concatenated with "\n"
Default: ""
Example:
'' kernel_fs coda proxy foo.bar:8080 use_locks 0 ''
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/davfs2.nix>
|
services.davmail.enableWhether to enable davmail, an MS Exchange gateway.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/mail/davmail.nix>
|
services.davmail.configDavmail configuration. Refer to http://davmail.sourceforge.net/serversetup.html and http://davmail.sourceforge.net/advanced.html for details on supported values.
Type: davmail config type (str, int, bool or attribute set thereof)
Default: { }
Example:
{
davmail.allowRemote = true;
davmail.imapPort = 55555;
davmail.bindAddress = "10.0.1.2";
davmail.smtpSaveInSent = true;
davmail.folderSizeLimit = 10;
davmail.caldavAutoSchedule = false;
log4j.logger.rootLogger = "DEBUG";
}
Declared by:
<nixpkgs/nixos/modules/services/mail/davmail.nix>
|
services.davmail.urlOutlook Web Access URL to access the exchange server, i.e. the base webmail URL.
Type: string
Example: "https://outlook.office365.com/EWS/Exchange.asmx"
Declared by:
<nixpkgs/nixos/modules/services/mail/davmail.nix>
|
services.dbus.packagesPackages whose D-Bus configuration files should be included in
the configuration of the D-Bus system-wide or session-wide
message bus. Specifically, files in the following directories
will be included into their respective DBus configuration paths:
«pkg»/etc/dbus-1/system.d
«pkg»/share/dbus-1/system.d
«pkg»/share/dbus-1/system-services
«pkg»/etc/dbus-1/session.d
«pkg»/share/dbus-1/session.d
«pkg»/share/dbus-1/services
Type: list of path
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/system/dbus.nix>
|
services.dbus.apparmorAppArmor mode for dbus.
enabled enables mediation when it's
supported in the kernel, disabled
always disables AppArmor even with kernel support, and
required fails when AppArmor was not found
in the kernel.
Type: one of "enabled", "disabled", "required"
Default: "disabled"
Declared by:
<nixpkgs/nixos/modules/services/system/dbus.nix>
|
services.dbus.implementationThe implementation to use for the message bus defined by the D-Bus specification. Can be either the classic dbus daemon or dbus-broker, which aims to provide high performance and reliability, while keeping compatibility to the D-Bus reference implementation.
Type: one of "dbus", "broker"
Default: "dbus"
Declared by:
<nixpkgs/nixos/modules/services/system/dbus.nix>
|
services.ddccontrol.enableWhether to enable ddccontrol for controlling displays.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/hardware/ddccontrol.nix>
|
services.ddclient.enableWhether to synchronise your machine's IP address with a dynamic DNS provider (e.g. dyndns.org).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/ddclient.nix>
|
services.ddclient.packageThe ddclient executable package run by the service.
Type: package
Default: pkgs.ddclient
Declared by:
<nixpkgs/nixos/modules/services/networking/ddclient.nix>
|
services.ddclient.configFilePath to configuration file. When set this overrides the generated configuration from module options.
Type: null or path
Default: null
Example: "/root/nixos/secrets/ddclient.conf"
Declared by:
<nixpkgs/nixos/modules/services/networking/ddclient.nix>
|
services.ddclient.domainsDomain name(s) to synchronize.
Type: list of string
Default:
[ "" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/ddclient.nix>
|
services.ddclient.extraConfigExtra configuration. Contents will be added verbatim to the configuration file.
daemon should not be added here because it does not work great with the systemd-timer approach the service uses.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/ddclient.nix>
|
services.ddclient.intervalThe interval at which to run the check and update. See man 7 systemd.time for the format.
Type: string
Default: "10min"
Declared by:
<nixpkgs/nixos/modules/services/networking/ddclient.nix>
|
services.ddclient.ipv6Whether to use IPv6.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/ddclient.nix>
|
services.ddclient.passwordFileA file containing the password or a TSIG key in named format when using the nsupdate protocol.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/ddclient.nix>
|
services.ddclient.protocolProtocol to use with dynamic DNS provider (see https://sourceforge.net/p/ddclient/wiki/protocols).
Type: string
Default: "dyndns2"
Declared by:
<nixpkgs/nixos/modules/services/networking/ddclient.nix>
|
services.ddclient.quietPrint no messages for unnecessary updates.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/ddclient.nix>
|
services.ddclient.scriptscript as required by some providers.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/ddclient.nix>
|
services.ddclient.serverServer address.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/ddclient.nix>
|
services.ddclient.sslWhether to use SSL/TLS to connect to dynamic DNS provider.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/ddclient.nix>
|
services.ddclient.useMethod to determine the IP address to send to the dynamic DNS provider.
Type: string
Default: "web, web=checkip.dyndns.com/, web-skip='Current IP Address: '"
Declared by:
<nixpkgs/nixos/modules/services/networking/ddclient.nix>
|
services.ddclient.usernameUser name.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/ddclient.nix>
|
services.ddclient.verbosePrint verbose information.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/ddclient.nix>
|
services.ddclient.zonezone as required by some providers.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/ddclient.nix>
|
services.deliantra-server.enableIf enabled, the Deliantra game server will be started at boot.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/games/deliantra-server.nix>
|
services.deliantra-server.packageThe package to use for the Deliantra server (and map/arch data, if you don't change dataDir).
Type: package
Default: pkgs.deliantra-server
Declared by:
<nixpkgs/nixos/modules/services/games/deliantra-server.nix>
|
services.deliantra-server.configFilesContents of the server configuration files. These will be appended to the example configurations the server comes with and overwrite any default settings defined therein.
The example here is not comprehensive. See the files in /etc/deliantra-server after enabling this module for full documentation.
Type: attribute set of string
Default:
{
motd = "";
}Example:
{
dm_file = ''
admin:secret_password:localhost
alice:xyzzy:*
'';
motd = "Welcome to Deliantra!";
settings = ''
# Settings for game mechanics.
stat_loss_on_death true
armor_max_enchant 7
'';
config = ''
# Settings for the server daemon.
hiscore_url https://deliantra.example.net/scores/
max_map_reset 86400
'';
}
Declared by:
<nixpkgs/nixos/modules/services/games/deliantra-server.nix>
|
services.deliantra-server.dataDirWhere to store readonly data (maps, archetypes, sprites, etc). Note that if you plan to use the live map editor (rather than editing the maps offline and then nixos-rebuilding), THIS MUST BE WRITEABLE -- copy the deliantra-data someplace writeable (say, /var/lib/deliantra/data) and update this option accordingly.
Type: string
Default: "${pkgs.deliantra-data}"
Declared by:
<nixpkgs/nixos/modules/services/games/deliantra-server.nix>
|
services.deliantra-server.openFirewallWhether to open ports in the firewall for the server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/games/deliantra-server.nix>
|
services.deliantra-server.stateDirWhere to store runtime data (save files, persistent items, etc).
If left at the default, this will be automatically created on server
startup if it does not already exist. If changed, it is the admin's
responsibility to make sure that the directory exists and is writeable
by the crossfire user.
Type: string
Default: "/var/lib/deliantra"
Declared by:
<nixpkgs/nixos/modules/services/games/deliantra-server.nix>
|
services.deluge.enableWhether to enable Deluge daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/torrent/deluge.nix>
|
services.deluge.packageDeluge package to use.
Type: package
Example: pkgs.deluge-2_x
Declared by:
<nixpkgs/nixos/modules/services/torrent/deluge.nix>
|
services.deluge.authFileThe file managing the authentication for deluge, the format of this
file is straightforward, each line contains a
username:password:level tuple in plaintext. It only has an effect
when services.deluge.declarative is set to
true.
See https://dev.deluge-torrent.org/wiki/UserGuide/Authentication for
more information.
Type: path
Example: "/run/keys/deluge-auth"
Declared by:
<nixpkgs/nixos/modules/services/torrent/deluge.nix>
|
services.deluge.configDeluge core configuration for the core.conf file. Only has an effect
when services.deluge.declarative is set to
true. String values must be quoted, integer and
boolean values must not. See
https://git.deluge-torrent.org/deluge/tree/deluge/core/preferencesmanager.py#n41
for the available options.
Type: attribute set
Default: { }
Example:
{
download_location = "/srv/torrents/";
max_upload_speed = "1000.0";
share_ratio_limit = "2.0";
allow_remote = true;
daemon_port = 58846;
listen_ports = [ 6881 6889 ];
}
Declared by:
<nixpkgs/nixos/modules/services/torrent/deluge.nix>
|
services.deluge.dataDirThe directory where deluge will create files.
Type: path
Default: "/var/lib/deluge"
Declared by:
<nixpkgs/nixos/modules/services/torrent/deluge.nix>
|
services.deluge.declarativeWhether to use a declarative deluge configuration.
Only if set to true, the options
services.deluge.config,
services.deluge.openFirewall and
services.deluge.authFile will be
applied.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/torrent/deluge.nix>
|
services.deluge.extraPackagesExtra packages available at runtime to enable Deluge's plugins. For example, extraction utilities are required for the built-in "Extractor" plugin. This always contains unzip, gnutar, xz and bzip2.
Type: list of package
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/torrent/deluge.nix>
|
services.deluge.groupGroup under which deluge runs.
Type: string
Default: "deluge"
Declared by:
<nixpkgs/nixos/modules/services/torrent/deluge.nix>
|
services.deluge.openFilesLimitNumber of files to allow deluged to open.
Type: signed integer or string
Default: 4096
Declared by:
<nixpkgs/nixos/modules/services/torrent/deluge.nix>
|
services.deluge.openFirewallWhether to open the firewall for the ports in
services.deluge.config.listen_ports. It only takes effet if
services.deluge.declarative is set to
true.
It does NOT apply to the daemon port nor the web UI port. To access those ports secuerly check the documentation https://dev.deluge-torrent.org/wiki/UserGuide/ThinClient#CreateSSHTunnel or use a VPN or configure certificates for deluge.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/torrent/deluge.nix>
|
services.deluge.userUser account under which deluge runs.
Type: string
Default: "deluge"
Declared by:
<nixpkgs/nixos/modules/services/torrent/deluge.nix>
|
services.deluge.web.enableWhether to enable Deluge Web daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/torrent/deluge.nix>
|
services.deluge.web.openFirewallOpen ports in the firewall for deluge web daemon
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/torrent/deluge.nix>
|
services.deluge.web.portDeluge web UI port.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8112
Declared by:
<nixpkgs/nixos/modules/services/torrent/deluge.nix>
|
services.dendrite.enableWhether to enable matrix.org dendrite.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/matrix/dendrite.nix>
|
services.dendrite.environmentFileEnvironment file as defined in systemd.exec(5). Secrets may be passed to the service without adding them to the world-readable Nix store, by specifying placeholder variables as the option value in Nix and setting these variables accordingly in the environment file. Currently only used for the registration secret to allow secure registration when client_api.registration_disabled is true.
# snippet of dendrite-related config services.dendrite.settings.client_api.registration_shared_secret = "$REGISTRATION_SHARED_SECRET";
# content of the environment file REGISTRATION_SHARED_SECRET=verysecretpassword
Note that this file needs to be available on the host on which
dendrite is running.
Type: null or path
Default: null
Example: "/var/lib/dendrite/registration_secret"
Declared by:
<nixpkgs/nixos/modules/services/matrix/dendrite.nix>
|
services.dendrite.httpPortThe port to listen for HTTP requests on.
Type: null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8008
Declared by:
<nixpkgs/nixos/modules/services/matrix/dendrite.nix>
|
services.dendrite.httpsPortThe port to listen for HTTPS requests on.
Type: null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/matrix/dendrite.nix>
|
services.dendrite.loadCredentialThis can be used to pass secrets to the systemd service without adding them to
the nix store.
To use the example setting, see the example of
services.dendrite.settings.global.private_key.
See the LoadCredential section of systemd.exec manual for more information.
Type: list of string
Default: [ ]
Example:
[ "private_key:/path/to/my_private_key" ]
Declared by:
<nixpkgs/nixos/modules/services/matrix/dendrite.nix>
|
services.dendrite.openRegistrationAllow open registration without secondary verification (reCAPTCHA).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/matrix/dendrite.nix>
|
services.dendrite.settingsConfiguration for dendrite, see: https://github.com/matrix-org/dendrite/blob/master/dendrite-config.yaml for available options with which to populate settings.
Type: YAML value
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/matrix/dendrite.nix>
|
services.dendrite.settings.app_service_api.database.connection_stringDatabase for the Appservice API.
Type: string
Default: "file:federationapi.db"
Declared by:
<nixpkgs/nixos/modules/services/matrix/dendrite.nix>
|
services.dendrite.settings.client_api.registration_disabledWhether to disable user registration to the server without the shared secret.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/matrix/dendrite.nix>
|
services.dendrite.settings.federation_api.database.connection_stringDatabase for the Federation API.
Type: string
Default: "file:federationapi.db"
Declared by:
<nixpkgs/nixos/modules/services/matrix/dendrite.nix>
|
services.dendrite.settings.global.private_keyThe path to the signing private key file, used to sign requests and events.
nix-shell -p dendrite --command "generate-keys --private-key matrix_key.pem"
Type: path or string matching the pattern ^\$CREDENTIALS_DIRECTORY/.+
Example: "$CREDENTIALS_DIRECTORY/private_key"
Declared by:
<nixpkgs/nixos/modules/services/matrix/dendrite.nix>
|
services.dendrite.settings.global.server_nameThe domain name of the server, with optional explicit port. This is used by remote servers to connect to this server. This is also the last part of your UserID.
Type: string
Example: "example.com"
Declared by:
<nixpkgs/nixos/modules/services/matrix/dendrite.nix>
|
services.dendrite.settings.global.trusted_third_party_id_serversLists of domains that the server will trust as identity servers to verify third party identifiers such as phone numbers and email addresses
Type: list of string
Default:
[ "matrix.org" "vector.im" ]
Example:
[ "matrix.org" ]
Declared by:
<nixpkgs/nixos/modules/services/matrix/dendrite.nix>
|
services.dendrite.settings.key_server.database.connection_stringDatabase for the Key Server (for end-to-end encryption).
Type: string
Default: "file:keyserver.db"
Declared by:
<nixpkgs/nixos/modules/services/matrix/dendrite.nix>
|
services.dendrite.settings.media_api.base_pathStorage path for uploaded media.
Type: string
Default: "/var/lib/dendrite/media_store"
Declared by:
<nixpkgs/nixos/modules/services/matrix/dendrite.nix>
|
services.dendrite.settings.media_api.database.connection_stringDatabase for the Media API.
Type: string
Default: "file:mediaapi.db"
Declared by:
<nixpkgs/nixos/modules/services/matrix/dendrite.nix>
|
services.dendrite.settings.mscs.database.connection_stringDatabase for exerimental MSC's.
Type: string
Default: "file:mscs.db"
Declared by:
<nixpkgs/nixos/modules/services/matrix/dendrite.nix>
|
services.dendrite.settings.room_server.database.connection_stringDatabase for the Room Server.
Type: string
Default: "file:roomserver.db"
Declared by:
<nixpkgs/nixos/modules/services/matrix/dendrite.nix>
|
services.dendrite.settings.sync_api.database.connection_stringDatabase for the Sync API.
Type: string
Default: "file:syncserver.db"
Declared by:
<nixpkgs/nixos/modules/services/matrix/dendrite.nix>
|
services.dendrite.settings.sync_api.search.enableWhether to enable Dendrite's full-text search engine.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/matrix/dendrite.nix>
|
services.dendrite.settings.sync_api.search.index_pathThe path the search index will be created in.
Type: string
Default: "/var/lib/dendrite/searchindex"
Declared by:
<nixpkgs/nixos/modules/services/matrix/dendrite.nix>
|
services.dendrite.settings.sync_api.search.languageThe language most likely to be used on the server - used when indexing, to ensure the returned results match expectations. A full list of possible languages can be found at https://github.com/blevesearch/bleve/tree/master/analysis/lang
Type: string
Default: "en"
Declared by:
<nixpkgs/nixos/modules/services/matrix/dendrite.nix>
|
services.dendrite.settings.user_api.account_database.connection_stringDatabase for the User API, accounts.
Type: string
Default: "file:userapi_accounts.db"
Declared by:
<nixpkgs/nixos/modules/services/matrix/dendrite.nix>
|
services.dendrite.settings.user_api.device_database.connection_stringDatabase for the User API, devices.
Type: string
Default: "file:userapi_devices.db"
Declared by:
<nixpkgs/nixos/modules/services/matrix/dendrite.nix>
|
services.dendrite.tlsCertThe path to the TLS certificate.
nix-shell -p dendrite --command "generate-keys --tls-cert server.crt --tls-key server.key"
Type: null or path
Default: null
Example: "/var/lib/dendrite/server.cert"
Declared by:
<nixpkgs/nixos/modules/services/matrix/dendrite.nix>
|
services.dendrite.tlsKeyThe path to the TLS key.
nix-shell -p dendrite --command "generate-keys --tls-cert server.crt --tls-key server.key"
Type: null or path
Default: null
Example: "/var/lib/dendrite/server.key"
Declared by:
<nixpkgs/nixos/modules/services/matrix/dendrite.nix>
|
services.devmon.enableWhether to enable devmon, an automatic device mounting daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/devmon.nix>
|
services.dex.enableWhether to enable the OpenID Connect and OAuth2 identity provider.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dex.nix>
|
services.dex.environmentFileEnvironment file (see systemd.exec(5)
"EnvironmentFile=" section for the syntax) to define variables for dex.
This option can be used to safely include secret keys into the dex configuration.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dex.nix>
|
services.dex.settingsThe available options can be found in the example configuration.
It's also possible to refer to environment variables (defined in services.dex.environmentFile)
using the syntax $VARIABLE_NAME.
Type: YAML value
Default: { }
Example:
{
# External url
issuer = "http://127.0.0.1:5556/dex";
storage = {
type = "postgres";
config.host = "/var/run/postgres";
};
web = {
http = "127.0.0.1:5556";
};
enablePasswordDB = true;
staticClients = [
{
id = "oidcclient";
name = "Client";
redirectURIs = [ "https://example.com/callback" ];
secretFile = "/etc/dex/oidcclient"; # The content of `secretFile` will be written into to the config as `secret`.
}
];
}
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dex.nix>
|
services.dgraph.enableWhether to enable Dgraph native GraphQL database with a graph backend.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/databases/dgraph.nix>
|
services.dgraph.packageThe dgraph package to use.
Type: package
Default: pkgs.dgraph
Declared by:
<nixpkgs/nixos/modules/services/databases/dgraph.nix>
|
services.dgraph.alpha.hostThe host which dgraph alpha will be run on.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/databases/dgraph.nix>
|
services.dgraph.alpha.portThe port which to run dgraph alpha on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 7080
Declared by:
<nixpkgs/nixos/modules/services/databases/dgraph.nix>
|
services.dgraph.settingsContents of the dgraph config. For more details see https://dgraph.io/docs/deploy/config
Type: JSON value
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/databases/dgraph.nix>
|
services.dgraph.zero.hostThe host which dgraph zero will be run on.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/databases/dgraph.nix>
|
services.dgraph.zero.portThe port which to run dgraph zero on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 5080
Declared by:
<nixpkgs/nixos/modules/services/databases/dgraph.nix>
|
services.dhcpd4.enableWhether to enable the DHCPv4 server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpd.nix>
|
services.dhcpd4.authoritativeWhether the DHCP server shall send DHCPNAK messages to misconfigured clients. If this is not done, clients may be unable to get a correct IP address after changing subnets until their old lease has expired.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpd.nix>
|
services.dhcpd4.configFileThe path of the DHCP server configuration file. If no file is specified, a file is generated using the other options.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpd.nix>
|
services.dhcpd4.extraConfigExtra text to be appended to the DHCP server configuration file. Currently, you almost certainly need to specify something there, such as the options specifying the subnet mask, DNS servers, etc.
Type: strings concatenated with "\n"
Default: ""
Example:
''
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.1.255;
option routers 192.168.1.5;
option domain-name-servers 130.161.158.4, 130.161.33.17, 130.161.180.1;
option domain-name "example.org";
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.100 192.168.1.200;
}
''Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpd.nix>
|
services.dhcpd4.extraFlagsAdditional command line flags to be passed to the dhcpd daemon.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpd.nix>
|
services.dhcpd4.interfacesThe interfaces on which the DHCP server should listen.
Type: list of string
Default:
[ "eth0" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpd.nix>
|
services.dhcpd4.machinesA list mapping Ethernet addresses to IPv4 addresses for the DHCP server.
Type: list of (submodule)
Default: [ ]
Example:
[
{
ethernetAddress = "00:16:76:9a:32:1d";
hostName = "foo";
ipAddress = "192.168.1.10";
}
{
ethernetAddress = "00:19:d1:1d:c4:9a";
hostName = "bar";
ipAddress = "192.168.1.11";
}
]Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpd.nix>
|
services.dhcpd4.machines.*.ethernetAddressMAC address of the machine.
Type: string
Example: "00:16:76:9a:32:1d"
Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpd.nix>
|
services.dhcpd4.machines.*.hostNameHostname which is assigned statically to the machine.
Type: string
Example: "foo"
Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpd.nix>
|
services.dhcpd4.machines.*.ipAddressIP address of the machine.
Type: string
Example: "192.168.1.10"
Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpd.nix>
|
services.dhcpd6.enableWhether to enable the DHCPv6 server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpd.nix>
|
services.dhcpd6.authoritativeWhether the DHCP server shall send DHCPNAK messages to misconfigured clients. If this is not done, clients may be unable to get a correct IP address after changing subnets until their old lease has expired.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpd.nix>
|
services.dhcpd6.configFileThe path of the DHCP server configuration file. If no file is specified, a file is generated using the other options.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpd.nix>
|
services.dhcpd6.extraConfigExtra text to be appended to the DHCP server configuration file. Currently, you almost certainly need to specify something there, such as the options specifying the subnet mask, DNS servers, etc.
Type: strings concatenated with "\n"
Default: ""
Example:
''
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.1.255;
option routers 192.168.1.5;
option domain-name-servers 130.161.158.4, 130.161.33.17, 130.161.180.1;
option domain-name "example.org";
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.100 192.168.1.200;
}
''Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpd.nix>
|
services.dhcpd6.extraFlagsAdditional command line flags to be passed to the dhcpd daemon.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpd.nix>
|
services.dhcpd6.interfacesThe interfaces on which the DHCP server should listen.
Type: list of string
Default:
[ "eth0" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpd.nix>
|
services.dhcpd6.machinesA list mapping Ethernet addresses to IPv6 addresses for the DHCP server.
Type: list of (submodule)
Default: [ ]
Example:
[
{
ethernetAddress = "00:16:76:9a:32:1d";
hostName = "foo";
ipAddress = "192.168.1.10";
}
{
ethernetAddress = "00:19:d1:1d:c4:9a";
hostName = "bar";
ipAddress = "192.168.1.11";
}
]Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpd.nix>
|
services.dhcpd6.machines.*.ethernetAddressMAC address of the machine.
Type: string
Example: "00:16:76:9a:32:1d"
Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpd.nix>
|
services.dhcpd6.machines.*.hostNameHostname which is assigned statically to the machine.
Type: string
Example: "foo"
Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpd.nix>
|
services.dhcpd6.machines.*.ipAddressIP address of the machine.
Type: string
Example: "192.168.1.10"
Declared by:
<nixpkgs/nixos/modules/services/networking/dhcpd.nix>
|
services.dictd.enableWhether to enable the DICT.org dictionary server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/dictd.nix>
|
services.dictd.DBsList of databases to make available.
Type: list of package
Default: with pkgs.dictdDBs; [ wiktionary wordnet ]
Example: [ pkgs.dictdDBs.nld2eng ]
Declared by:
<nixpkgs/nixos/modules/services/misc/dictd.nix>
|
services.diod.enableWhether to enable the diod 9P file server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/diod.nix>
|
services.diod.allsquashRemap all users to "nobody". The attaching user need not be present in the password file.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/diod.nix>
|
services.diod.authRequiredAllow clients to connect without authentication, i.e. without a valid MUNGE credential.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/diod.nix>
|
services.diod.exportallExport all file systems listed in /proc/mounts. If new file systems are mounted after diod has started, they will become immediately mountable. If there is a duplicate entry for a file system in the exports list, any options listed in the exports entry will apply.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/diod.nix>
|
services.diod.exportoptsEstablish a default set of export options. These are overridden, not appended to, by opts attributes in an "exports" entry.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/diod.nix>
|
services.diod.exportsList the file systems that clients will be allowed to mount. All paths should be fully qualified. The exports table can include two types of element: a string element (as above), or an alternate table element form { path="/path", opts="ro" }. In the alternate form, the (optional) opts attribute is a comma-separated list of export options. The two table element forms can be mixed in the exports table. Note that although diod will not traverse file system boundaries for a given mount due to inode uniqueness constraints, subdirectories of a file system can be separately exported.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/diod.nix>
|
services.diod.extraConfigExtra configuration options for diod.conf.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/diod.nix>
|
services.diod.listen[ "IP:PORT" [,"IP:PORT",...] ] List the interfaces and ports that diod should listen on.
Type: list of string
Default:
[ "0.0.0.0:564" ]
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/diod.nix>
|
services.diod.logdestSet the destination for logging. The value has the form of "syslog:facility:level" or "filename".
Type: string
Default: "syslog:daemon:err"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/diod.nix>
|
services.diod.nwthreadsSets the (fixed) number of worker threads created to handle 9P requests for a unique aname.
Type: signed integer
Default: 16
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/diod.nix>
|
services.diod.squashuserChange the squash user. The squash user must be present in the password file.
Type: string
Default: "nobody"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/diod.nix>
|
services.diod.statfsPassthruThis option configures statfs to return the host file system's type rather than V9FS_MAGIC.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/diod.nix>
|
services.diod.userdbThis option disables password/group lookups. It allows any uid to attach and assumes gid=uid, and supplementary groups contain only the primary gid.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/diod.nix>
|
services.discourse.enableWhether to enable Discourse, an open source discussion platform.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
|
services.discourse.enableACMEWhether an ACME certificate should be used to secure connections to the server.
Type: boolean
Default: true, unless services.discourse.sslCertificate
and services.discourse.sslCertificateKey are set.
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
|
services.discourse.packageThe discourse package to use.
Type: package
Default: pkgs.discourse
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
|
services.discourse.admin.emailThe admin user email address.
Type: string
Example: "admin@example.com"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
|
services.discourse.admin.fullNameThe admin user's full name.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
|
services.discourse.admin.passwordFileA path to a file containing the admin user's password.
This should be a string, not a nix path, since nix paths are copied into the world-readable nix store.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
|
services.discourse.admin.skipCreateDo not create the admin account, instead rely on other existing admin accounts.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
|
services.discourse.admin.usernameThe admin user username.
Type: string
Example: "admin"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
|
services.discourse.backendSettingsAdditional settings to put in the
discourse.conf file.
Look in the discourse_defaults.conf file in the upstream distribution to find available options.
Setting an option to null means
“define variable, but leave right-hand side empty”.
Type: attribute set of (null or string or signed integer or boolean or floating point number)
Default: { }
Example:
{
max_reqs_per_ip_per_minute = 300;
max_reqs_per_ip_per_10_seconds = 60;
max_asset_reqs_per_ip_per_10_seconds = 250;
max_reqs_per_ip_mode = "warn+block";
};
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
|
services.discourse.database.createLocallyWhether a database should be automatically created on the
local host. Set this to false if you plan
on provisioning a local database yourself. This has no effect
if services.discourse.database.host is customized.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
|
services.discourse.database.hostDiscourse database hostname. null means
“prefer local unix socket connection”.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
|
services.discourse.database.ignorePostgresqlVersionWhether to allow other versions of PostgreSQL than the
recommended one. Only effective when
services.discourse.database.createLocally
is enabled.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
|
services.discourse.database.nameDiscourse database name.
Type: string
Default: "discourse"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
|
services.discourse.database.passwordFileFile containing the Discourse database user password.
This should be a string, not a nix path, since nix paths are copied into the world-readable nix store.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
|
services.discourse.database.poolDatabase connection pool size.
Type: signed integer
Default: 8
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
|
services.discourse.database.usernameDiscourse database user.
Type: string
Default: "discourse"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
|
services.discourse.hostnameThe hostname to serve Discourse on.
Type: string
Default: config.networking.fqdnOrHostName
Example: "discourse.example.com"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
|
services.discourse.mail.contactEmailAddressEmail address of key contact responsible for this
site. Used for critical notifications, as well as on the
/about contact form for urgent matters.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
|
services.discourse.mail.incoming.enableWhether to set up Postfix to receive incoming mail.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
|
services.discourse.mail.incoming.apiKeyFileA file containing the Discourse API key used to add
posts and messages from mail. If left at its default
value null, one will be automatically
generated.
This should be a string, not a nix path, since nix paths are copied into the world-readable nix store.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
|
services.discourse.mail.incoming.mailReceiverPackageThe discourse-mail-receiver package to use.
Type: package
Default: pkgs.discourse-mail-receiver
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
|
services.discourse.mail.incoming.replyEmailAddressTemplate for reply by email incoming email address, for example: %{reply_key}@reply.example.com or replies+%{reply_key}@example.com
Type: string
Default: "%{reply_key}@${config.services.discourse.hostname}"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
|
services.discourse.mail.notificationEmailAddressThe from: email address used when
sending all essential system emails. The domain specified
here must have SPF, DKIM and reverse PTR records set
correctly for email to arrive.
Type: string
Default:
"${if config.services.discourse.mail.incoming.enable then "notifications" else "noreply"}@${config.services.discourse.hostname}"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
|
services.discourse.mail.outgoing.enableStartTLSAutoWhether to try to use StartTLS.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
|
services.discourse.mail.outgoing.authenticationAuthentication type to use, see http://api.rubyonrails.org/classes/ActionMailer/Base.html
Type: null or one of "plain", "login", "cram_md5"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
|
services.discourse.mail.outgoing.domainHELO domain to use for outgoing mail.
Type: string
Default: config.services.discourse.hostname
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
|
services.discourse.mail.outgoing.forceTLSForce implicit TLS as per RFC 8314 3.3.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
|
services.discourse.mail.outgoing.opensslVerifyModeHow OpenSSL checks the certificate, see http://api.rubyonrails.org/classes/ActionMailer/Base.html
Type: string
Default: "peer"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
|
services.discourse.mail.outgoing.passwordFileA file containing the password of the SMTP server account.
This should be a string, not a nix path, since nix paths are copied into the world-readable nix store.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
|
services.discourse.mail.outgoing.portThe port of the SMTP server Discourse should use to send email.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 25
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
|
services.discourse.mail.outgoing.serverAddressThe address of the SMTP server Discourse should use to send email.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
|
services.discourse.mail.outgoing.usernameThe username of the SMTP server.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
|
services.discourse.nginx.enableWhether an nginx virtual host should be
set up to serve Discourse. Only disable if you're planning
to use a different web server, which is not recommended.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
|
services.discourse.pluginsPlugins to install as part of Discourse, expressed as a list of derivations.
Type: list of package
Default: [ ]
Example:
with config.services.discourse.package.plugins; [ discourse-canned-replies discourse-github ];
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
|
services.discourse.redis.dbNumberRedis database number.
Type: signed integer
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
|
services.discourse.redis.hostRedis server hostname.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
|
services.discourse.redis.passwordFileFile containing the Redis password.
This should be a string, not a nix path, since nix paths are copied into the world-readable nix store.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
|
services.discourse.redis.useSSLConnect to Redis with SSL.
Type: boolean
Default: config.services.discourse.redis.host != "localhost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
|
services.discourse.secretKeyBaseFileThe path to a file containing the
secret_key_base secret.
Discourse uses secret_key_base to encrypt
the cookie store, which contains session data, and to digest
user auth tokens.
Needs to be a 64 byte long string of hexadecimal characters. You can generate one by running
openssl rand -hex 64 >/path/to/secret_key_base_file
This should be a string, not a nix path, since nix paths are copied into the world-readable nix store.
Type: null or path
Default: null
Example: "/run/keys/secret_key_base"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
|
services.discourse.sidekiqProcessesHow many Sidekiq processes should be spawned.
Type: signed integer
Default: 1
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
|
services.discourse.siteSettingsDiscourse site settings. These are the settings that can be changed from the UI. This only defines their default values: they can still be overridden from the UI.
Available settings can be found by looking in the site_settings.yml file of the upstream distribution. To find a setting's path, you only need to care about the first two levels; i.e. its category and name. See the example.
Settings containing secret data should be set to an
attribute set containing the attribute
_secret - a string pointing to a file
containing the value the option should be set to. See the
example to get a better picture of this: in the resulting
config/nixos_site_settings.json file,
the login.github_client_secret key will
be set to the contents of the
/run/keys/discourse_github_client_secret
file.
Type: JSON value
Default: { }
Example:
{
required = {
title = "My Cats";
site_description = "Discuss My Cats (and be nice plz)";
};
login = {
enable_github_logins = true;
github_client_id = "a2f6dfe838cb3206ce20";
github_client_secret._secret = /run/keys/discourse_github_client_secret;
};
};
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
|
services.discourse.sslCertificateThe path to the server SSL certificate. Set this to enable SSL.
Type: null or path
Default: null
Example: "/run/keys/ssl.cert"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
|
services.discourse.sslCertificateKeyThe path to the server SSL certificate key. Set this to enable SSL.
Type: null or path
Default: null
Example: "/run/keys/ssl.key"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
|
services.discourse.unicornTimeoutTime in seconds before a request to Unicorn times out.
This can be raised if the system Discourse is running on is too slow to handle many requests within 30 seconds.
Type: signed integer
Default: 30
Declared by:
<nixpkgs/nixos/modules/services/web-apps/discourse.nix>
|
services.disnix.enableWhether to enable Disnix.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/disnix.nix>
|
services.disnix.enableMultiUserWhether to support multi-user mode by enabling the Disnix D-Bus service
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/misc/disnix.nix>
|
services.disnix.enableProfilePathWhether to enable exposing the Disnix profiles in the system's PATH.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/disnix.nix>
|
services.disnix.packageThe Disnix package
Type: path
Default: pkgs.disnix
Declared by:
<nixpkgs/nixos/modules/services/misc/disnix.nix>
|
services.disnix.profilesNames of the Disnix profiles to expose in the system's PATH
Type: list of string
Default:
[ "default" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/disnix.nix>
|
services.disnix.useWebServiceInterfaceWhether to enable the DisnixWebService interface running on Apache Tomcat.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/disnix.nix>
|
services.distccd.enableWhether to enable distccd.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/development/distccd.nix>
|
services.distccd.packageThe distcc package to use.
Type: package
Default: pkgs.distcc
Declared by:
<nixpkgs/nixos/modules/services/development/distccd.nix>
|
services.distccd.allowedClientsClient IPs which are allowed to connect to distccd in CIDR notation.
Anyone who can connect to the distccd server can run arbitrary commands on that system as the distcc user, therefore you should use this judiciously.
Type: list of string
Default:
[ "127.0.0.1" ]
Example:
[ "127.0.0.1" "192.168.0.0/24" "10.0.0.0/24" ]
Declared by:
<nixpkgs/nixos/modules/services/development/distccd.nix>
|
services.distccd.jobTimeoutMaximum duration, in seconds, of a single compilation request.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/development/distccd.nix>
|
services.distccd.logLevelSet the minimum severity of error that will be included in the log file. Useful if you only want to see error messages rather than an entry for each connection.
Type: null or one of "critical", "error", "warning", "notice", "info", "debug"
Default: "warning"
Declared by:
<nixpkgs/nixos/modules/services/development/distccd.nix>
|
services.distccd.maxJobsMaximum number of tasks distccd should execute at any time.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/development/distccd.nix>
|
services.distccd.niceNiceness of the compilation tasks.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/development/distccd.nix>
|
services.distccd.openFirewallOpens the specified TCP port for distcc.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/development/distccd.nix>
|
services.distccd.portThe TCP port which distccd will listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 3632
Declared by:
<nixpkgs/nixos/modules/services/development/distccd.nix>
|
services.distccd.stats.enableWhether to enable statistics reporting via HTTP server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/development/distccd.nix>
|
services.distccd.stats.portThe TCP port which the distccd statistics HTTP server will listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 3633
Declared by:
<nixpkgs/nixos/modules/services/development/distccd.nix>
|
services.distccd.zeroconfWhether to register via mDNS/DNS-SD
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/development/distccd.nix>
|
services.dkimproxy-out.enableWhether to enable dkimproxy_out.
Note that a key will be auto-generated, and can be found in /var/lib/dkimproxy-out.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/mail/dkimproxy-out.nix>
|
services.dkimproxy-out.domainsList of domains DKIMproxy can sign for.
Type: list of string
Example:
[ "example.org" "example.com" ]
Declared by:
<nixpkgs/nixos/modules/services/mail/dkimproxy-out.nix>
|
services.dkimproxy-out.keySizeSize of the RSA key to use to sign outgoing emails. Note that the maximum mandatorily verified as per RFC6376 is 2048.
Type: signed integer
Default: 2048
Declared by:
<nixpkgs/nixos/modules/services/mail/dkimproxy-out.nix>
|
services.dkimproxy-out.listenAddress:port DKIMproxy should listen on.
Type: string
Example: "127.0.0.1:10027"
Declared by:
<nixpkgs/nixos/modules/services/mail/dkimproxy-out.nix>
|
services.dkimproxy-out.relayAddress:port DKIMproxy should forward mail to.
Type: string
Example: "127.0.0.1:10028"
Declared by:
<nixpkgs/nixos/modules/services/mail/dkimproxy-out.nix>
|
services.dkimproxy-out.selectorThe selector to use for DKIM key identification.
For example, if 'selector1' is used here, then for each domain
'example.org' given in domain, 'selector1._domainkey.example.org'
should contain the TXT record indicating the public key is the one
in /var/lib/dkimproxy-out/public.key: "v=DKIM1; t=s; p=[THE PUBLIC KEY]".
Type: string
Example: "selector1"
Declared by:
<nixpkgs/nixos/modules/services/mail/dkimproxy-out.nix>
|
services.dleyna-renderer.enableWhether to enable dleyna-renderer service, a DBus service for handling DLNA renderers.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/desktops/dleyna-renderer.nix>
|
services.dleyna-server.enableWhether to enable dleyna-server service, a DBus service for handling DLNA servers.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/desktops/dleyna-server.nix>
|
services.dnscache.enableWhether to run the dnscache caching dns server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/dnscache.nix>
|
services.dnscache.clientIpsClient IP addresses (or prefixes) from which to accept connections.
Type: list of string
Default:
[ "127.0.0.1" ]
Example:
[ "192.168" "172.23.75.82" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/dnscache.nix>
|
services.dnscache.domainServersTable of {hostname: server} pairs to use as authoritative servers for hosts (and subhosts). If entry for @ is not specified predefined list of root servers is used.
Type: attribute set of list of string
Default: { }
Example:
{
"@" = ["8.8.8.8" "8.8.4.4"];
"example.com" = ["192.168.100.100"];
}
Declared by:
<nixpkgs/nixos/modules/services/networking/dnscache.nix>
|
services.dnscache.forwardOnlyWhether to treat root servers (for @) as caching servers, requesting addresses the same way a client does. This is needed if you want to use e.g. Google DNS as your upstream DNS.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/dnscache.nix>
|
services.dnscache.ipIP address on which to listen for connections.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/networking/dnscache.nix>
|
services.dnscrypt-proxy2.enableWhether to enable dnscrypt-proxy2.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/dnscrypt-proxy2.nix>
|
services.dnscrypt-proxy2.configFilePath to TOML config file. See: https://github.com/DNSCrypt/dnscrypt-proxy/blob/master/dnscrypt-proxy/example-dnscrypt-proxy.toml If this option is set, it will override any configuration done in options.services.dnscrypt-proxy2.settings.
Type: path
Default: TOML file generated from services.dnscrypt-proxy2.settings
Example: "/etc/dnscrypt-proxy/dnscrypt-proxy.toml"
Declared by:
<nixpkgs/nixos/modules/services/networking/dnscrypt-proxy2.nix>
|
services.dnscrypt-proxy2.settingsAttrset that is converted and passed as TOML config file. For available params, see: https://github.com/DNSCrypt/dnscrypt-proxy/blob/2.1.2/dnscrypt-proxy/example-dnscrypt-proxy.toml
Type: attribute set
Default: { }
Example:
{
sources.public-resolvers = {
urls = [ "https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md" ];
cache_file = "public-resolvers.md";
minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3";
refresh_delay = 72;
};
}
Declared by:
<nixpkgs/nixos/modules/services/networking/dnscrypt-proxy2.nix>
|
services.dnscrypt-proxy2.upstreamDefaultsWhether to base the config declared in services.dnscrypt-proxy2.settings on the upstream example config (https://github.com/DNSCrypt/dnscrypt-proxy/blob/master/dnscrypt-proxy/example-dnscrypt-proxy.toml)
Disable this if you want to declare your dnscrypt config from scratch.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/dnscrypt-proxy2.nix>
|
services.dnscrypt-wrapper.enableWhether to enable DNSCrypt wrapper.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/dnscrypt-wrapper.nix>
|
services.dnscrypt-wrapper.addressThe DNSCrypt wrapper will bind to this IP address.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/dnscrypt-wrapper.nix>
|
services.dnscrypt-wrapper.keys.checkIntervalThe time interval (in minutes) between key expiration checks.
Type: signed integer
Default: 1440
Declared by:
<nixpkgs/nixos/modules/services/networking/dnscrypt-wrapper.nix>
|
services.dnscrypt-wrapper.keys.expirationThe duration (in days) of the time-limited secret key. This will be automatically rotated before expiration.
Type: signed integer
Default: 30
Declared by:
<nixpkgs/nixos/modules/services/networking/dnscrypt-wrapper.nix>
|
services.dnscrypt-wrapper.portThe DNSCrypt wrapper will listen for DNS queries on this port.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 5353
Declared by:
<nixpkgs/nixos/modules/services/networking/dnscrypt-wrapper.nix>
|
services.dnscrypt-wrapper.providerKey.publicThe filepath to the provider public key. If not given a new provider key pair will be generated on the first run.
Type: null or path
Default: null
Example: "/etc/secrets/public.key"
Declared by:
<nixpkgs/nixos/modules/services/networking/dnscrypt-wrapper.nix>
|
services.dnscrypt-wrapper.providerKey.secretThe filepath to the provider secret key. If not given a new provider key pair will be generated on the first run.
Type: null or path
Default: null
Example: "/etc/secrets/secret.key"
Declared by:
<nixpkgs/nixos/modules/services/networking/dnscrypt-wrapper.nix>
|
services.dnscrypt-wrapper.providerNameThe name that will be given to this DNSCrypt resolver.
Note: the resolver name must start with 2.dnscrypt-cert..
Type: string
Default: "2.dnscrypt-cert.${config.networking.hostName}"
Example: "2.dnscrypt-cert.myresolver"
Declared by:
<nixpkgs/nixos/modules/services/networking/dnscrypt-wrapper.nix>
|
services.dnscrypt-wrapper.upstream.addressThe IP address of the upstream DNS server DNSCrypt will "wrap".
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/dnscrypt-wrapper.nix>
|
services.dnscrypt-wrapper.upstream.portThe port of the upstream DNS server DNSCrypt will "wrap".
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 53
Declared by:
<nixpkgs/nixos/modules/services/networking/dnscrypt-wrapper.nix>
|
services.dnsdist.enableWhether to enable dnsdist domain name server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/dnsdist.nix>
|
services.dnsdist.extraConfigExtra lines to be added verbatim to dnsdist.conf.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/dnsdist.nix>
|
services.dnsdist.listenAddressListen IP Address
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/networking/dnsdist.nix>
|
services.dnsdist.listenPortListen port
Type: signed integer
Default: 53
Declared by:
<nixpkgs/nixos/modules/services/networking/dnsdist.nix>
|
services.dnsmasq.enableWhether to run dnsmasq.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/dnsmasq.nix>
|
services.dnsmasq.alwaysKeepRunningIf enabled, systemd will always respawn dnsmasq even if shut down manually. The default, disabled, will only restart it on error.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/dnsmasq.nix>
|
services.dnsmasq.extraConfigExtra configuration directives that should be added to
dnsmasq.conf.
This option is deprecated, please use settings instead.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/dnsmasq.nix>
|
services.dnsmasq.resolveLocalQueriesWhether dnsmasq should resolve local queries (i.e. add 127.0.0.1 to /etc/resolv.conf).
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/dnsmasq.nix>
|
services.dnsmasq.settingsConfiguration of dnsmasq. Lists get added one value per line (empty lists and false values don't get added, though false values get turned to comments). Gets merged with
{
dhcp-leasefile = "/var/lib/dnsmasq/dnsmasq.leases";
conf-file = optional cfg.resolveLocalQueries "/etc/dnsmasq-conf.conf";
resolv-file = optional cfg.resolveLocalQueries "/etc/dnsmasq-resolv.conf";
}
Type: attribute set of (atom (null, bool, int, float or string) or a list of them for duplicate keys)
Default: { }
Example:
{
domain-needed = true;
dhcp-range = [ "192.168.0.2,192.168.0.254" ];
}
Declared by:
<nixpkgs/nixos/modules/services/networking/dnsmasq.nix>
|
services.dnsmasq.settings.serverThe DNS servers which dnsmasq should query.
Type: list of string
Default: [ ]
Example:
[ "8.8.8.8" "8.8.4.4" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/dnsmasq.nix>
|
services.do-agent.enableWhether to enable do-agent, the DigitalOcean droplet metrics agent.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/do-agent.nix>
|
services.dockerRegistry.enableWhether to enable Docker Registry.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/docker-registry.nix>
|
services.dockerRegistry.enableDeleteEnable delete for manifests and blobs.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/docker-registry.nix>
|
services.dockerRegistry.enableGarbageCollectWhether to enable garbage collect.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/docker-registry.nix>
|
services.dockerRegistry.enableRedisCacheWhether to enable redis as blob cache.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/docker-registry.nix>
|
services.dockerRegistry.extraConfigDocker extra registry configuration via environment variables.
Type: attribute set
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/misc/docker-registry.nix>
|
services.dockerRegistry.garbageCollectDatesSpecification (in the format described by systemd.time(7)) of the time at which the garbage collect will occur.
Type: string
Default: "daily"
Declared by:
<nixpkgs/nixos/modules/services/misc/docker-registry.nix>
|
services.dockerRegistry.listenAddressDocker registry host or ip to bind to.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/misc/docker-registry.nix>
|
services.dockerRegistry.portDocker registry port to bind to.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 5000
Declared by:
<nixpkgs/nixos/modules/services/misc/docker-registry.nix>
|
services.dockerRegistry.redisPasswordSet redis password.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/misc/docker-registry.nix>
|
services.dockerRegistry.redisUrlSet redis host and port.
Type: string
Default: "localhost:6379"
Declared by:
<nixpkgs/nixos/modules/services/misc/docker-registry.nix>
|
services.dockerRegistry.storagePathDocker registry storage path for the filesystem storage backend. Set to null to configure another backend via extraConfig.
Type: null or path
Default: "/var/lib/docker-registry"
Declared by:
<nixpkgs/nixos/modules/services/misc/docker-registry.nix>
|
services.documize.enableWhether to enable Documize Wiki.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/documize.nix>
|
services.documize.packageWhich package to use for documize.
Type: package
Default: pkgs.documize-community
Declared by:
<nixpkgs/nixos/modules/services/web-apps/documize.nix>
|
services.documize.certThe cert.pem file used for https.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/documize.nix>
|
services.documize.dbDatabase specific connection string for example:
MySQL/Percona/MariaDB:
user:password@tcp(host:3306)/documize
MySQLv8+:
user:password@tcp(host:3306)/documize?allowNativePasswords=true
PostgreSQL:
host=localhost port=5432 dbname=documize user=admin password=secret sslmode=disable
MSSQL:
sqlserver://username:password@localhost:1433?database=Documize or
sqlserver://sa@localhost/SQLExpress?database=Documize
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/documize.nix>
|
services.documize.dbtypeSpecify the database provider: mysql, percona, mariadb, postgresql, sqlserver
Type: one of "mysql", "percona", "mariadb", "postgresql", "sqlserver"
Default: "postgresql"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/documize.nix>
|
services.documize.forcesslportRedirect given http port number to TLS.
Type: null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/documize.nix>
|
services.documize.keyThe key.pem file used for https.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/documize.nix>
|
services.documize.locationreserved
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/documize.nix>
|
services.documize.offlineSet true for offline mode.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/documize.nix>
|
services.documize.portThe http/https port number.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 5001
Declared by:
<nixpkgs/nixos/modules/services/web-apps/documize.nix>
|
services.documize.saltThe salt string used to encode JWT tokens, if not set a random value will be generated.
Type: null or string
Default: null
Example: "3edIYV6c8B28b19fh"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/documize.nix>
|
services.documize.stateDirectoryNameThe name of the directory below /var/lib/private
where documize runs in and stores, for example, backups.
Type: string
Default: "documize"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/documize.nix>
|
services.doh-proxy-rust.enableWhether to enable doh-proxy-rust.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/doh-proxy-rust.nix>
|
services.doh-proxy-rust.flagsA list of command-line flags to pass to doh-proxy. For details on the available options, see https://github.com/jedisct1/doh-server#usage.
Type: list of string
Default: [ ]
Example:
[ "--server-address=9.9.9.9:53" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/doh-proxy-rust.nix>
|
services.dokuwiki.sitesSpecification of one or more DokuWiki sites to serve
Type: attribute set of (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dokuwiki.nix>
|
services.dokuwiki.sites.<name>.enableWhether to enable DokuWiki web application..
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dokuwiki.nix>
|
services.dokuwiki.sites.<name>.packageWhich DokuWiki package to use.
Type: package
Default: pkgs.dokuwiki
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dokuwiki.nix>
|
services.dokuwiki.sites.<name>.aclAccess Control Lists: see https://www.dokuwiki.org/acl Mutually exclusive with services.dokuwiki.aclFile Set this to a value other than null to take precedence over aclFile option.
Warning: Consider using aclFile instead if you do not want to store the ACL in the world-readable Nix store.
Type: null or strings concatenated with "\n"
Default: null
Example: "* @ALL 8"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dokuwiki.nix>
|
services.dokuwiki.sites.<name>.aclFileLocation of the dokuwiki acl rules. Mutually exclusive with services.dokuwiki.acl Mutually exclusive with services.dokuwiki.acl which is preferred. Consult documentation https://www.dokuwiki.org/acl for further instructions. Example: https://github.com/splitbrain/dokuwiki/blob/master/conf/acl.auth.php.dist
Type: null or string
Default: "/var/lib/dokuwiki/‹name›/acl.auth.php"
Example: "/var/lib/dokuwiki/‹name›/acl.auth.php"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dokuwiki.nix>
|
services.dokuwiki.sites.<name>.aclUseNecessary for users to log in into the system. Also limits anonymous users. When disabled, everyone is able to create and edit content.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dokuwiki.nix>
|
services.dokuwiki.sites.<name>.disableActionsDisable individual action modes. Refer to https://www.dokuwiki.org/config:action_modes for details on supported values.
Type: null or string
Default: ""
Example: "search,register"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dokuwiki.nix>
|
services.dokuwiki.sites.<name>.extraConfigDokuWiki configuration. Refer to https://www.dokuwiki.org/config for details on supported values.
Type: null or strings concatenated with "\n"
Default: null
Example:
'' $conf['title'] = 'My Wiki'; $conf['userewrite'] = 1; ''
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dokuwiki.nix>
|
services.dokuwiki.sites.<name>.pluginsList of path(s) to respective plugin(s) which are copied from the 'plugin' directory.
These plugins need to be packaged before use, see example.
Type: list of path
Default: [ ]
Example:
let
# Let's package the icalevents plugin
plugin-icalevents = pkgs.stdenv.mkDerivation {
name = "icalevents";
# Download the plugin from the dokuwiki site
src = pkgs.fetchurl {
url = "https://github.com/real-or-random/dokuwiki-plugin-icalevents/releases/download/2017-06-16/dokuwiki-plugin-icalevents-2017-06-16.zip";
sha256 = "e40ed7dd6bbe7fe3363bbbecb4de481d5e42385b5a0f62f6a6ce6bf3a1f9dfa8";
};
sourceRoot = ".";
# We need unzip to build this package
buildInputs = [ pkgs.unzip ];
# Installing simply means copying all files to the output directory
installPhase = "mkdir -p $out; cp -R * $out/";
};
# And then pass this theme to the plugin list like this:
in [ plugin-icalevents ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dokuwiki.nix>
|
services.dokuwiki.sites.<name>.pluginsConfigList of the dokuwiki (un)loaded plugins.
Type: strings concatenated with "\n"
Default:
'' $plugins['authad'] = 0; $plugins['authldap'] = 0; $plugins['authmysql'] = 0; $plugins['authpgsql'] = 0; ''
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dokuwiki.nix>
|
services.dokuwiki.sites.<name>.poolConfigOptions for the DokuWiki PHP pool. See the documentation on php-fpm.conf
for details on configuration directives.
Type: attribute set of (string or signed integer or boolean)
Default:
{
pm = "dynamic";
"pm.max_children" = 32;
"pm.max_requests" = 500;
"pm.max_spare_servers" = 4;
"pm.min_spare_servers" = 2;
"pm.start_servers" = 2;
}Declared by:
<nixpkgs/nixos/modules/services/web-apps/dokuwiki.nix>
|
services.dokuwiki.sites.<name>.stateDirLocation of the DokuWiki state directory.
Type: path
Default: "/var/lib/dokuwiki/‹name›/data"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dokuwiki.nix>
|
services.dokuwiki.sites.<name>.superUserYou can set either a username, a list of usernames (“admin1,admin2”), or the name of a group by prepending an @ char to the groupname Consult documentation https://www.dokuwiki.org/config:superuser for further instructions.
Type: null or string
Default: "@admin"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dokuwiki.nix>
|
services.dokuwiki.sites.<name>.templatesList of path(s) to respective template(s) which are copied from the 'tpl' directory.
These templates need to be packaged before use, see example.
Type: list of path
Default: [ ]
Example:
let
# Let's package the bootstrap3 theme
template-bootstrap3 = pkgs.stdenv.mkDerivation {
name = "bootstrap3";
# Download the theme from the dokuwiki site
src = pkgs.fetchurl {
url = "https://github.com/giterlizzi/dokuwiki-template-bootstrap3/archive/v2019-05-22.zip";
sha256 = "4de5ff31d54dd61bbccaf092c9e74c1af3a4c53e07aa59f60457a8f00cfb23a6";
};
# We need unzip to build this package
buildInputs = [ pkgs.unzip ];
# Installing simply means copying all files to the output directory
installPhase = "mkdir -p $out; cp -R * $out/";
};
# And then pass this theme to the template list like this:
in [ template-bootstrap3 ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dokuwiki.nix>
|
services.dokuwiki.sites.<name>.usersFileLocation of the dokuwiki users file. List of users. Format:
login:passwordhash:Real Name:email:groups,comma,separated
Create passwordHash easily by using:
mkpasswd -5 password `pwgen 8 1`
Example: https://github.com/splitbrain/dokuwiki/blob/master/conf/users.auth.php.dist
Type: null or string
Default: "/var/lib/dokuwiki/‹name›/users.auth.php"
Example: "/var/lib/dokuwiki/‹name›/users.auth.php"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dokuwiki.nix>
|
services.dokuwiki.webserverWhether to use nginx or caddy for virtual host management.
Further nginx configuration can be done by adapting services.nginx.virtualHosts.<name>.
See services.nginx.virtualHosts for further information.
Further apache2 configuration can be done by adapting services.httpd.virtualHosts.<name>.
See services.httpd.virtualHosts for further information.
Type: one of "nginx", "caddy"
Default: "nginx"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dokuwiki.nix>
|
services.dolibarr.enableWhether to enable dolibarr.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dolibarr.nix>
|
services.dolibarr.database.createLocallyCreate the database and database user locally.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dolibarr.nix>
|
services.dolibarr.database.hostDatabase host address.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dolibarr.nix>
|
services.dolibarr.database.nameDatabase name.
Type: string
Default: "dolibarr"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dolibarr.nix>
|
services.dolibarr.database.passwordFileDatabase password file.
Type: null or path
Default: null
Example: "/run/keys/dolibarr-dbpassword"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dolibarr.nix>
|
services.dolibarr.database.portDatabase host port.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 3306
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dolibarr.nix>
|
services.dolibarr.database.userDatabase username.
Type: string
Default: "dolibarr"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dolibarr.nix>
|
services.dolibarr.domainDomain name of your server.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dolibarr.nix>
|
services.dolibarr.groupGroup account under which dolibarr runs.
If left as the default value this group will automatically be created on system activation, otherwise you are responsible for ensuring the group exists before the dolibarr application starts.
Type: string
Default: "dolibarr"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dolibarr.nix>
|
services.dolibarr.nginxWith this option, you can customize an nginx virtual host which already has sensible defaults for Dolibarr.
Set to {} if you do not need any customization to the virtual host.
If enabled, then by default, the serverName is
${domain},
SSL is active, and certificates are acquired via ACME.
If this is set to null (the default), no nginx virtualHost will be configured.
Type: null or (submodule)
Default: null
Example:
{
serverAliases = [
"dolibarr.${config.networking.domain}"
"erp.${config.networking.domain}"
];
enableACME = false;
}
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dolibarr.nix>
|
services.dolibarr.nginx.enableACMEWhether to ask Let's Encrypt to sign a certificate for this vhost.
Alternately, you can use an existing certificate through useACMEHost.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dolibarr.nix>
|
services.dolibarr.nginx.acmeFallbackHostHost which to proxy requests to if ACME challenge is not found. Useful if you want multiple hosts to be able to verify the same domain name.
With this option, you could request certificates for the present domain with an ACME client that is running on another host, which you would specify here.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dolibarr.nix>
|
services.dolibarr.nginx.acmeRootDirectory for the ACME challenge, which is public. Don't put certs or keys in here. Set to null to inherit from config.security.acme.
Type: null or string
Default: "/var/lib/acme/acme-challenge"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dolibarr.nix>
|
services.dolibarr.nginx.addSSLWhether to enable HTTPS in addition to plain HTTP. This will set defaults for
listen to listen on all interfaces on the respective default
ports (80, 443).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dolibarr.nix>
|
services.dolibarr.nginx.basicAuthBasic Auth protection for a vhost.
WARNING: This is implemented to store the password in plain text in the Nix store.
Type: attribute set of string
Default: { }
Example:
{
user = "password";
};
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dolibarr.nix>
|
services.dolibarr.nginx.basicAuthFileBasic Auth password file for a vhost. Can be created via: htpasswd -c <filename> <username>.
WARNING: The generate file contains the users' passwords in a non-cryptographically-securely hashed way.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dolibarr.nix>
|
services.dolibarr.nginx.defaultMakes this vhost the default.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dolibarr.nix>
|
services.dolibarr.nginx.extraConfigThese lines go to the end of the vhost verbatim.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dolibarr.nix>
|
services.dolibarr.nginx.forceSSLWhether to add a separate nginx server block that permanently redirects (301)
all plain HTTP traffic to HTTPS. This will set defaults for
listen to listen on all interfaces on the respective default
ports (80, 443), where the non-SSL listens are used for the redirect vhosts.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dolibarr.nix>
|
services.dolibarr.nginx.globalRedirectIf set, all requests for this host are redirected permanently to the given hostname.
Type: null or string
Default: null
Example: "newserver.example.org"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dolibarr.nix>
|
services.dolibarr.nginx.http2Whether to enable HTTP 2. Note that (as of writing) due to nginx's implementation, to disable HTTP 2 you have to disable it on all vhosts that use a given IP address / port. If there is one server block configured to enable http2,then it is enabled for all server blocks on this IP. See https://stackoverflow.com/a/39466948/263061.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dolibarr.nix>
|
services.dolibarr.nginx.http3Whether to enable HTTP 3.
This requires using pkgs.nginxQuic package
which can be achieved by setting services.nginx.package = pkgs.nginxQuic;.
Note that HTTP 3 support is experimental and
not yet recommended for production.
Read more at https://quic.nginx.org/
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dolibarr.nix>
|
services.dolibarr.nginx.kTLSWhether to enable kTLS support. Implementing TLS in the kernel (kTLS) improves performance by significantly reducing the need for copying operations between user space and the kernel. Required Nginx version 1.21.4 or later.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dolibarr.nix>
|
services.dolibarr.nginx.listenListen addresses and ports for this virtual host.
IPv6 addresses must be enclosed in square brackets.
Note: this option overrides addSSL
and onlySSL.
If you only want to set the addresses manually and not
the ports, take a look at listenAddresses
Type: list of (submodule)
Default: [ ]
Example:
[
{
addr = "195.154.1.1";
port = 443;
ssl = true;
}
{
addr = "192.154.1.1";
port = 80;
}
]Declared by:
<nixpkgs/nixos/modules/services/web-apps/dolibarr.nix>
|
services.dolibarr.nginx.listen.*.addrIP address.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dolibarr.nix>
|
services.dolibarr.nginx.listen.*.extraParametersExtra parameters of this listen directive.
Type: list of string
Default: [ ]
Example:
[ "backlog=1024" "deferred" ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dolibarr.nix>
|
services.dolibarr.nginx.listen.*.portPort number.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 80
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dolibarr.nix>
|
services.dolibarr.nginx.listen.*.sslEnable SSL.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dolibarr.nix>
|
services.dolibarr.nginx.listenAddressesListen addresses for this virtual host.
Compared to listen this only sets the addresses
and the ports are chosen automatically.
Note: This option overrides enableIPv6
Type: list of string
Default: [ ]
Example:
[ "127.0.0.1" "[::1]" ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dolibarr.nix>
|
services.dolibarr.nginx.locationsDeclarative location config
Type: attribute set of (submodule)
Default: { }
Example:
{
"/" = {
proxyPass = "http://localhost:3000";
};
};
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dolibarr.nix>
|
services.dolibarr.nginx.locations.<name>.aliasAlias directory for requests.
Type: null or path
Default: null
Example: "/your/alias/directory"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dolibarr.nix>
|
services.dolibarr.nginx.locations.<name>.basicAuthBasic Auth protection for a vhost.
WARNING: This is implemented to store the password in plain text in the Nix store.
Type: attribute set of string
Default: { }
Example:
{
user = "password";
};
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dolibarr.nix>
|
services.dolibarr.nginx.locations.<name>.basicAuthFileBasic Auth password file for a vhost. Can be created via: htpasswd -c <filename> <username>.
WARNING: The generate file contains the users' passwords in a non-cryptographically-securely hashed way.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dolibarr.nix>
|
services.dolibarr.nginx.locations.<name>.extraConfigThese lines go to the end of the location verbatim.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dolibarr.nix>
|
services.dolibarr.nginx.locations.<name>.fastcgiParamsFastCGI parameters to override. Unlike in the Nginx configuration file, overriding only some default parameters won't unset the default values for other parameters.
Type: attribute set of (string or path)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dolibarr.nix>
|
services.dolibarr.nginx.locations.<name>.indexAdds index directive.
Type: null or string
Default: null
Example: "index.php index.html"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dolibarr.nix>
|
services.dolibarr.nginx.locations.<name>.priorityOrder of this location block in relation to the others in the vhost.
The semantics are the same as with lib.mkOrder. Smaller values have
a greater priority.
Type: signed integer
Default: 1000
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dolibarr.nix>
|
services.dolibarr.nginx.locations.<name>.proxyPassAdds proxy_pass directive and sets recommended proxy headers if recommendedProxySettings is enabled.
Type: null or string
Default: null
Example: "http://www.example.org/"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dolibarr.nix>
|
services.dolibarr.nginx.locations.<name>.proxyWebsocketsWhether to support proxying websocket connections with HTTP/1.1.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dolibarr.nix>
|
services.dolibarr.nginx.locations.<name>.recommendedProxySettingsEnable recommended proxy settings.
Type: boolean
Default: config.services.nginx.recommendedProxySettings
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dolibarr.nix>
|
services.dolibarr.nginx.locations.<name>.returnAdds a return directive, for e.g. redirections.
Type: null or string
Default: null
Example: "301 http://example.com$request_uri"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dolibarr.nix>
|
services.dolibarr.nginx.locations.<name>.rootRoot directory for requests.
Type: null or path
Default: null
Example: "/your/root/directory"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dolibarr.nix>
|
services.dolibarr.nginx.locations.<name>.tryFilesAdds try_files directive.
Type: null or string
Default: null
Example: "$uri =404"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dolibarr.nix>
|
services.dolibarr.nginx.onlySSLWhether to enable HTTPS and reject plain HTTP connections. This will set
defaults for listen to listen on all interfaces on port 443.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dolibarr.nix>
|
services.dolibarr.nginx.rejectSSLWhether to listen for and reject all HTTPS connections to this vhost. Useful in
default
server blocks to avoid serving the certificate for another vhost. Uses the
ssl_reject_handshake directive available in nginx versions
1.19.4 and above.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dolibarr.nix>
|
services.dolibarr.nginx.reuseportCreate an individual listening socket . It is required to specify only once on one of the hosts.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dolibarr.nix>
|
services.dolibarr.nginx.rootThe path of the web root directory.
Type: null or path
Default: null
Example: "/data/webserver/docs"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dolibarr.nix>
|
services.dolibarr.nginx.serverAliasesAdditional names of virtual hosts served by this virtual host configuration.
Type: list of string
Default: [ ]
Example:
[ "www.example.org" "example.org" ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dolibarr.nix>
|
services.dolibarr.nginx.serverNameName of this virtual host. Defaults to attribute name in virtualHosts.
Type: null or string
Default: null
Example: "example.org"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dolibarr.nix>
|
services.dolibarr.nginx.sslCertificatePath to server SSL certificate.
Type: path
Example: "/var/host.cert"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dolibarr.nix>
|
services.dolibarr.nginx.sslCertificateKeyPath to server SSL certificate key.
Type: path
Example: "/var/host.key"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dolibarr.nix>
|
services.dolibarr.nginx.sslTrustedCertificatePath to root SSL certificate for stapling and client certificates.
Type: null or path
Default: null
Example: "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dolibarr.nix>
|
services.dolibarr.nginx.useACMEHostA host of an existing Let's Encrypt certificate to use.
This is useful if you have many subdomains and want to avoid hitting the
rate limit.
Alternately, you can generate a certificate through enableACME.
Note that this option does not create any certificates, nor it does add subdomains to existing ones – you will need to create them manually using security.acme.certs.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dolibarr.nix>
|
services.dolibarr.poolConfigOptions for the Dolibarr PHP pool. See the documentation on php-fpm.conf
for details on configuration directives.
Type: attribute set of (string or signed integer or boolean)
Default:
{
pm = "dynamic";
"pm.max_children" = 32;
"pm.max_requests" = 500;
"pm.max_spare_servers" = 4;
"pm.min_spare_servers" = 2;
"pm.start_servers" = 2;
}Declared by:
<nixpkgs/nixos/modules/services/web-apps/dolibarr.nix>
|
services.dolibarr.settingsDolibarr settings, see https://github.com/Dolibarr/dolibarr/blob/develop/htdocs/conf/conf.php.example for details.
Type: attribute set of (boolean or signed integer or string)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dolibarr.nix>
|
services.dolibarr.stateDirState and configuration directory dolibarr will use.
Type: string
Default: "/var/lib/dolibarr"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dolibarr.nix>
|
services.dolibarr.userUser account under which dolibarr runs.
If left as the default value this user will automatically be created on system activation, otherwise you are responsible for ensuring the user exists before the dolibarr application starts.
Type: string
Default: "dolibarr"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/dolibarr.nix>
|
services.domoticz.enableWhether to enable Domoticz home automation.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/domoticz.nix>
|
services.domoticz.bindIP address to bind to.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/misc/domoticz.nix>
|
services.domoticz.portPort to bind to for HTTP, set to 0 to disable HTTP.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8080
Declared by:
<nixpkgs/nixos/modules/services/misc/domoticz.nix>
|
services.dovecot2.enableWhether to enable the dovecot 2.x POP3/IMAP server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
|
services.dovecot2.enableDHEWhether to enable enable ssl_dh and generation of primes for the key exchange..
Type: boolean
Default: true
Example: true
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
|
services.dovecot2.enableImapWhether to enable starting the IMAP listener (when Dovecot is enabled)..
Type: boolean
Default: true
Example: true
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
|
services.dovecot2.enableLmtpWhether to enable starting the LMTP listener (when Dovecot is enabled)..
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
|
services.dovecot2.enablePAMWhether to enable creating a own Dovecot PAM service and configure PAM user logins..
Type: boolean
Default: true
Example: true
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
|
services.dovecot2.enablePop3Whether to enable starting the POP3 listener (when Dovecot is enabled)..
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
|
services.dovecot2.enableQuotaWhether to enable the dovecot quota service..
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
|
services.dovecot2.configFileConfig file used for the whole dovecot configuration.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
|
services.dovecot2.createMailUserWhether to enable automatically creating the user
given in services.dovecot.user and the group
given in services.dovecot.group..
Type: boolean
Default: true
Example: true
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
|
services.dovecot2.extraConfigAdditional entries to put verbatim into Dovecot's config file.
Type: strings concatenated with "\n"
Default: ""
Example: "mail_debug = yes"
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
|
services.dovecot2.groupDovecot group name.
Type: string
Default: "dovecot2"
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
|
services.dovecot2.mailGroupDefault group to store mail for virtual users.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
|
services.dovecot2.mailLocationLocation that dovecot will use for mail folders. Dovecot mail_location option.
Type: string
Default: "maildir:/var/spool/mail/%u"
Example: "maildir:~/mail:INBOX=/var/spool/mail/%u"
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
|
services.dovecot2.mailPluginsAdditional entries to add to the mail_plugins variable, globally and per protocol
Type: submodule
Default:
{
globally = {
enable = [ ];
};
perProtocol = { };
}Example:
{
globally = {
enable = [
"acl"
];
};
perProtocol = {
imap = {
enable = [
"imap_acl"
];
};
};
}Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
|
services.dovecot2.mailPlugins.globallyAdditional entries to add to the mail_plugins variable for all protocols
Type: submodule
Default:
{
enable = [ ];
}Example:
{
enable = [
"virtual"
];
}Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
|
services.dovecot2.mailPlugins.globally.enablemail plugins to enable as a list of strings to append to the top-level $mail_plugins configuration variable
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
|
services.dovecot2.mailPlugins.perProtocolAdditional entries to add to the mail_plugins variable, per protocol
Type: attribute set of (submodule)
Default: { }
Example:
{
imap = [
"imap_acl"
];
}Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
|
services.dovecot2.mailPlugins.perProtocol.<name>.enablemail plugins to enable as a list of strings to append to the corresponding per-protocol $mail_plugins configuration variable
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
|
services.dovecot2.mailUserDefault user to store mail for virtual users.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
|
services.dovecot2.mailboxesConfigure mailboxes and auto create or subscribe them.
Type: (attribute set of (submodule)) or (list of unspecified value) convertible to it
Default: { }
Example:
{
Spam = { specialUse = "Junk"; auto = "create"; };
}
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
|
services.dovecot2.mailboxes.<name>.autoWhether to automatically create or create and subscribe to the mailbox or not.
Type: one of "no", "create", "subscribe"
Default: "no"
Example: "subscribe"
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
|
services.dovecot2.mailboxes.<name>.autoexpungeTo automatically remove all email from the mailbox which is older than the specified time.
Type: null or string
Default: null
Example: "60d"
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
|
services.dovecot2.mailboxes.<name>.nameThe name of the mailbox.
Type: string matching the pattern [^"]+ (read only)
Default: "‹name›"
Example: "Spam"
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
|
services.dovecot2.mailboxes.<name>.specialUseNull if no special use flag is set. Other than that every use flag mentioned in the RFC is valid.
Type: null or one of "All", "Archive", "Drafts", "Flagged", "Junk", "Sent", "Trash"
Default: null
Example: "Junk"
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
|
services.dovecot2.modulesSymlinks the contents of lib/dovecot of every given package into /etc/dovecot/modules. This will make the given modules available if a dovecot package with the module_dir patch applied is being used.
Type: list of package
Default: [ ]
Example: [ pkgs.dovecot_pigeonhole ]
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
|
services.dovecot2.protocolsAdditional listeners to start when Dovecot is enabled.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
|
services.dovecot2.quotaGlobalPerUserQuota limit for the user in bytes. Supports suffixes b, k, M, G, T and %.
Type: string
Default: "100G"
Example: "10G"
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
|
services.dovecot2.quotaPortThe Port the dovecot quota service binds to. If using postfix, add check_policy_service inet:localhost:12340 to your smtpd_recipient_restrictions in your postfix config.
Type: string
Default: "12340"
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
|
services.dovecot2.showPAMFailureWhether to enable showing the PAM failure message on authentication error (useful for OTPW)..
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
|
services.dovecot2.sieveScriptsSieve scripts to be executed. Key is a sequence, e.g. 'before2', 'after' etc.
Type: attribute set of path
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
|
services.dovecot2.sslCACertPath to the server's CA certificate key.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
|
services.dovecot2.sslServerCertPath to the server's public key.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
|
services.dovecot2.sslServerKeyPath to the server's private key.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
|
services.dovecot2.userDovecot user name.
Type: string
Default: "dovecot2"
Declared by:
<nixpkgs/nixos/modules/services/mail/dovecot.nix>
|
services.dragonflydb.enableWhether to enable DragonflyDB.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/databases/dragonflydb.nix>
|
services.dragonflydb.bindThe IP interface to bind to.
null means "all interfaces".
Type: null or string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/databases/dragonflydb.nix>
|
services.dragonflydb.cacheModeOnce this mode is on, Dragonfly will evict items least likely to be stumbled upon in the future but only when it is near maxmemory limit.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/databases/dragonflydb.nix>
|
services.dragonflydb.dbNumMaximum number of supported databases for select
Type: null or unsigned integer, meaning >=0
Default: null
Declared by:
<nixpkgs/nixos/modules/services/databases/dragonflydb.nix>
|
services.dragonflydb.keysOutputLimitMaximum number of returned keys in keys command.
keys is a dangerous command.
We truncate its result to avoid blowup in memory when fetching too many keys.
Type: unsigned integer, meaning >=0
Default: 8192
Declared by:
<nixpkgs/nixos/modules/services/databases/dragonflydb.nix>
|
services.dragonflydb.maxMemoryThe maximum amount of memory to use for storage (in bytes).
null means this will be automatically set.
Type: null or unsigned integer, meaning >=0
Default: null
Declared by:
<nixpkgs/nixos/modules/services/databases/dragonflydb.nix>
|
services.dragonflydb.memcachePortTo enable memcached compatible API on this port.
null means disabled.
Type: null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/databases/dragonflydb.nix>
|
services.dragonflydb.portThe TCP port to accept connections.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 6379
Declared by:
<nixpkgs/nixos/modules/services/databases/dragonflydb.nix>
|
services.dragonflydb.requirePassPassword for database
Type: null or string
Default: null
Example: "letmein!"
Declared by:
<nixpkgs/nixos/modules/services/databases/dragonflydb.nix>
|
services.dragonflydb.userThe user to run DragonflyDB as
Type: string
Default: "dragonfly"
Declared by:
<nixpkgs/nixos/modules/services/databases/dragonflydb.nix>
|
services.drbd.enableWhether to enable support for DRBD, the Distributed Replicated Block Device.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/drbd.nix>
|
services.drbd.configContents of the drbd.conf configuration file.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/drbd.nix>
|
services.dspam.enableWhether to enable the dspam spam filter.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/mail/dspam.nix>
|
services.dspam.domainSocketPath to local domain socket which is used for communication with the daemon. Set to null to disable UNIX socket.
Type: null or path
Default: "/run/dspam/dspam.sock"
Declared by:
<nixpkgs/nixos/modules/services/mail/dspam.nix>
|
services.dspam.extraConfigAdditional dspam configuration.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/mail/dspam.nix>
|
services.dspam.groupGroup for the dspam daemon.
Type: string
Default: "dspam"
Declared by:
<nixpkgs/nixos/modules/services/mail/dspam.nix>
|
services.dspam.maintenanceIntervalIf set, maintenance script will be run at specified (in systemd.timer format) interval
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/mail/dspam.nix>
|
services.dspam.storageDriverStorage driver backend to use for dspam.
Type: string
Default: "hash"
Declared by:
<nixpkgs/nixos/modules/services/mail/dspam.nix>
|
services.dspam.userUser for the dspam daemon.
Type: string
Default: "dspam"
Declared by:
<nixpkgs/nixos/modules/services/mail/dspam.nix>
|
services.duckling.enableWhether to enable duckling.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/duckling.nix>
|
services.duckling.portPort on which duckling will run.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8080
Declared by:
<nixpkgs/nixos/modules/services/misc/duckling.nix>
|
services.duplicati.enableWhether to enable Duplicati.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/backup/duplicati.nix>
|
services.duplicati.dataDirThe directory where Duplicati stores its data files.
If left as the default value this directory will automatically be created before the Duplicati server starts, otherwise you are responsible for ensuring the directory exists with appropriate ownership and permissions.
Type: string
Default: "/var/lib/duplicati"
Declared by:
<nixpkgs/nixos/modules/services/backup/duplicati.nix>
|
services.duplicati.interfaceListening interface for the web UI Set it to "any" to listen on all available interfaces
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/backup/duplicati.nix>
|
services.duplicati.portPort serving the web interface
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8200
Declared by:
<nixpkgs/nixos/modules/services/backup/duplicati.nix>
|
services.duplicati.userDuplicati runs as it's own user. It will only be able to backup world-readable files. Run as root with special care.
Type: string
Default: "duplicati"
Declared by:
<nixpkgs/nixos/modules/services/backup/duplicati.nix>
|
services.duplicity.enableWhether to enable backups with duplicity.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/backup/duplicity.nix>
|
services.duplicity.cleanup.maxAgeIf non-null, delete all backup sets older than the given time. Old backup sets will not be deleted if backup sets newer than time depend on them.
Type: null or string
Default: null
Example: "6M"
Declared by:
<nixpkgs/nixos/modules/services/backup/duplicity.nix>
|
services.duplicity.cleanup.maxFullIf non-null, delete all backups sets that are older than the count:th last full backup (in other words, keep the last count full backups and associated incremental sets).
Type: null or signed integer
Default: null
Example: 2
Declared by:
<nixpkgs/nixos/modules/services/backup/duplicity.nix>
|
services.duplicity.cleanup.maxIncrIf non-null, delete incremental sets of all backups sets that are older than the count:th last full backup (in other words, keep only old full backups and not their increments).
Type: null or signed integer
Default: null
Example: 1
Declared by:
<nixpkgs/nixos/modules/services/backup/duplicity.nix>
|
services.duplicity.excludeList of paths to exclude from backups. See the FILE SELECTION section in duplicity(1) for details on the syntax.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/backup/duplicity.nix>
|
services.duplicity.extraFlagsExtra command-line flags passed to duplicity. See duplicity(1).
Type: list of string
Default: [ ]
Example:
[ "--backend-retry-delay" "100" ]
Declared by:
<nixpkgs/nixos/modules/services/backup/duplicity.nix>
|
services.duplicity.frequencyRun duplicity with the given frequency (see systemd.time(7) for the format). If null, do not run automatically.
Type: null or string
Default: "daily"
Declared by:
<nixpkgs/nixos/modules/services/backup/duplicity.nix>
|
services.duplicity.fullIfOlderThanIf "never" (the default) always do incremental
backups (the first backup will be a full backup, of course). If
"always" always do full backups. Otherwise, this
must be a string representing a duration. Full backups will be made
when the latest full backup is older than this duration. If this is not
the case, an incremental backup is performed.
Type: string
Default: "never"
Example: "1M"
Declared by:
<nixpkgs/nixos/modules/services/backup/duplicity.nix>
|
services.duplicity.includeList of paths to include into the backups. See the FILE SELECTION section in duplicity(1) for details on the syntax.
Type: list of string
Default: [ ]
Example:
[ "/home" ]
Declared by:
<nixpkgs/nixos/modules/services/backup/duplicity.nix>
|
services.duplicity.rootRoot directory to backup.
Type: path
Default: "/"
Declared by:
<nixpkgs/nixos/modules/services/backup/duplicity.nix>
|
services.duplicity.secretFilePath of a file containing secrets (gpg passphrase, access key...) in the format of EnvironmentFile as described by systemd.exec(5). For example:
PASSPHRASE=«...» AWS_ACCESS_KEY_ID=«...» AWS_SECRET_ACCESS_KEY=«...»
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/backup/duplicity.nix>
|
services.duplicity.targetUrlTarget url to backup to. See the URL FORMAT section in duplicity(1) for supported urls.
Type: string
Example: "s3://host:port/prefix"
Declared by:
<nixpkgs/nixos/modules/services/backup/duplicity.nix>
|
services.dwm-status.enableWhether to enable dwm-status user service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/dwm-status.nix>
|
services.dwm-status.packageWhich dwm-status package to use.
Type: package
Default: pkgs.dwm-status
Example: pkgs.dwm-status.override { enableAlsaUtils = false; }
Declared by:
<nixpkgs/nixos/modules/services/misc/dwm-status.nix>
|
services.dwm-status.extraConfigExtra config in TOML format.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/misc/dwm-status.nix>
|
services.dwm-status.orderList of enabled features in order.
Type: list of (one of "audio", "backlight", "battery", "cpu_load", "network", "time")
Declared by:
<nixpkgs/nixos/modules/services/misc/dwm-status.nix>
|
services.earlyoom.enableWhether to enable Early out of memory killing.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/system/earlyoom.nix>
|
services.earlyoom.enableDebugInfoEnable debugging messages.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/system/earlyoom.nix>
|
services.earlyoom.enableNotificationsSend notifications about killed processes via the system d-bus.
WARNING: enabling this option (while convenient) should not be done on a machine where you do not trust the other users as it allows any other local user to DoS your session by spamming notifications.
To actually see the notifications in your GUI session, you need to have
systembus-notify running as your user, which this
option handles by enabling services.systembus-notify.
See README for details.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/system/earlyoom.nix>
|
services.earlyoom.extraArgsExtra command-line arguments to be passed to earlyoom.
Type: list of string
Default: [ ]
Example:
[ "-g" "--prefer '(^|/)(java|chromium)$'" ]
Declared by:
<nixpkgs/nixos/modules/services/system/earlyoom.nix>
|
services.earlyoom.freeMemKillThresholdMinimum available memory (in percent) before sending SIGKILL.
If unset, this defaults to half of freeMemThreshold.
See the description of services.earlyoom.freeMemThreshold.
Type: null or integer between 1 and 100 (both inclusive)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/system/earlyoom.nix>
|
services.earlyoom.freeMemThresholdMinimum available memory (in percent).
If the available memory falls below this threshold (and the analog is true for
freeSwapThreshold) the killing begins.
SIGTERM is sent first to the process that uses the most memory; then, if the available
memory falls below freeMemKillThreshold (and the analog is true for
freeSwapKillThreshold), SIGKILL is sent.
See README for details.
Type: integer between 1 and 100 (both inclusive)
Default: 10
Declared by:
<nixpkgs/nixos/modules/services/system/earlyoom.nix>
|
services.earlyoom.freeSwapKillThresholdMinimum free swap space (in percent) before sending SIGKILL.
If unset, this defaults to half of freeSwapThreshold.
See the description of services.earlyoom.freeMemThreshold.
Type: null or integer between 1 and 100 (both inclusive)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/system/earlyoom.nix>
|
services.earlyoom.freeSwapThresholdMinimum free swap space (in percent) before sending SIGTERM.
See the description of services.earlyoom.freeMemThreshold.
Type: integer between 1 and 100 (both inclusive)
Default: 10
Declared by:
<nixpkgs/nixos/modules/services/system/earlyoom.nix>
|
services.earlyoom.killHookAn absolute path to an executable to be run for each process killed. Some environment variables are available, see README and the man page for details.
Type: null or path
Default: null
Example:
pkgs.writeShellScript "earlyoom-kill-hook" '' echo "Process $EARLYOOM_NAME ($EARLYOOM_PID) was killed" >> /path/to/log ''
Declared by:
<nixpkgs/nixos/modules/services/system/earlyoom.nix>
|
services.earlyoom.reportIntervalInterval (in seconds) at which a memory report is printed (set to 0 to disable).
Type: signed integer
Default: 3600
Example: 0
Declared by:
<nixpkgs/nixos/modules/services/system/earlyoom.nix>
|
services.ecs-agent.enableWhether to enable Amazon ECS agent.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/virtualisation/ecs-agent.nix>
|
services.ecs-agent.packageThe ECS agent package to use
Type: path
Default: pkgs.ecs-agent
Declared by:
<nixpkgs/nixos/modules/virtualisation/ecs-agent.nix>
|
services.ecs-agent.extra-environmentThe environment the ECS agent should run with. See the ECS agent documentation for keys that work here.
Type: attribute set of string
Default: { }
Declared by:
<nixpkgs/nixos/modules/virtualisation/ecs-agent.nix>
|
services.ejabberd.enableWhether to enable ejabberd server
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/ejabberd.nix>
|
services.ejabberd.packageejabberd server package to use
Type: package
Default: pkgs.ejabberd
Declared by:
<nixpkgs/nixos/modules/services/networking/ejabberd.nix>
|
services.ejabberd.configFileConfiguration file for ejabberd in YAML format
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/ejabberd.nix>
|
services.ejabberd.ctlConfigConfiguration of ejabberdctl
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/ejabberd.nix>
|
services.ejabberd.groupGroup under which ejabberd is ran
Type: string
Default: "ejabberd"
Declared by:
<nixpkgs/nixos/modules/services/networking/ejabberd.nix>
|
services.ejabberd.imagemagickAdd ImageMagick to server's path; allows for image thumbnailing
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/ejabberd.nix>
|
services.ejabberd.loadDumpsConfiguration dumps that should be loaded on the first startup
Type: list of path
Default: [ ]
Example: [ ./myejabberd.dump ]
Declared by:
<nixpkgs/nixos/modules/services/networking/ejabberd.nix>
|
services.ejabberd.logsDirLocation of the logfile directory of ejabberd
Type: path
Default: "/var/log/ejabberd"
Declared by:
<nixpkgs/nixos/modules/services/networking/ejabberd.nix>
|
services.ejabberd.spoolDirLocation of the spooldir of ejabberd
Type: path
Default: "/var/lib/ejabberd"
Declared by:
<nixpkgs/nixos/modules/services/networking/ejabberd.nix>
|
services.ejabberd.userUser under which ejabberd is ran
Type: string
Default: "ejabberd"
Declared by:
<nixpkgs/nixos/modules/services/networking/ejabberd.nix>
|
services.elasticsearch.enableWhether to enable elasticsearch.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/search/elasticsearch.nix>
|
services.elasticsearch.packageElasticsearch package to use.
Type: package
Default: pkgs.elasticsearch
Declared by:
<nixpkgs/nixos/modules/services/search/elasticsearch.nix>
|
services.elasticsearch.cluster_nameElasticsearch name that identifies your cluster for auto-discovery.
Type: string
Default: "elasticsearch"
Declared by:
<nixpkgs/nixos/modules/services/search/elasticsearch.nix>
|
services.elasticsearch.dataDirData directory for elasticsearch.
Type: path
Default: "/var/lib/elasticsearch"
Declared by:
<nixpkgs/nixos/modules/services/search/elasticsearch.nix>
|
services.elasticsearch.extraCmdLineOptionsExtra command line options for the elasticsearch launcher.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/search/elasticsearch.nix>
|
services.elasticsearch.extraConfExtra configuration for elasticsearch.
Type: string
Default: ""
Example:
'' node.name: "elasticsearch" node.master: true node.data: false ''
Declared by:
<nixpkgs/nixos/modules/services/search/elasticsearch.nix>
|
services.elasticsearch.extraJavaOptionsExtra command line options for Java.
Type: list of string
Default: [ ]
Example:
[ "-Djava.net.preferIPv4Stack=true" ]
Declared by:
<nixpkgs/nixos/modules/services/search/elasticsearch.nix>
|
services.elasticsearch.listenAddressElasticsearch listen address.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/search/elasticsearch.nix>
|
services.elasticsearch.loggingElasticsearch logging configuration.
Type: string
Default:
''
logger.action.name = org.elasticsearch.action
logger.action.level = info
appender.console.type = Console
appender.console.name = console
appender.console.layout.type = PatternLayout
appender.console.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] %marker%m%n
rootLogger.level = info
rootLogger.appenderRef.console.ref = console
''Declared by:
<nixpkgs/nixos/modules/services/search/elasticsearch.nix>
|
services.elasticsearch.pluginsExtra elasticsearch plugins
Type: list of package
Default: [ ]
Example: [ pkgs.elasticsearchPlugins.discovery-ec2 ]
Declared by:
<nixpkgs/nixos/modules/services/search/elasticsearch.nix>
|
services.elasticsearch.portElasticsearch port to listen for HTTP traffic.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9200
Declared by:
<nixpkgs/nixos/modules/services/search/elasticsearch.nix>
|
services.elasticsearch.restartIfChangedAutomatically restart the service on config change. This can be set to false to defer restarts on a server or cluster. Please consider the security implications of inadvertently running an older version, and the possibility of unexpected behavior caused by inconsistent versions across a cluster when disabling this option.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/search/elasticsearch.nix>
|
services.elasticsearch.single_nodeStart a single-node cluster
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/search/elasticsearch.nix>
|
services.elasticsearch.tcp_portElasticsearch port for the node to node communication.
Type: signed integer
Default: 9300
Declared by:
<nixpkgs/nixos/modules/services/search/elasticsearch.nix>
|
services.elasticsearch-curator.enableWhether to enable elasticsearch curator.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/search/elasticsearch-curator.nix>
|
services.elasticsearch-curator.actionYAMLcurator action.yaml file contents, alternatively use curator-cli which takes a simple action command
Type: strings concatenated with "\n"
Example:
''
---
actions:
1:
action: delete_indices
description: >-
Delete indices older than 45 days (based on index name), for logstash-
prefixed indices. Ignore the error if the filter does not result in an
actionable list of indices (ignore_empty_list) and exit cleanly.
options:
ignore_empty_list: True
disable_action: False
filters:
- filtertype: pattern
kind: prefix
value: logstash-
- filtertype: age
source: name
direction: older
timestring: '%Y.%m.%d'
unit: days
unit_count: 45
''Declared by:
<nixpkgs/nixos/modules/services/search/elasticsearch-curator.nix>
|
services.elasticsearch-curator.hostsa list of elasticsearch hosts to connect to
Type: list of string
Default:
[ "localhost" ]
Declared by:
<nixpkgs/nixos/modules/services/search/elasticsearch-curator.nix>
|
services.elasticsearch-curator.intervalThe frequency to run curator, a systemd.time such as 'hourly'
Type: string
Default: "hourly"
Declared by:
<nixpkgs/nixos/modules/services/search/elasticsearch-curator.nix>
|
services.elasticsearch-curator.portthe port that elasticsearch is listening on
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9200
Declared by:
<nixpkgs/nixos/modules/services/search/elasticsearch-curator.nix>
|
services.emacs.enableWhether to enable a user service for the Emacs daemon. Use emacsclient to connect to the
daemon. If true, services.emacs.install is
considered true, whatever its value.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/editors/emacs.nix>
|
services.emacs.packageemacs derivation to use.
Type: package
Default: pkgs.emacs
Declared by:
<nixpkgs/nixos/modules/services/editors/emacs.nix>
|
services.emacs.defaultEditorWhen enabled, configures emacsclient to be the default editor using the EDITOR environment variable.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/editors/emacs.nix>
|
services.emacs.installWhether to install a user service for the Emacs daemon. Once the service is started, use emacsclient to connect to the daemon.
The service must be manually started for each user with
"systemctl --user start emacs" or globally through
services.emacs.enable.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/editors/emacs.nix>
|
services.endlessh.enableWhether to enable endlessh service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/security/endlessh.nix>
|
services.endlessh.extraOptionsAdditional command line options to pass to the endlessh daemon.
Type: list of string
Default: [ ]
Example:
[ "-6" "-d 9000" "-v" ]
Declared by:
<nixpkgs/nixos/modules/services/security/endlessh.nix>
|
services.endlessh.openFirewallWhether to open a firewall port for the SSH listener.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/security/endlessh.nix>
|
services.endlessh.portSpecifies on which port the endlessh daemon listens for SSH connections.
Setting this to 22 may conflict with services.openssh.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 2222
Example: 22
Declared by:
<nixpkgs/nixos/modules/services/security/endlessh.nix>
|
services.endlessh-go.enableWhether to enable endlessh-go service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/security/endlessh-go.nix>
|
services.endlessh-go.extraOptionsAdditional command line options to pass to the endlessh-go daemon.
Type: list of string
Default: [ ]
Example:
[ "-conn_type=tcp4" "-max_clients=8192" ]
Declared by:
<nixpkgs/nixos/modules/services/security/endlessh-go.nix>
|
services.endlessh-go.listenAddressInterface address to bind the endlessh-go daemon to SSH connections.
Type: string
Default: "0.0.0.0"
Example: "[::]"
Declared by:
<nixpkgs/nixos/modules/services/security/endlessh-go.nix>
|
services.endlessh-go.openFirewallWhether to open a firewall port for the SSH listener.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/security/endlessh-go.nix>
|
services.endlessh-go.portSpecifies on which port the endlessh-go daemon listens for SSH connections.
Setting this to 22 may conflict with services.openssh.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 2222
Example: 22
Declared by:
<nixpkgs/nixos/modules/services/security/endlessh-go.nix>
|
services.endlessh-go.prometheus.enableWhether to enable Prometheus integration.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/security/endlessh-go.nix>
|
services.endlessh-go.prometheus.listenAddressInterface address to bind the endlessh-go daemon to answer Prometheus queries.
Type: string
Default: "0.0.0.0"
Example: "[::]"
Declared by:
<nixpkgs/nixos/modules/services/security/endlessh-go.nix>
|
services.endlessh-go.prometheus.portSpecifies on which port the endlessh-go daemon listens for Prometheus queries.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 2112
Example: 9119
Declared by:
<nixpkgs/nixos/modules/services/security/endlessh-go.nix>
|
services.engelsystem.enableWhether to enable engelsystem, an online tool for coordinating volunteers and shifts on large events.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/engelsystem.nix>
|
services.engelsystem.packageEngelsystem package used for the service.
Type: package
Default: pkgs.engelsystem
Declared by:
<nixpkgs/nixos/modules/services/web-apps/engelsystem.nix>
|
services.engelsystem.configOptions to be added to config.php, as a nix attribute set. Options containing secret data should be set to an attribute set containing the attribute _secret - a string pointing to a file containing the value the option should be set to. See the example to get a better picture of this: in the resulting config.php file, the email.password key will be set to the contents of the /var/keys/engelsystem/mail file.
See https://engelsystem.de/doc/admin/configuration/ for available options.
Note that the admin user login credentials cannot be set here - they always default to admin:asdfasdf. Log in and change them immediately.
Type: attribute set
Default:
{
database = {
database = "engelsystem";
host = "localhost";
username = "engelsystem";
};
}Example:
{
autoarrive = true;
database = {
database = "engelsystem";
host = "database.example.com";
password = {
_secret = "/var/keys/engelsystem/database";
};
username = "engelsystem";
};
default_locale = "de_DE";
email = {
driver = "smtp";
encryption = "tls";
from = {
address = "engelsystem@example.com";
name = "example engelsystem";
};
host = "smtp.example.com";
password = {
_secret = "/var/keys/engelsystem/mail";
};
port = 587;
username = "engelsystem@example.com";
};
maintenance = false;
min_password_length = 6;
}Declared by:
<nixpkgs/nixos/modules/services/web-apps/engelsystem.nix>
|
services.engelsystem.createDatabaseWhether to create a local database automatically.
This will override every database setting in services.engelsystem.config.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/engelsystem.nix>
|
services.engelsystem.domainDomain to serve on.
Type: string
Example: "engelsystem.example.com"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/engelsystem.nix>
|
services.envoy.enableWhether to enable Envoy reverse proxy.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/envoy.nix>
|
services.envoy.settingsSpecify the configuration for Envoy in Nix.
Type: JSON value
Default: { }
Example:
{
admin = {
access_log_path = "/dev/null";
address = {
socket_address = {
protocol = "TCP";
address = "127.0.0.1";
port_value = 9901;
};
};
};
static_resources = {
listeners = [];
clusters = [];
};
}
Declared by:
<nixpkgs/nixos/modules/services/networking/envoy.nix>
|
services.epgstation.enableWhether to enable EPGStation: DVR system for Mirakurun-managed TV tuners.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/video/epgstation/default.nix>
|
services.epgstation.packageepgstation package to use
Type: package
Default: pkgs.epgstation
Declared by:
<nixpkgs/nixos/modules/services/video/epgstation/default.nix>
|
services.epgstation.database.nameName of the MySQL database that holds EPGStation's data.
Type: string
Default: "epgstation"
Declared by:
<nixpkgs/nixos/modules/services/video/epgstation/default.nix>
|
services.epgstation.database.passwordFileA file containing the password for the database named
database.name.
Type: path
Example: "/run/keys/epgstation-db-password"
Declared by:
<nixpkgs/nixos/modules/services/video/epgstation/default.nix>
|
services.epgstation.openFirewallOpen ports in the firewall for the EPGStation web interface.
Exposing EPGStation to the open internet is generally advised against. Only use it inside a trusted local network, or consider putting it behind a VPN if you want remote access.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/video/epgstation/default.nix>
|
services.epgstation.settingsOptions to add to config.yml.
Documentation: https://github.com/l3tnun/EPGStation/blob/master/doc/conf-manual.md
Type: YAML value
Default: { }
Example:
{
conflictPriority = 10;
recPriority = 20;
}Declared by:
<nixpkgs/nixos/modules/services/video/epgstation/default.nix>
|
services.epgstation.settings.clientSocketioPortSocket.io port that the web client is going to connect to. This may
be different from services.epgstation.settings.socketioPort if
EPGStation is hidden behind a reverse proxy.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: config.services.epgstation.settings.socketioPort
Declared by:
<nixpkgs/nixos/modules/services/video/epgstation/default.nix>
|
services.epgstation.settings.concurrentEncodeNumThe maximum number of encoding jobs that EPGStation would run at the same time.
Type: positive integer, meaning >0
Default: 1
Declared by:
<nixpkgs/nixos/modules/services/video/epgstation/default.nix>
|
services.epgstation.settings.encodeEncoding presets for recorded videos.
Type: list of (attribute set)
Default:
[
{
name = "H.264";
cmd = "%NODE% config.services.epgstation.package/libexec/enc.js";
suffix = ".mp4";
}
]
Declared by:
<nixpkgs/nixos/modules/services/video/epgstation/default.nix>
|
services.epgstation.settings.encodeProcessNumThe maximum number of processes that EPGStation would allow to run at the same time for encoding or streaming videos.
Type: positive integer, meaning >0
Default: 4
Declared by:
<nixpkgs/nixos/modules/services/video/epgstation/default.nix>
|
services.epgstation.settings.mirakurunPathURL to connect to Mirakurun.
Type: string
Default:
"http+unix://${lib.replaceStrings ["/"] ["%2F"] config.services.mirakurun.unixSocket}"
Example: "http://localhost:40772"
Declared by:
<nixpkgs/nixos/modules/services/video/epgstation/default.nix>
|
services.epgstation.settings.portHTTP port for EPGStation to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 20772
Declared by:
<nixpkgs/nixos/modules/services/video/epgstation/default.nix>
|
services.epgstation.settings.socketioPortSocket.io port for EPGStation to listen on. It is valid to share
ports with services.epgstation.settings.port.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: config.services.epgstation.settings.port + 1
Declared by:
<nixpkgs/nixos/modules/services/video/epgstation/default.nix>
|
services.epgstation.usePreconfiguredStreamingUse preconfigured default streaming options.
Upstream defaults: https://github.com/l3tnun/EPGStation/blob/master/config/config.yml.template
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/video/epgstation/default.nix>
|
services.epmd.enableWhether to enable socket activation for Erlang Port Mapper Daemon (epmd), which acts as a name server on all hosts involved in distributed Erlang computations.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/epmd.nix>
|
services.epmd.packageThe Erlang package to use to get epmd binary. That way you can re-use an Erlang runtime that is already installed for other purposes.
Type: package
Default: pkgs.erlang
Declared by:
<nixpkgs/nixos/modules/services/networking/epmd.nix>
|
services.epmd.listenStreamthe listenStream used by the systemd socket. see https://www.freedesktop.org/software/systemd/man/systemd.socket.html#ListenStream= for more information. use this to change the port epmd will run on. if not defined, epmd will use "[::]:4369"
Type: string
Default: "[::]:4369"
Declared by:
<nixpkgs/nixos/modules/services/networking/epmd.nix>
|
services.ergo.enableWhether to enable Ergo service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/ergo.nix>
|
services.ergo.api.keyHashHex-encoded Blake2b256 hash of an API key as a 64-chars long Base16 string.
Type: null or string
Default: null
Example: "324dcf027dd4a30a932c441f365a25e86b173defa4b8e58948253471b81b72cf"
Declared by:
<nixpkgs/nixos/modules/services/networking/ergo.nix>
|
services.ergo.api.listen.ipIP address that the Ergo node API should listen on if api.keyHash is defined.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/networking/ergo.nix>
|
services.ergo.api.listen.portListen port for the API endpoint if api.keyHash is defined.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9052
Declared by:
<nixpkgs/nixos/modules/services/networking/ergo.nix>
|
services.ergo.dataDirThe data directory for the Ergo node.
Type: path
Default: "/var/lib/ergo"
Declared by:
<nixpkgs/nixos/modules/services/networking/ergo.nix>
|
services.ergo.groupThe group as which to run the Ergo node.
Type: string
Default: config.services.ergo.user
Declared by:
<nixpkgs/nixos/modules/services/networking/ergo.nix>
|
services.ergo.listen.ipIP address on which the Ergo node should listen.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/networking/ergo.nix>
|
services.ergo.listen.portListen port for the Ergo node.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9006
Declared by:
<nixpkgs/nixos/modules/services/networking/ergo.nix>
|
services.ergo.openFirewallOpen ports in the firewall for the Ergo node as well as the API.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/ergo.nix>
|
services.ergo.testnetConnect to testnet network instead of the default mainnet.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/ergo.nix>
|
services.ergo.userThe user as which to run the Ergo node.
Type: string
Default: "ergo"
Declared by:
<nixpkgs/nixos/modules/services/networking/ergo.nix>
|
services.ergochat.enableWhether to enable Ergo IRC daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/ergochat.nix>
|
services.ergochat.configFilePath to configuration file.
Setting this will skip any configuration done via settings
Type: path
Default: generated config file from settings
Declared by:
<nixpkgs/nixos/modules/services/networking/ergochat.nix>
|
services.ergochat.openFilesLimitMaximum number of open files. Limits the clients and server connections.
Type: signed integer
Default: 1024
Declared by:
<nixpkgs/nixos/modules/services/networking/ergochat.nix>
|
services.ergochat.settingsErgo IRC daemon configuration file. https://raw.githubusercontent.com/ergochat/ergo/master/default.yaml
Type: YAML value
Default:
{
accounts = {
authentication-enabled = true;
multiclient = {
allowed-by-default = true;
always-on = "opt-out";
auto-away = "opt-out";
enabled = true;
};
registration = {
allow-before-connect = true;
bcrypt-cost = 4;
email-verification = {
enabled = false;
};
enabled = true;
throttling = {
duration = "10m";
enabled = true;
max-attempts = 30;
};
};
};
channels = {
default-modes = "+ntC";
registration = {
enabled = true;
};
};
datastore = {
autoupgrade = true;
path = "/var/lib/ergo/ircd.db";
};
history = {
autoreplay-on-join = 0;
autoresize-window = "3d";
channel-length = 2048;
chathistory-maxmessages = 100;
client-length = 256;
enabled = true;
restrictions = {
expire-time = "1w";
grace-period = "1h";
query-cutoff = "none";
};
retention = {
allow-individual-delete = false;
enable-account-indexing = false;
};
tagmsg-storage = {
default = false;
whitelist = [
"+draft/react"
"+react"
];
};
znc-maxmessages = 2048;
};
limits = {
awaylen = 390;
channellen = 64;
identlen = 20;
kicklen = 390;
nicklen = 32;
topiclen = 390;
};
network = {
name = "testnetwork";
};
server = {
casemapping = "permissive";
check-ident = false;
enforce-utf = true;
forward-confirm-hostnames = false;
ip-cloaking = {
enabled = false;
};
ip-limits = {
count = false;
throttle = false;
};
listeners = {
":6667" = { };
};
lookup-hostnames = false;
max-sendq = "1M";
name = "example.com";
relaymsg = {
enabled = false;
};
};
}Declared by:
<nixpkgs/nixos/modules/services/networking/ergochat.nix>
|
services.erigon.enableWhether to enable Ethereum implementation on the efficiency frontier.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/blockchain/ethereum/erigon.nix>
|
services.erigon.extraArgsAdditional arguments passed to Erigon
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/blockchain/ethereum/erigon.nix>
|
services.erigon.secretJwtPathPath to the secret jwt used for the http api authentication.
Type: path
Default: ""
Example: "config.age.secrets.ERIGON_JWT.path"
Declared by:
<nixpkgs/nixos/modules/services/blockchain/ethereum/erigon.nix>
|
services.erigon.settingsConfiguration for Erigon Refer to https://github.com/ledgerwatch/erigon#usage for details on supported values.
Type: TOML value
Example:
{
"authrpc.port" = 8551;
chain = "mainnet";
datadir = "/var/lib/erigon";
http = true;
"http.api" = [
"eth"
"debug"
"net"
"trace"
"web3"
"erigon"
];
"http.port" = 8545;
"log.console.verbosity" = 3;
port = 30303;
"private.api.addr" = "localhost:9090";
"torrent.port" = 42069;
ws = true;
}Declared by:
<nixpkgs/nixos/modules/services/blockchain/ethereum/erigon.nix>
|
services.errbot.instancesErrbot instance configs
Type: attribute set of (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/misc/errbot.nix>
|
services.errbot.instances.<name>.adminsList of identifiers of errbot admins.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/misc/errbot.nix>
|
services.errbot.instances.<name>.backendErrbot backend name.
Type: string
Default: "XMPP"
Declared by:
<nixpkgs/nixos/modules/services/misc/errbot.nix>
|
services.errbot.instances.<name>.dataDirData directory for errbot instance.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/errbot.nix>
|
services.errbot.instances.<name>.extraConfigString to be appended to the config verbatim
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/misc/errbot.nix>
|
services.errbot.instances.<name>.identityErrbot identity configuration
Type: attribute set
Declared by:
<nixpkgs/nixos/modules/services/misc/errbot.nix>
|
services.errbot.instances.<name>.logLevelErrbot log level
Type: string
Default: "INFO"
Declared by:
<nixpkgs/nixos/modules/services/misc/errbot.nix>
|
services.errbot.instances.<name>.pluginsList of errbot plugin derivations.
Type: list of package
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/misc/errbot.nix>
|
services.espanso.enableWhether to enable Espanso.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/desktops/espanso.nix>
|
services.etcd.enableWhether to enable etcd.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/etcd.nix>
|
services.etcd.advertiseClientUrlsEtcd list of this member's client URLs to advertise to the rest of the cluster.
Type: list of string
Default: config.services.etcd.listenClientUrls
Declared by:
<nixpkgs/nixos/modules/services/misc/etcd.nix>
|
services.etcd.certFileCert file to use for clients
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/etcd.nix>
|
services.etcd.clientCertAuthWhether to use certs for client authentication
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/etcd.nix>
|
services.etcd.dataDirEtcd data directory.
Type: path
Default: "/var/lib/etcd"
Declared by:
<nixpkgs/nixos/modules/services/misc/etcd.nix>
|
services.etcd.discoveryEtcd discovery url
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/misc/etcd.nix>
|
services.etcd.extraConfEtcd extra configuration. See https://github.com/coreos/etcd/blob/master/Documentation/op-guide/configuration.md#configuration-flags
Type: attribute set of string
Default: { }
Example:
{
"CORS" = "*";
"NAME" = "default-name";
"MAX_RESULT_BUFFER" = "1024";
"MAX_CLUSTER_SIZE" = "9";
"MAX_RETRY_ATTEMPTS" = "3";
}
Declared by:
<nixpkgs/nixos/modules/services/misc/etcd.nix>
|
services.etcd.initialAdvertisePeerUrlsEtcd list of this member's peer URLs to advertise to rest of the cluster.
Type: list of string
Default: config.services.etcd.listenPeerUrls
Declared by:
<nixpkgs/nixos/modules/services/misc/etcd.nix>
|
services.etcd.initialClusterEtcd initial cluster configuration for bootstrapping.
Type: list of string
Default: ["${config.services.etcd.name}=http://127.0.0.1:2380"]
Declared by:
<nixpkgs/nixos/modules/services/misc/etcd.nix>
|
services.etcd.initialClusterStateEtcd initial cluster configuration for bootstrapping.
Type: one of "new", "existing"
Default: "new"
Declared by:
<nixpkgs/nixos/modules/services/misc/etcd.nix>
|
services.etcd.initialClusterTokenEtcd initial cluster token for etcd cluster during bootstrap.
Type: string
Default: "etcd-cluster"
Declared by:
<nixpkgs/nixos/modules/services/misc/etcd.nix>
|
services.etcd.keyFileKey file to use for clients
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/etcd.nix>
|
services.etcd.listenClientUrlsEtcd list of URLs to listen on for client traffic.
Type: list of string
Default:
[ "http://127.0.0.1:2379" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/etcd.nix>
|
services.etcd.listenPeerUrlsEtcd list of URLs to listen on for peer traffic.
Type: list of string
Default:
[ "http://127.0.0.1:2380" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/etcd.nix>
|
services.etcd.nameEtcd unique node name.
Type: string
Default: config.networking.hostName
Declared by:
<nixpkgs/nixos/modules/services/misc/etcd.nix>
|
services.etcd.peerCertFileCert file to use for peer to peer communication
Type: null or path
Default: config.services.etcd.certFile
Declared by:
<nixpkgs/nixos/modules/services/misc/etcd.nix>
|
services.etcd.peerClientCertAuthWhether to check all incoming peer requests from the cluster for valid client certificates signed by the supplied CA
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/etcd.nix>
|
services.etcd.peerKeyFileKey file to use for peer to peer communication
Type: null or path
Default: config.services.etcd.keyFile
Declared by:
<nixpkgs/nixos/modules/services/misc/etcd.nix>
|
services.etcd.peerTrustedCaFileCertificate authority file to use for peer to peer communication
Type: null or path
Default: config.services.etcd.trustedCaFile
Declared by:
<nixpkgs/nixos/modules/services/misc/etcd.nix>
|
services.etcd.trustedCaFileCertificate authority file to use for clients
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/etcd.nix>
|
services.etebase-server.enableWhether to enable the Etebase server.
Once enabled you need to create an admin user by invoking the
shell command etebase-server createsuperuser with
the user specified by the user option or a superuser.
Then you can login and create accounts on your-etebase-server.com/admin
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/etebase-server.nix>
|
services.etebase-server.dataDirDirectory to store the Etebase server data.
Type: string
Default: "/var/lib/etebase-server"
Declared by:
<nixpkgs/nixos/modules/services/misc/etebase-server.nix>
|
services.etebase-server.openFirewallWhether to open ports in the firewall for the server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/etebase-server.nix>
|
services.etebase-server.portPort to listen on.
Type: null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8001
Declared by:
<nixpkgs/nixos/modules/services/misc/etebase-server.nix>
|
services.etebase-server.settingsConfiguration for etebase-server. Refer to
https://github.com/etesync/server/blob/master/etebase-server.ini.example
and https://github.com/etesync/server/wiki
for details on supported values.
Type: attribute set of attribute set of (INI atom (null, bool, int, float or string))
Default: { }
Example:
{
allowed_hosts = {
allowed_host2 = "localhost";
};
global = {
debug = true;
media_root = "/path/to/media";
};
}Declared by:
<nixpkgs/nixos/modules/services/misc/etebase-server.nix>
|
services.etebase-server.settings.allowed_hosts.allowed_host1The main host that is allowed access.
Type: string
Default: "0.0.0.0"
Example: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/misc/etebase-server.nix>
|
services.etebase-server.settings.database.engineThe database engine to use.
Type: one of "django.db.backends.sqlite3", "django.db.backends.postgresql"
Default: "django.db.backends.sqlite3"
Declared by:
<nixpkgs/nixos/modules/services/misc/etebase-server.nix>
|
services.etebase-server.settings.database.nameThe database name.
Type: string
Default: "${config.services.etebase-server.dataDir}/db.sqlite3"
Declared by:
<nixpkgs/nixos/modules/services/misc/etebase-server.nix>
|
services.etebase-server.settings.global.debugWhether to set django's DEBUG flag.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/etebase-server.nix>
|
services.etebase-server.settings.global.media_rootThe media directory.
Type: string
Default: "${config.services.etebase-server.dataDir}/media"
Declared by:
<nixpkgs/nixos/modules/services/misc/etebase-server.nix>
|
services.etebase-server.settings.global.secret_fileThe path to a file containing the secret used as django's SECRET_KEY.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/etebase-server.nix>
|
services.etebase-server.settings.global.static_rootThe directory for static files.
Type: string
Default: "${config.services.etebase-server.dataDir}/static"
Declared by:
<nixpkgs/nixos/modules/services/misc/etebase-server.nix>
|
services.etebase-server.unixSocketThe path to the socket to bind to.
Type: null or string
Default: null
Example: "/run/etebase-server/etebase-server.sock"
Declared by:
<nixpkgs/nixos/modules/services/misc/etebase-server.nix>
|
services.etebase-server.userUser under which Etebase server runs.
Type: string
Default: "etebase-server"
Declared by:
<nixpkgs/nixos/modules/services/misc/etebase-server.nix>
|
services.eternal-terminal.enableWhether to enable Eternal Terminal server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/eternal-terminal.nix>
|
services.eternal-terminal.logSizeThe maximum log size.
Type: signed integer
Default: 20971520
Declared by:
<nixpkgs/nixos/modules/services/networking/eternal-terminal.nix>
|
services.eternal-terminal.portThe port the server should listen on. Will use the server's default (2022) if not specified.
Make sure to open this port in the firewall if necessary.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 2022
Declared by:
<nixpkgs/nixos/modules/services/networking/eternal-terminal.nix>
|
services.eternal-terminal.silentIf enabled, disables all logging.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/eternal-terminal.nix>
|
services.eternal-terminal.verbosityThe verbosity level (0-9).
Type: one of 0, 1, 2, 3, 4, 5, 6, 7, 8, 9
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/networking/eternal-terminal.nix>
|
services.etesync-dav.enableWhether to enable etesync-dav.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/etesync-dav.nix>
|
services.etesync-dav.apiUrlThe url to the etesync API.
Type: string
Default: "https://api.etesync.com/"
Declared by:
<nixpkgs/nixos/modules/services/misc/etesync-dav.nix>
|
services.etesync-dav.hostThe server host address.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/misc/etesync-dav.nix>
|
services.etesync-dav.openFirewallWhether to open the firewall for the specified port.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/etesync-dav.nix>
|
services.etesync-dav.portThe server host port.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 37358
Declared by:
<nixpkgs/nixos/modules/services/misc/etesync-dav.nix>
|
services.etesync-dav.sslCertificatePath to server SSL certificate. It will be copied into etesync-dav's data directory.
Type: null or path
Default: null
Example: "/var/etesync.crt"
Declared by:
<nixpkgs/nixos/modules/services/misc/etesync-dav.nix>
|
services.etesync-dav.sslCertificateKeyPath to server SSL certificate key. It will be copied into etesync-dav's data directory.
Type: null or path
Default: null
Example: "/var/etesync.key"
Declared by:
<nixpkgs/nixos/modules/services/misc/etesync-dav.nix>
|
services.ethercalc.enableethercalc, an online collaborative spreadsheet server.
Persistent state will be maintained under
/var/lib/ethercalc. Upstream supports using a
redis server for storage and recommends the redis backend for
intensive use; however, the Nix module doesn't currently support
redis.
Note that while ethercalc is a good and robust project with an active issue tracker, there haven't been new commits since the end of 2020.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/ethercalc.nix>
|
services.ethercalc.packageEthercalc package to use.
Type: package
Default: pkgs.ethercalc
Declared by:
<nixpkgs/nixos/modules/services/web-apps/ethercalc.nix>
|
services.ethercalc.hostAddress to listen on (use 0.0.0.0 to allow access from any address).
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/ethercalc.nix>
|
services.ethercalc.portPort to bind to.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8000
Declared by:
<nixpkgs/nixos/modules/services/web-apps/ethercalc.nix>
|
services.evcc.enableWhether to enable EVCC, the extensible EV Charge Controller with PV integration.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/home-automation/evcc.nix>
|
services.evcc.extraArgsExtra arguments to pass to the evcc executable.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/home-automation/evcc.nix>
|
services.evcc.settingsevcc configuration as a Nix attribute set.
Check for possible options in the sample [evcc.dist.yaml](https://github.com/andig/evcc/blob/0.109.2/evcc.dist.yaml].
Type: YAML value
Declared by:
<nixpkgs/nixos/modules/services/home-automation/evcc.nix>
|
services.exhibitor.enableWhether to enable exhibitor server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
|
services.exhibitor.autoManageInstancesAutomatically manage ZooKeeper instances in the ensemble
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
|
services.exhibitor.baseDirBaseline directory for exhibitor runtime config.
Type: string
Default: "/var/exhibitor"
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
|
services.exhibitor.configCheckMsPeriod (ms) to check for shared config updates.
Type: signed integer
Default: 30000
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
|
services.exhibitor.configTypeWhich configuration type you want to use. Additional config will be required depending on which type you are using.
Type: one of "file", "s3", "zookeeper", "none"
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
|
services.exhibitor.extraConfExtra Exhibitor configuration to put in the ZooKeeper config file.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
|
services.exhibitor.fileSystemBackupEnables file system backup of ZooKeeper log files
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
|
services.exhibitor.fsConfigDirDirectory to store Exhibitor properties (cannot be used with s3config). Exhibitor uses file system locks so you can specify a shared location so as to enable complete ensemble management.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
|
services.exhibitor.fsConfigLockPrefixA prefix for a locking mechanism used in conjunction with fsconfigdir
Type: string
Default: "exhibitor-lock-"
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
|
services.exhibitor.fsConfigNameThe name of the file to store config in
Type: string
Default: "exhibitor.properties"
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
|
services.exhibitor.headingTextExtra text to display in UI header
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
|
services.exhibitor.hostnameHostname to use and advertise
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
|
services.exhibitor.jqueryStyleStyling used for the JQuery-based UI.
Type: one of "red", "black", "custom"
Default: "red"
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
|
services.exhibitor.logLinesMax lines of logging to keep in memory for display.
Type: signed integer
Default: 1000
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
|
services.exhibitor.nodeModificationWhether the Explorer UI will allow nodes to be modified (use with caution).
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
|
services.exhibitor.portThe port for exhibitor to listen on and communicate with other exhibitors.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8080
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
|
services.exhibitor.s3BackupWhether to enable backups to S3
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
|
services.exhibitor.s3Config.bucketNameBucket name to store config
Type: string
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
|
services.exhibitor.s3Config.configPrefixWhen using AWS S3 shared config files, the prefix to use for values such as locks
Type: string
Default: "exhibitor-"
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
|
services.exhibitor.s3Config.objectKeyS3 key name to store the config
Type: string
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
|
services.exhibitor.s3CredentialsOptional credentials to use for s3backup or s3config. Argument is the path to an AWS credential properties file with two properties: com.netflix.exhibitor.s3.access-key-id and com.netflix.exhibitor.s3.access-secret-key
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
|
services.exhibitor.s3RegionOptional region for S3 calls
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
|
services.exhibitor.servoZooKeeper will be queried once a minute for its state via the 'mntr' four letter word (this requires ZooKeeper 3.4.x+). Servo will be used to publish this data via JMX.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
|
services.exhibitor.timeoutConnection timeout (ms) for ZK connections.
Type: signed integer
Default: 30000
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
|
services.exhibitor.zkCleanupPeriodHow often (in milliseconds) to run the Zookeeper log cleanup task.
Type: signed integer
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
|
services.exhibitor.zkClientPortZookeeper client port
Type: signed integer
Default: 2181
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
|
services.exhibitor.zkConfigConnectThe initial connection string for ZooKeeper shared config storage
Type: list of string
Example:
[ "host1:2181" "host2:2181" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
|
services.exhibitor.zkConfigExhibitorPathIf the ZooKeeper shared config is also running Exhibitor, the URI path for the REST call
Type: string
Default: "/"
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
|
services.exhibitor.zkConfigExhibitorPortIf the ZooKeeper shared config is also running Exhibitor, the port that Exhibitor is listening on. IMPORTANT: if this value is not set it implies that Exhibitor is not being used on the ZooKeeper shared config.
Type: null or signed integer
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
|
services.exhibitor.zkConfigPollMsThe period in ms to check for changes in the config ensemble
Type: signed integer
Default: 10000
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
|
services.exhibitor.zkConfigRetry.retryQuantityRetries connecting to the ZooKeeper config
Type: signed integer
Default: 3
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
|
services.exhibitor.zkConfigRetry.sleepMsRetry sleep time connecting to the ZooKeeper config
Type: signed integer
Default: 1000
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
|
services.exhibitor.zkConfigZPathThe base ZPath that Exhibitor should use
Type: string
Example: "/exhibitor/config"
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
|
services.exhibitor.zkConnectPortThe port to use for followers to talk to each other.
Type: signed integer
Default: 2888
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
|
services.exhibitor.zkDataDirThe Zookeeper data directory
Type: string
Default: "${config.services.exhibitor.baseDir}/zkData"
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
|
services.exhibitor.zkElectionPortThe port for Zookeepers to use for leader election.
Type: signed integer
Default: 3888
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
|
services.exhibitor.zkExtraCfgExtra options to pass into Zookeeper
Type: string
Default: "initLimit=5&syncLimit=2&tickTime=2000"
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
|
services.exhibitor.zkLogDirThe Zookeeper logs directory
Type: path
Default: "${config.services.exhibitor.baseDir}/zkLogs"
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
|
services.exhibitor.zkServersSpecZookeeper server spec for all servers in the ensemble.
Type: list of string
Default: [ ]
Example:
[ "S:1:zk1.example.com" "S:2:zk2.example.com" "S:3:zk3.example.com" "O:4:zk-observer.example.com" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/exhibitor.nix>
|
services.exim.enableWhether to enable the Exim mail transfer agent.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/mail/exim.nix>
|
services.exim.packageThe Exim derivation to use. This can be used to enable features such as LDAP or PAM support.
Type: package
Default: pkgs.exim
Declared by:
<nixpkgs/nixos/modules/services/mail/exim.nix>
|
services.exim.configVerbatim Exim configuration. This should not contain exim_user, exim_group, exim_path, or spool_directory.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/mail/exim.nix>
|
services.exim.groupGroup to use when no root privileges are required.
Type: string
Default: "exim"
Declared by:
<nixpkgs/nixos/modules/services/mail/exim.nix>
|
services.exim.queueRunnerIntervalHow often to spawn a new queue runner.
Type: string
Default: "5m"
Declared by:
<nixpkgs/nixos/modules/services/mail/exim.nix>
|
services.exim.spoolDirLocation of the spool directory of exim.
Type: path
Default: "/var/spool/exim"
Declared by:
<nixpkgs/nixos/modules/services/mail/exim.nix>
|
services.exim.userUser to use when no root privileges are required. In particular, this applies when receiving messages and when doing remote deliveries. (Local deliveries run as various non-root users, typically as the owner of a local mailbox.) Specifying this value as root is not supported.
Type: string
Default: "exim"
Declared by:
<nixpkgs/nixos/modules/services/mail/exim.nix>
|
services.expressvpn.enableEnable the ExpressVPN daemon.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/expressvpn.nix>
|
services.factorio.enableWhether to enable Factorio.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/games/factorio.nix>
|
services.factorio.packageFactorio version to use. This defaults to the stable channel.
Type: package
Default: pkgs.factorio-headless
Example: pkgs.factorio-headless-experimental
Declared by:
<nixpkgs/nixos/modules/services/games/factorio.nix>
|
services.factorio.adminsList of player names which will be admin.
Type: list of string
Default: [ ]
Example:
[ "username" ]
Declared by:
<nixpkgs/nixos/modules/services/games/factorio.nix>
|
services.factorio.autosave-intervalAutosave interval in minutes.
Type: null or signed integer
Default: null
Example: 10
Declared by:
<nixpkgs/nixos/modules/services/games/factorio.nix>
|
services.factorio.bindThe address to which the service should bind.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/games/factorio.nix>
|
services.factorio.configFileThe server's configuration file.
The default file generated by this module contains lines essential to the server's operation. Use its contents as a basis for any customizations.
Type: path
Default: configFile
Declared by:
<nixpkgs/nixos/modules/services/games/factorio.nix>
|
services.factorio.descriptionDescription of the game that will appear in the listing.
Type: null or string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/games/factorio.nix>
|
services.factorio.extraSettingsExtra game configuration that will go into server-settings.json
Type: attribute set
Default: { }
Example:
{
admins = [
"username"
];
}Declared by:
<nixpkgs/nixos/modules/services/games/factorio.nix>
|
services.factorio.game-nameName of the game as it will appear in the game listing.
Type: null or string
Default: "Factorio Game"
Declared by:
<nixpkgs/nixos/modules/services/games/factorio.nix>
|
services.factorio.game-passwordGame password.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/games/factorio.nix>
|
services.factorio.lanGame will be broadcast on LAN.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/games/factorio.nix>
|
services.factorio.loadLatestSaveLoad the latest savegame on startup. This overrides saveName, in that the latest save will always be used even if a saved game of the given name exists. It still controls the 'canonical' name of the savegame.
Set this to true to have the server automatically reload a recent autosave after a crash or desync.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/games/factorio.nix>
|
services.factorio.modsMods the server should install and activate.
The derivations in this list must "build" the mod by simply copying the .zip, named correctly, into the output directory. Eventually, there will be a way to pull in the most up-to-date list of derivations via nixos-channel. Until then, this is for experts only.
Type: list of package
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/games/factorio.nix>
|
services.factorio.mods-datMods settings can be changed by specifying a dat file, in the mod settings file format.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/games/factorio.nix>
|
services.factorio.nonBlockingSavingHighly experimental feature, enable only at your own risk of losing your saves. On UNIX systems, server will fork itself to create an autosave. Autosaving on connected Windows clients will be disabled regardless of autosave_only_on_server option.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/games/factorio.nix>
|
services.factorio.openFirewallWhether to automatically open the specified UDP port in the firewall.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/games/factorio.nix>
|
services.factorio.passwordYour factorio.com login credentials. Required for games with visibility public.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/games/factorio.nix>
|
services.factorio.portThe port to which the service should bind.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 34197
Declared by:
<nixpkgs/nixos/modules/services/games/factorio.nix>
|
services.factorio.publicGame will be published on the official Factorio matching server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/games/factorio.nix>
|
services.factorio.requireUserVerificationWhen set to true, the server will only allow clients that have a valid factorio.com account.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/games/factorio.nix>
|
services.factorio.saveNameThe name of the savegame that will be used by the server.
When not present in /var/lib/${config.services.factorio.stateDirName}/saves, a new map with default settings will be generated before starting the service.
Type: string
Default: "default"
Declared by:
<nixpkgs/nixos/modules/services/games/factorio.nix>
|
services.factorio.stateDirNameName of the directory under /var/lib holding the server's data.
The configuration and map will be stored here.
Type: string
Default: "factorio"
Declared by:
<nixpkgs/nixos/modules/services/games/factorio.nix>
|
services.factorio.tokenAuthentication token. May be used instead of 'password' above.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/games/factorio.nix>
|
services.factorio.usernameYour factorio.com login credentials. Required for games with visibility public.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/games/factorio.nix>
|
services.fail2ban.enableWhether to enable the fail2ban service.
See the documentation of services.fail2ban.jails
for what jails are enabled by default.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/security/fail2ban.nix>
|
services.fail2ban.packageThe fail2ban package to use for running the fail2ban service.
Type: package
Default: pkgs.fail2ban
Example: pkgs.fail2ban_0_11
Declared by:
<nixpkgs/nixos/modules/services/security/fail2ban.nix>
|
services.fail2ban.packageFirewallThe firewall package used by fail2ban service.
Type: package
Default: pkgs.iptables
Example: pkgs.nftables
Declared by:
<nixpkgs/nixos/modules/services/security/fail2ban.nix>
|
services.fail2ban.banactionDefault banning action (e.g. iptables, iptables-new, iptables-multiport, iptables-ipset-proto6-allports, shorewall, etc) It is used to define action_* variables. Can be overridden globally or per section within jail.local file
Type: string
Default: "iptables-multiport"
Example: "nftables-multiport"
Declared by:
<nixpkgs/nixos/modules/services/security/fail2ban.nix>
|
services.fail2ban.banaction-allportsDefault banning action (e.g. iptables, iptables-new, iptables-multiport, shorewall, etc) It is used to define action_* variables. Can be overridden globally or per section within jail.local file
Type: string
Default: "iptables-allport"
Example: "nftables-allport"
Declared by:
<nixpkgs/nixos/modules/services/security/fail2ban.nix>
|
services.fail2ban.bantime-increment.enableAllows to use database for searching of previously banned ip's to increase a default ban time using special formula, default it is banTime * 1, 2, 4, 8, 16, 32...
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/security/fail2ban.nix>
|
services.fail2ban.bantime-increment.factor"bantime-increment.factor" is a coefficient to calculate exponent growing of the formula or common multiplier, default value of factor is 1 and with default value of formula, the ban time grows by 1, 2, 4, 8, 16 ...
Type: string
Default: "1"
Example: "4"
Declared by:
<nixpkgs/nixos/modules/services/security/fail2ban.nix>
|
services.fail2ban.bantime-increment.formula"bantime-increment.formula" used by default to calculate next value of ban time, default value bellow, the same ban time growing will be reached by multipliers 1, 2, 4, 8, 16, 32...
Type: string
Default: "ban.Time * (1<<(ban.Count if ban.Count<20 else 20)) * banFactor"
Example: "ban.Time * math.exp(float(ban.Count+1)*banFactor)/math.exp(1*banFactor)"
Declared by:
<nixpkgs/nixos/modules/services/security/fail2ban.nix>
|
services.fail2ban.bantime-increment.maxtime"bantime-increment.maxtime" is the max number of seconds using the ban time can reach (don't grows further)
Type: string
Default: "10h"
Example: "48h"
Declared by:
<nixpkgs/nixos/modules/services/security/fail2ban.nix>
|
services.fail2ban.bantime-increment.multipliers"bantime-increment.multipliers" used to calculate next value of ban time instead of formula, corresponding previously ban count and given "bantime.factor" (for multipliers default is 1); following example grows ban time by 1, 2, 4, 8, 16 ... and if last ban count greater as multipliers count, always used last multiplier (64 in example), for factor '1' and original ban time 600 - 10.6 hours
Type: string
Default: "1 2 4 8 16 32 64"
Example: "2 4 16 128"
Declared by:
<nixpkgs/nixos/modules/services/security/fail2ban.nix>
|
services.fail2ban.bantime-increment.overalljails"bantime-increment.overalljails" (if true) specifies the search of IP in the database will be executed cross over all jails, if false (default), only current jail of the ban IP will be searched
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/security/fail2ban.nix>
|
services.fail2ban.bantime-increment.rndtime"bantime-increment.rndtime" is the max number of seconds using for mixing with random time to prevent "clever" botnets calculate exact time IP can be unbanned again
Type: string
Default: "4m"
Example: "8m"
Declared by:
<nixpkgs/nixos/modules/services/security/fail2ban.nix>
|
services.fail2ban.daemonConfigThe contents of Fail2ban's main configuration file. It's generally not necessary to change it.
Type: strings concatenated with "\n"
Default:
'' [Definition] logtarget = SYSLOG socket = /run/fail2ban/fail2ban.sock pidfile = /run/fail2ban/fail2ban.pid dbfile = /var/lib/fail2ban/fail2ban.sqlite3 ''
Declared by:
<nixpkgs/nixos/modules/services/security/fail2ban.nix>
|
services.fail2ban.extraPackagesExtra packages to be made available to the fail2ban service. The example contains
the packages needed by the iptables-ipset-proto6 action.
Type: list of package
Default: [ ]
Example: [ pkgs.ipset ]
Declared by:
<nixpkgs/nixos/modules/services/security/fail2ban.nix>
|
services.fail2ban.ignoreIP"ignoreIP" can be a list of IP addresses, CIDR masks or DNS hosts. Fail2ban will not ban a host which matches an address in this list. Several addresses can be defined using space (and/or comma) separator.
Type: list of string
Default: [ ]
Example:
[ "192.168.0.0/16" "2001:DB8::42" ]
Declared by:
<nixpkgs/nixos/modules/services/security/fail2ban.nix>
|
services.fail2ban.jailsThe configuration of each Fail2ban “jail”. A jail
consists of an action (such as blocking a port using
iptables) that is triggered when a
filter applied to a log file triggers more than a certain
number of times in a certain time period. Actions are
defined in /etc/fail2ban/action.d,
while filters are defined in
/etc/fail2ban/filter.d.
NixOS comes with a default sshd jail;
for it to work well,
services.openssh.logLevel should be set to
"VERBOSE" or higher so that fail2ban
can observe failed login attempts.
This module sets it to "VERBOSE" if
not set otherwise, so enabling fail2ban can make SSH logs
more verbose.
Type: attribute set of strings concatenated with "\n"
Default: { }
Example:
{ apache-nohome-iptables = ''
# Block an IP address if it accesses a non-existent
# home directory more than 5 times in 10 minutes,
# since that indicates that it's scanning.
filter = apache-nohome
action = iptables-multiport[name=HTTP, port="http,https"]
logpath = /var/log/httpd/error_log*
backend = auto
findtime = 600
bantime = 600
maxretry = 5
'';
dovecot = ''
# block IPs which failed to log-in
# aggressive mode add blocking for aborted connections
enabled = true
filter = dovecot[mode=aggressive]
maxretry = 3
'';
}
Declared by:
<nixpkgs/nixos/modules/services/security/fail2ban.nix>
|
services.fail2ban.maxretryNumber of failures before a host gets banned.
Type: unsigned integer, meaning >=0
Default: 3
Declared by:
<nixpkgs/nixos/modules/services/security/fail2ban.nix>
|
services.fakeroute.enableWhether to enable the fakeroute service.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/fakeroute.nix>
|
services.fakeroute.routeFake route that will appear after the real one to any host running a traceroute.
Type: list of string
Default: [ ]
Example:
[ "216.102.187.130" "4.0.1.122" "198.116.142.34" "63.199.8.242" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/fakeroute.nix>
|
services.fcgiwrap.enableWhether to enable fcgiwrap, a server for running CGI applications over FastCGI.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/fcgiwrap.nix>
|
services.fcgiwrap.groupGroup permissions for the socket.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-servers/fcgiwrap.nix>
|
services.fcgiwrap.preforkProcessesNumber of processes to prefork.
Type: signed integer
Default: 1
Declared by:
<nixpkgs/nixos/modules/services/web-servers/fcgiwrap.nix>
|
services.fcgiwrap.socketAddressSocket address. In case of a UNIX socket, this should be its filesystem path.
Type: string
Default: "/run/fcgiwrap.sock"
Example: "1.2.3.4:5678"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/fcgiwrap.nix>
|
services.fcgiwrap.socketTypeSocket type: 'unix', 'tcp' or 'tcp6'.
Type: one of "unix", "tcp", "tcp6"
Default: "unix"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/fcgiwrap.nix>
|
services.fcgiwrap.userUser permissions for the socket.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-servers/fcgiwrap.nix>
|
services.fcron.enableWhether to enable the fcron daemon.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/scheduling/fcron.nix>
|
services.fcron.allowUsers allowed to use fcrontab and fcrondyn (one name per
line, all for everyone).
Type: list of string
Default:
[ "all" ]
Declared by:
<nixpkgs/nixos/modules/services/scheduling/fcron.nix>
|
services.fcron.denyUsers forbidden from using fcron.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/scheduling/fcron.nix>
|
services.fcron.maxSerialJobsMaximum number of serial jobs which can run simultaneously.
Type: signed integer
Default: 1
Declared by:
<nixpkgs/nixos/modules/services/scheduling/fcron.nix>
|
services.fcron.queuelenNumber of jobs the serial queue and the lavg queue can contain.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/scheduling/fcron.nix>
|
services.fcron.systabThe "system" crontab contents.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/scheduling/fcron.nix>
|
services.felix.enableWhether to enable the Apache Felix OSGi service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/felix.nix>
|
services.felix.bundlesList of bundles that should be activated on startup
Type: list of package
Default: [ pkgs.felix_remoteshell ]
Declared by:
<nixpkgs/nixos/modules/services/misc/felix.nix>
|
services.felix.groupGroup account under which Apache Felix runs.
Type: string
Default: "osgi"
Declared by:
<nixpkgs/nixos/modules/services/misc/felix.nix>
|
services.felix.userUser account under which Apache Felix runs.
Type: string
Default: "osgi"
Declared by:
<nixpkgs/nixos/modules/services/misc/felix.nix>
|
services.ferm.enableWhether to enable Ferm Firewall. Warning: Enabling this service WILL disable the existing NixOS firewall! Default firewall rules provided by packages are not considered at the moment.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/ferm.nix>
|
services.ferm.packageThe ferm package.
Type: package
Default: pkgs.ferm
Declared by:
<nixpkgs/nixos/modules/services/networking/ferm.nix>
|
services.ferm.configVerbatim ferm.conf configuration.
Type: strings concatenated with "\n"
Default: empty firewall, allows any traffic
Declared by:
<nixpkgs/nixos/modules/services/networking/ferm.nix>
|
services.filebeat.enableWhether to enable filebeat.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/logging/filebeat.nix>
|
services.filebeat.packageThe filebeat package to use.
Type: package
Default: pkgs.filebeat
Example: pkgs.filebeat7
Declared by:
<nixpkgs/nixos/modules/services/logging/filebeat.nix>
|
services.filebeat.inputsInputs specify how Filebeat locates and processes input data.
This is like services.filebeat.settings.filebeat.inputs,
but structured as an attribute set. This has the benefit
that multiple NixOS modules can contribute settings to a
single filebeat input.
An input type can be specified multiple times by choosing a
different <name> for each, but setting
services.filebeat.inputs.<name>.type
to the same value.
See https://www.elastic.co/guide/en/beats/filebeat/current/configuration-filebeat-options.html.
Type: attribute set of (JSON value)
Default: { }
Example:
{
journald.id = "everything"; # Only for filebeat7
log = {
enabled = true;
paths = [
"/var/log/*.log"
];
};
};
Declared by:
<nixpkgs/nixos/modules/services/logging/filebeat.nix>
|
services.filebeat.inputs.<name>.typeThe input type.
Look for the value after type: on
the individual input pages linked from
https://www.elastic.co/guide/en/beats/filebeat/current/configuration-filebeat-options.html.
Type: string
Default: "‹name›"
Declared by:
<nixpkgs/nixos/modules/services/logging/filebeat.nix>
|
services.filebeat.modulesFilebeat modules provide a quick way to get started processing common log formats. They contain default configurations, Elasticsearch ingest pipeline definitions, and Kibana dashboards to help you implement and deploy a log monitoring solution.
This is like services.filebeat.settings.filebeat.modules,
but structured as an attribute set. This has the benefit
that multiple NixOS modules can contribute settings to a
single filebeat module.
A module can be specified multiple times by choosing a
different <name> for each, but setting
services.filebeat.modules.<name>.module
to the same value.
See https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-modules.html.
Type: attribute set of (JSON value)
Default: { }
Example:
{
nginx = {
access = {
enabled = true;
var.paths = [ "/path/to/log/nginx/access.log*" ];
};
error = {
enabled = true;
var.paths = [ "/path/to/log/nginx/error.log*" ];
};
};
};
Declared by:
<nixpkgs/nixos/modules/services/logging/filebeat.nix>
|
services.filebeat.modules.<name>.moduleThe name of the module.
Look for the value after module: on
the individual input pages linked from
https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-modules.html.
Type: string
Default: "‹name›"
Declared by:
<nixpkgs/nixos/modules/services/logging/filebeat.nix>
|
services.filebeat.settingsConfiguration for filebeat. See https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-reference-yml.html for supported values.
Options containing secret data should be set to an attribute
set containing the attribute _secret - a
string pointing to a file containing the value the option
should be set to. See the example to get a better picture of
this: in the resulting
filebeat.yml file, the
output.elasticsearch.password
key will be set to the contents of the
/var/keys/elasticsearch_password file.
Type: JSON value
Default: { }
Example:
{
settings = {
output.elasticsearch = {
hosts = [ "myEShost:9200" ];
username = "filebeat_internal";
password = { _secret = "/var/keys/elasticsearch_password"; };
};
logging.level = "info";
};
};
Declared by:
<nixpkgs/nixos/modules/services/logging/filebeat.nix>
|
services.filebeat.settings.output.elasticsearch.hostsThe list of Elasticsearch nodes to connect to.
The events are distributed to these nodes in round
robin order. If one node becomes unreachable, the
event is automatically sent to another node. Each
Elasticsearch node can be defined as a URL or
IP:PORT. For example:
http://192.15.3.2,
https://es.found.io:9230 or
192.24.3.2:9300. If no port is
specified, 9200 is used.
Type: list of string
Default:
[ "127.0.0.1:9200" ]
Example:
[ "myEShost:9200" ]
Declared by:
<nixpkgs/nixos/modules/services/logging/filebeat.nix>
|
services.firebird.enableWhether to enable the Firebird super server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/databases/firebird.nix>
|
services.firebird.packageWhich Firebird package to be installed: pkgs.firebird_3
For SuperServer use override: pkgs.firebird_3.override { superServer = true; };
Type: package
Default: pkgs.firebird
Example: pkgs.firebird_3
Declared by:
<nixpkgs/nixos/modules/services/databases/firebird.nix>
|
services.firebird.baseDirLocation containing data/ and system/ directories. data/ stores the databases, system/ stores the password database security2.fdb.
Type: string
Default: "/var/lib/firebird"
Declared by:
<nixpkgs/nixos/modules/services/databases/firebird.nix>
|
services.firebird.portPort Firebird uses.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 3050
Declared by:
<nixpkgs/nixos/modules/services/databases/firebird.nix>
|
services.firebird.userUser account under which firebird runs.
Type: string
Default: "firebird"
Declared by:
<nixpkgs/nixos/modules/services/databases/firebird.nix>
|
services.firefox-syncserver.enableWhether to enable the Firefox Sync storage service.
Out of the box this will not be very useful unless you also configure at least one service and one nodes by inserting them into the mysql database manually, e.g. by running
INSERT INTO `services` (`id`, `service`, `pattern`) VALUES ('1', 'sync-1.5', '{node}/1.5/{uid}');
INSERT INTO `nodes` (`id`, `service`, `node`, `available`, `current_load`,
`capacity`, `downed`, `backoff`)
VALUES ('1', '1', 'https://mydomain.tld', '1', '0', '10', '0', '0');
services.firefox-syncserver.singleNode.enable does this automatically when enabled
.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/firefox-syncserver.nix>
|
services.firefox-syncserver.packagePackage to use.
Type: package
Default: pkgs.syncstorage-rs
Declared by:
<nixpkgs/nixos/modules/services/networking/firefox-syncserver.nix>
|
services.firefox-syncserver.database.createLocallyWhether to create database and user on the local machine if they do not exist. This includes enabling unix domain socket authentication for the configured user.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/firefox-syncserver.nix>
|
services.firefox-syncserver.database.hostDatabase host name. localhost is treated specially and inserts
systemd dependencies, other hostnames or IP addresses of the local machine do not.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/networking/firefox-syncserver.nix>
|
services.firefox-syncserver.database.nameDatabase to use for storage. Will be created automatically if it does not exist
and config.services.firefox-syncserver.database.createLocally is set.
Type: string matching the pattern [a-z_][a-z0-9_]*
Default: "firefox_syncserver"
Declared by:
<nixpkgs/nixos/modules/services/networking/firefox-syncserver.nix>
|
services.firefox-syncserver.database.userUsername for database connections.
Type: string
Default: "firefox-syncserver"
Declared by:
<nixpkgs/nixos/modules/services/networking/firefox-syncserver.nix>
|
services.firefox-syncserver.logLevelLog level to run with. This can be a simple log level like error
or trace, or a more complicated logging expression.
Type: string
Default: "error"
Declared by:
<nixpkgs/nixos/modules/services/networking/firefox-syncserver.nix>
|
services.firefox-syncserver.secretsA file containing the various secrets. Should be in the format expected by systemd's
EnvironmentFile directory. Two secrets are currently available:
SYNC_MASTER_SECRET and
SYNC_TOKENSERVER__FXA_METRICS_HASH_SECRET.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/networking/firefox-syncserver.nix>
|
services.firefox-syncserver.settingsSettings for the sync server. These take priority over values computed from NixOS options.
See the doc comments on the Settings structs in
https://github.com/mozilla-services/syncstorage-rs/blob/master/syncstorage/src/settings.rs
and
https://github.com/mozilla-services/syncstorage-rs/blob/master/syncstorage/src/tokenserver/settings.rs
for available options.
Type: TOML value
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/firefox-syncserver.nix>
|
services.firefox-syncserver.settings.portPort to bind to.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 5000
Declared by:
<nixpkgs/nixos/modules/services/networking/firefox-syncserver.nix>
|
services.firefox-syncserver.settings.tokenserver.enabledWhether to enable the token service as well.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/firefox-syncserver.nix>
|
services.firefox-syncserver.singleNode.enableWhether to enable auto-configuration for a simple single-node setup.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/firefox-syncserver.nix>
|
services.firefox-syncserver.singleNode.enableNginxWhether to enable nginx virtualhost definitions.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/firefox-syncserver.nix>
|
services.firefox-syncserver.singleNode.enableTLSWhether to enable automatic TLS setup.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/firefox-syncserver.nix>
|
services.firefox-syncserver.singleNode.capacityHow many sync accounts are allowed on this server. Setting this value equal to or less than the number of currently active accounts will effectively deny service to accounts not yet registered here.
Type: unsigned integer, meaning >=0
Default: 10
Declared by:
<nixpkgs/nixos/modules/services/networking/firefox-syncserver.nix>
|
services.firefox-syncserver.singleNode.hostnameHost name to use for this service.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/firefox-syncserver.nix>
|
services.firefox-syncserver.singleNode.urlURL of the host. If you are not using the automatic webserver proxy setup you will have to change this setting or your sync server may not be functional.
Type: string
Default:
${if cfg.singleNode.enableTLS then "https" else "http"}://${config.services.firefox-syncserver.singleNode.hostname}
Declared by:
<nixpkgs/nixos/modules/services/networking/firefox-syncserver.nix>
|
services.fireqos.enableIf enabled, FireQOS will be launched with the specified
configuration given in config.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/fireqos.nix>
|
services.fireqos.configThe FireQOS configuration goes here.
Type: string
Default: ""
Example:
''
interface wlp3s0 world-in input rate 10mbit ethernet
class web commit 50kbit
match tcp ports 80,443
interface wlp3s0 world-out input rate 10mbit ethernet
class web commit 50kbit
match tcp ports 80,443
''Declared by:
<nixpkgs/nixos/modules/services/networking/fireqos.nix>
|
services.flannel.enableWhether to enable flannel.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/flannel.nix>
|
services.flannel.packagePackage to use for flannel
Type: package
Default: pkgs.flannel
Declared by:
<nixpkgs/nixos/modules/services/networking/flannel.nix>
|
services.flannel.backendType of backend to use and specific configurations for that backend.
Type: attribute set
Default:
{
Type = "vxlan";
}Declared by:
<nixpkgs/nixos/modules/services/networking/flannel.nix>
|
services.flannel.etcd.caFileEtcd certificate authority file
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/flannel.nix>
|
services.flannel.etcd.certFileEtcd cert file
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/flannel.nix>
|
services.flannel.etcd.endpointsEtcd endpoints
Type: list of string
Default:
[ "http://127.0.0.1:2379" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/flannel.nix>
|
services.flannel.etcd.keyFileEtcd key file
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/flannel.nix>
|
services.flannel.etcd.prefixEtcd key prefix
Type: string
Default: "/coreos.com/network"
Declared by:
<nixpkgs/nixos/modules/services/networking/flannel.nix>
|
services.flannel.ifaceInterface to use (IP or name) for inter-host communication. Defaults to the interface for the default route on the machine.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/flannel.nix>
|
services.flannel.kubeconfigPath to kubeconfig to use for storing flannel config using the Kubernetes API
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/flannel.nix>
|
services.flannel.networkIPv4 network in CIDR format to use for the entire flannel network.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/flannel.nix>
|
services.flannel.nodeNameNeeded when running with Kubernetes as backend as this cannot be auto-detected";
Type: null or string
Default: config.networking.fqdnOrHostName
Example: "node1.example.com"
Declared by:
<nixpkgs/nixos/modules/services/networking/flannel.nix>
|
services.flannel.publicIpIP accessible by other nodes for inter-host communication. Defaults to the IP of the interface being used for communication.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/flannel.nix>
|
services.flannel.storageBackendDetermines where flannel stores its configuration at runtime
Type: one of "etcd", "kubernetes"
Default: "etcd"
Declared by:
<nixpkgs/nixos/modules/services/networking/flannel.nix>
|
services.flannel.subnetLenThe size of the subnet allocated to each host. Defaults to 24 (i.e. /24) unless the Network was configured to be smaller than a /24 in which case it is one less than the network.
Type: signed integer
Default: 24
Declared by:
<nixpkgs/nixos/modules/services/networking/flannel.nix>
|
services.flannel.subnetMaxThe end of IP range which the subnet allocation should start with. Defaults to the last subnet of Network.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/flannel.nix>
|
services.flannel.subnetMinThe beginning of IP range which the subnet allocation should start with. Defaults to the first subnet of Network.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/flannel.nix>
|
services.flatpak.enableWhether to enable flatpak.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/desktops/flatpak.nix>
|
services.flexget.enableWhether to enable Run FlexGet Daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/torrent/flexget.nix>
|
services.flexget.configThe YAML configuration for FlexGet.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/torrent/flexget.nix>
|
services.flexget.homeDirWhere files live.
Type: path
Default: "/var/lib/deluge"
Example: "/home/flexget"
Declared by:
<nixpkgs/nixos/modules/services/torrent/flexget.nix>
|
services.flexget.intervalWhen to perform a flexget run. See man 7 systemd.time for the format.
Type: string
Default: "10m"
Example: "1h"
Declared by:
<nixpkgs/nixos/modules/services/torrent/flexget.nix>
|
services.flexget.systemSchedulerWhen true, execute the runs via the flexget-runner.timer. If false, you have to specify the settings yourself in the YML file.
Type: boolean
Default: true
Example: false
Declared by:
<nixpkgs/nixos/modules/services/torrent/flexget.nix>
|
services.flexget.userThe user under which to run flexget.
Type: string
Default: "deluge"
Example: "some_user"
Declared by:
<nixpkgs/nixos/modules/services/torrent/flexget.nix>
|
services.fluentd.enableWhether to enable fluentd.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/logging/fluentd.nix>
|
services.fluentd.packageThe fluentd package to use.
Type: path
Default: pkgs.fluentd
Declared by:
<nixpkgs/nixos/modules/services/logging/fluentd.nix>
|
services.fluentd.configFluentd config.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/logging/fluentd.nix>
|
services.fluentd.pluginsA list of plugin paths to pass into fluentd. It will make plugins defined in ruby files there available in your config.
Type: list of path
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/logging/fluentd.nix>
|
services.fluidd.enableWhether to enable Fluidd, a Klipper web interface for managing your 3d printer.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/fluidd.nix>
|
services.fluidd.packageFluidd package to be used in the module
Type: package
Default: pkgs.fluidd
Declared by:
<nixpkgs/nixos/modules/services/web-apps/fluidd.nix>
|
services.fluidd.hostNameHostname to serve fluidd on
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/fluidd.nix>
|
services.fluidd.nginxExtra configuration for the nginx virtual host of fluidd.
Type: submodule
Default: { }
Example:
{
serverAliases = [ "fluidd.${config.networking.domain}" ];
}
Declared by:
<nixpkgs/nixos/modules/services/web-apps/fluidd.nix>
|
services.fluidd.nginx.enableACMEWhether to ask Let's Encrypt to sign a certificate for this vhost.
Alternately, you can use an existing certificate through useACMEHost.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/fluidd.nix>
|
services.fluidd.nginx.acmeFallbackHostHost which to proxy requests to if ACME challenge is not found. Useful if you want multiple hosts to be able to verify the same domain name.
With this option, you could request certificates for the present domain with an ACME client that is running on another host, which you would specify here.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/fluidd.nix>
|
services.fluidd.nginx.acmeRootDirectory for the ACME challenge, which is public. Don't put certs or keys in here. Set to null to inherit from config.security.acme.
Type: null or string
Default: "/var/lib/acme/acme-challenge"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/fluidd.nix>
|
services.fluidd.nginx.addSSLWhether to enable HTTPS in addition to plain HTTP. This will set defaults for
listen to listen on all interfaces on the respective default
ports (80, 443).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/fluidd.nix>
|
services.fluidd.nginx.basicAuthBasic Auth protection for a vhost.
WARNING: This is implemented to store the password in plain text in the Nix store.
Type: attribute set of string
Default: { }
Example:
{
user = "password";
};
Declared by:
<nixpkgs/nixos/modules/services/web-apps/fluidd.nix>
|
services.fluidd.nginx.basicAuthFileBasic Auth password file for a vhost. Can be created via: htpasswd -c <filename> <username>.
WARNING: The generate file contains the users' passwords in a non-cryptographically-securely hashed way.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/fluidd.nix>
|
services.fluidd.nginx.defaultMakes this vhost the default.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/fluidd.nix>
|
services.fluidd.nginx.extraConfigThese lines go to the end of the vhost verbatim.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/fluidd.nix>
|
services.fluidd.nginx.forceSSLWhether to add a separate nginx server block that permanently redirects (301)
all plain HTTP traffic to HTTPS. This will set defaults for
listen to listen on all interfaces on the respective default
ports (80, 443), where the non-SSL listens are used for the redirect vhosts.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/fluidd.nix>
|
services.fluidd.nginx.globalRedirectIf set, all requests for this host are redirected permanently to the given hostname.
Type: null or string
Default: null
Example: "newserver.example.org"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/fluidd.nix>
|
services.fluidd.nginx.http2Whether to enable HTTP 2. Note that (as of writing) due to nginx's implementation, to disable HTTP 2 you have to disable it on all vhosts that use a given IP address / port. If there is one server block configured to enable http2,then it is enabled for all server blocks on this IP. See https://stackoverflow.com/a/39466948/263061.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/fluidd.nix>
|
services.fluidd.nginx.http3Whether to enable HTTP 3.
This requires using pkgs.nginxQuic package
which can be achieved by setting services.nginx.package = pkgs.nginxQuic;.
Note that HTTP 3 support is experimental and
not yet recommended for production.
Read more at https://quic.nginx.org/
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/fluidd.nix>
|
services.fluidd.nginx.kTLSWhether to enable kTLS support. Implementing TLS in the kernel (kTLS) improves performance by significantly reducing the need for copying operations between user space and the kernel. Required Nginx version 1.21.4 or later.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/fluidd.nix>
|
services.fluidd.nginx.listenListen addresses and ports for this virtual host.
IPv6 addresses must be enclosed in square brackets.
Note: this option overrides addSSL
and onlySSL.
If you only want to set the addresses manually and not
the ports, take a look at listenAddresses
Type: list of (submodule)
Default: [ ]
Example:
[
{
addr = "195.154.1.1";
port = 443;
ssl = true;
}
{
addr = "192.154.1.1";
port = 80;
}
]Declared by:
<nixpkgs/nixos/modules/services/web-apps/fluidd.nix>
|
services.fluidd.nginx.listen.*.addrIP address.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/fluidd.nix>
|
services.fluidd.nginx.listen.*.extraParametersExtra parameters of this listen directive.
Type: list of string
Default: [ ]
Example:
[ "backlog=1024" "deferred" ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/fluidd.nix>
|
services.fluidd.nginx.listen.*.portPort number.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 80
Declared by:
<nixpkgs/nixos/modules/services/web-apps/fluidd.nix>
|
services.fluidd.nginx.listen.*.sslEnable SSL.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/fluidd.nix>
|
services.fluidd.nginx.listenAddressesListen addresses for this virtual host.
Compared to listen this only sets the addresses
and the ports are chosen automatically.
Note: This option overrides enableIPv6
Type: list of string
Default: [ ]
Example:
[ "127.0.0.1" "[::1]" ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/fluidd.nix>
|
services.fluidd.nginx.locationsDeclarative location config
Type: attribute set of (submodule)
Default: { }
Example:
{
"/" = {
proxyPass = "http://localhost:3000";
};
};
Declared by:
<nixpkgs/nixos/modules/services/web-apps/fluidd.nix>
|
services.fluidd.nginx.locations.<name>.aliasAlias directory for requests.
Type: null or path
Default: null
Example: "/your/alias/directory"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/fluidd.nix>
|
services.fluidd.nginx.locations.<name>.basicAuthBasic Auth protection for a vhost.
WARNING: This is implemented to store the password in plain text in the Nix store.
Type: attribute set of string
Default: { }
Example:
{
user = "password";
};
Declared by:
<nixpkgs/nixos/modules/services/web-apps/fluidd.nix>
|
services.fluidd.nginx.locations.<name>.basicAuthFileBasic Auth password file for a vhost. Can be created via: htpasswd -c <filename> <username>.
WARNING: The generate file contains the users' passwords in a non-cryptographically-securely hashed way.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/fluidd.nix>
|
services.fluidd.nginx.locations.<name>.extraConfigThese lines go to the end of the location verbatim.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/fluidd.nix>
|
services.fluidd.nginx.locations.<name>.fastcgiParamsFastCGI parameters to override. Unlike in the Nginx configuration file, overriding only some default parameters won't unset the default values for other parameters.
Type: attribute set of (string or path)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/web-apps/fluidd.nix>
|
services.fluidd.nginx.locations.<name>.indexAdds index directive.
Type: null or string
Default: null
Example: "index.php index.html"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/fluidd.nix>
|
services.fluidd.nginx.locations.<name>.priorityOrder of this location block in relation to the others in the vhost.
The semantics are the same as with lib.mkOrder. Smaller values have
a greater priority.
Type: signed integer
Default: 1000
Declared by:
<nixpkgs/nixos/modules/services/web-apps/fluidd.nix>
|
services.fluidd.nginx.locations.<name>.proxyPassAdds proxy_pass directive and sets recommended proxy headers if recommendedProxySettings is enabled.
Type: null or string
Default: null
Example: "http://www.example.org/"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/fluidd.nix>
|
services.fluidd.nginx.locations.<name>.proxyWebsocketsWhether to support proxying websocket connections with HTTP/1.1.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/fluidd.nix>
|
services.fluidd.nginx.locations.<name>.recommendedProxySettingsEnable recommended proxy settings.
Type: boolean
Default: config.services.nginx.recommendedProxySettings
Declared by:
<nixpkgs/nixos/modules/services/web-apps/fluidd.nix>
|
services.fluidd.nginx.locations.<name>.returnAdds a return directive, for e.g. redirections.
Type: null or string
Default: null
Example: "301 http://example.com$request_uri"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/fluidd.nix>
|
services.fluidd.nginx.locations.<name>.rootRoot directory for requests.
Type: null or path
Default: null
Example: "/your/root/directory"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/fluidd.nix>
|
services.fluidd.nginx.locations.<name>.tryFilesAdds try_files directive.
Type: null or string
Default: null
Example: "$uri =404"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/fluidd.nix>
|
services.fluidd.nginx.onlySSLWhether to enable HTTPS and reject plain HTTP connections. This will set
defaults for listen to listen on all interfaces on port 443.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/fluidd.nix>
|
services.fluidd.nginx.rejectSSLWhether to listen for and reject all HTTPS connections to this vhost. Useful in
default
server blocks to avoid serving the certificate for another vhost. Uses the
ssl_reject_handshake directive available in nginx versions
1.19.4 and above.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/fluidd.nix>
|
services.fluidd.nginx.reuseportCreate an individual listening socket . It is required to specify only once on one of the hosts.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/fluidd.nix>
|
services.fluidd.nginx.rootThe path of the web root directory.
Type: null or path
Default: null
Example: "/data/webserver/docs"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/fluidd.nix>
|
services.fluidd.nginx.serverAliasesAdditional names of virtual hosts served by this virtual host configuration.
Type: list of string
Default: [ ]
Example:
[ "www.example.org" "example.org" ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/fluidd.nix>
|
services.fluidd.nginx.serverNameName of this virtual host. Defaults to attribute name in virtualHosts.
Type: null or string
Default: null
Example: "example.org"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/fluidd.nix>
|
services.fluidd.nginx.sslCertificatePath to server SSL certificate.
Type: path
Example: "/var/host.cert"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/fluidd.nix>
|
services.fluidd.nginx.sslCertificateKeyPath to server SSL certificate key.
Type: path
Example: "/var/host.key"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/fluidd.nix>
|
services.fluidd.nginx.sslTrustedCertificatePath to root SSL certificate for stapling and client certificates.
Type: null or path
Default: null
Example: "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/fluidd.nix>
|
services.fluidd.nginx.useACMEHostA host of an existing Let's Encrypt certificate to use.
This is useful if you have many subdomains and want to avoid hitting the
rate limit.
Alternately, you can generate a certificate through enableACME.
Note that this option does not create any certificates, nor it does add subdomains to existing ones – you will need to create them manually using security.acme.certs.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/fluidd.nix>
|
services.foldingathome.enableWhether to enable Folding@home client.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/computing/foldingathome/client.nix>
|
services.foldingathome.packageWhich Folding@home client to use.
Type: package
Default: pkgs.fahclient
Declared by:
<nixpkgs/nixos/modules/services/computing/foldingathome/client.nix>
|
services.foldingathome.daemonNiceLevelDaemon process priority for FAHClient. 0 is the default Unix process priority, 19 is the lowest.
Type: integer between -20 and 19 (both inclusive)
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/computing/foldingathome/client.nix>
|
services.foldingathome.extraArgsExtra startup options for the FAHClient. Run
FAHClient --help to find all the available options.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/computing/foldingathome/client.nix>
|
services.foldingathome.teamThe team ID associated with the reported computation results. This will be used in the ranking statistics.
By default, use the NixOS folding@home team ID is being used.
Type: signed integer
Default: 236565
Declared by:
<nixpkgs/nixos/modules/services/computing/foldingathome/client.nix>
|
services.foldingathome.userThe user associated with the reported computation results. This will be used in the ranking statistics.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/computing/foldingathome/client.nix>
|
services.foundationdb.enableWhether to enable FoundationDB Server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/databases/foundationdb.nix>
|
services.foundationdb.packageThe FoundationDB package to use for this server. This must be specified by the user in order to ensure migrations and upgrades are controlled appropriately.
Type: package
Declared by:
<nixpkgs/nixos/modules/services/databases/foundationdb.nix>
|
services.foundationdb.backupProcessesNumber of backup_agent processes to run for snapshots.
Type: signed integer
Default: 1
Declared by:
<nixpkgs/nixos/modules/services/databases/foundationdb.nix>
|
services.foundationdb.classProcess class
Type: null or one of "storage", "transaction", "stateless"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/databases/foundationdb.nix>
|
services.foundationdb.dataDirData directory. All cluster data will be put under here.
Type: path
Default: "/var/lib/foundationdb"
Declared by:
<nixpkgs/nixos/modules/services/databases/foundationdb.nix>
|
services.foundationdb.extraReadWritePathsAn extra set of filesystem paths that FoundationDB can read to and write from. By default, FoundationDB runs under a heavily namespaced systemd environment without write access to most of the filesystem outside of its data and log directories. By adding paths to this list, the set of writeable paths will be expanded. This is useful for allowing e.g. backups to local files, which must be performed on behalf of the foundationdb service.
Type: list of path
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/databases/foundationdb.nix>
|
services.foundationdb.groupGroup account under which FoundationDB runs.
Type: string
Default: "foundationdb"
Declared by:
<nixpkgs/nixos/modules/services/databases/foundationdb.nix>
|
services.foundationdb.listenAddressPublicly visible IP address of the process. Port is determined by process ID
Type: string
Default: "public"
Declared by:
<nixpkgs/nixos/modules/services/databases/foundationdb.nix>
|
services.foundationdb.listenPortStartStarting port number for database listening sockets. Every FDB process binds to a subsequent port, to this number reflects the start of the overall range. e.g. having 8 server processes will use all ports between 4500 and 4507.
Type: signed integer
Default: 4500
Declared by:
<nixpkgs/nixos/modules/services/databases/foundationdb.nix>
|
services.foundationdb.localityFoundationDB locality settings.
Type: submodule
Default:
{
dataHall = null;
datacenterId = null;
machineId = null;
zoneId = null;
}Declared by:
<nixpkgs/nixos/modules/services/databases/foundationdb.nix>
|
services.foundationdb.locality.dataHallData hall identifier key. All processes physically located in a data hall should share the id. If you are depending on data hall based replication this must be set on all processes.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/databases/foundationdb.nix>
|
services.foundationdb.locality.datacenterIdData center identifier key. All processes physically located in a data center should share the id. If you are depending on data center based replication this must be set on all processes.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/databases/foundationdb.nix>
|
services.foundationdb.locality.machineIdMachine identifier key. All processes on a machine should share a unique id. By default, processes on a machine determine a unique id to share. This does not generally need to be set.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/databases/foundationdb.nix>
|
services.foundationdb.locality.zoneIdZone identifier key. Processes that share a zone id are considered non-unique for the purposes of data replication. If unset, defaults to machine id.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/databases/foundationdb.nix>
|
services.foundationdb.logDirLog directory.
Type: path
Default: "/var/log/foundationdb"
Declared by:
<nixpkgs/nixos/modules/services/databases/foundationdb.nix>
|
services.foundationdb.logSizeRoll over to a new log file after the current log file reaches the specified size.
Type: string
Default: "10MiB"
Declared by:
<nixpkgs/nixos/modules/services/databases/foundationdb.nix>
|
services.foundationdb.maxLogSizeDelete the oldest log file when the total size of all log files exceeds the specified size. If set to 0, old log files will not be deleted.
Type: string
Default: "100MiB"
Declared by:
<nixpkgs/nixos/modules/services/databases/foundationdb.nix>
|
services.foundationdb.memoryMaximum memory used by the process. The default value is
8GiB. When specified without a unit,
MiB is assumed. This parameter does not
change the memory allocation of the program. Rather, it sets
a hard limit beyond which the process will kill itself and
be restarted. The default value of 8GiB
is double the intended memory usage in the default
configuration (providing an emergency buffer to deal with
memory leaks or similar problems). It is not recommended to
decrease the value of this parameter below its default
value. It may be increased if you wish to allocate a very
large amount of storage engine memory or cache. In
particular, when the storageMemory
parameter is increased, the memory
parameter should be increased by an equal amount.
Type: string
Default: "8GiB"
Declared by:
<nixpkgs/nixos/modules/services/databases/foundationdb.nix>
|
services.foundationdb.openFirewallOpen the firewall ports corresponding to FoundationDB processes and coordinators
using config.networking.firewall.*.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/databases/foundationdb.nix>
|
services.foundationdb.pidfilePath to pidfile for fdbmonitor.
Type: path
Default: "/run/foundationdb.pid"
Declared by:
<nixpkgs/nixos/modules/services/databases/foundationdb.nix>
|
services.foundationdb.publicAddressPublicly visible IP address of the process. Port is determined by process ID
Type: string
Default: "auto"
Declared by:
<nixpkgs/nixos/modules/services/databases/foundationdb.nix>
|
services.foundationdb.restartDelayNumber of seconds to wait before restarting servers.
Type: signed integer
Default: 10
Declared by:
<nixpkgs/nixos/modules/services/databases/foundationdb.nix>
|
services.foundationdb.serverProcessesNumber of fdbserver processes to run.
Type: signed integer
Default: 1
Declared by:
<nixpkgs/nixos/modules/services/databases/foundationdb.nix>
|
services.foundationdb.storageMemoryMaximum memory used for data storage. The default value is
1GiB. When specified without a unit,
MB is assumed. Clusters using the memory
storage engine will be restricted to using this amount of
memory per process for purposes of data storage. Memory
overhead associated with storing the data is counted against
this total. If you increase the
storageMemory, you should also increase
the memory parameter by the same amount.
Type: string
Default: "1GiB"
Declared by:
<nixpkgs/nixos/modules/services/databases/foundationdb.nix>
|
services.foundationdb.tlsFoundationDB Transport Security Layer (TLS) settings.
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/databases/foundationdb.nix>
|
services.foundationdb.tls.allowedPeers"Peer verification string". This may be used to adjust which TLS client certificates a server will accept, as a form of user authorization; for example, it may only accept TLS clients who offer a certificate abiding by some locality or organization name.
For more information, please see the FoundationDB documentation.
Type: string
Default: "Check.Valid=1,Check.Unexpired=1"
Declared by:
<nixpkgs/nixos/modules/services/databases/foundationdb.nix>
|
services.foundationdb.tls.certificatePath to the TLS certificate file. This certificate will be offered to, and may be verified by, clients.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/databases/foundationdb.nix>
|
services.foundationdb.tls.keyPrivate key file for the certificate.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/databases/foundationdb.nix>
|
services.foundationdb.traceFormatTrace logging format.
Type: one of "xml", "json"
Default: "xml"
Declared by:
<nixpkgs/nixos/modules/services/databases/foundationdb.nix>
|
services.foundationdb.userUser account under which FoundationDB runs.
Type: string
Default: "foundationdb"
Declared by:
<nixpkgs/nixos/modules/services/databases/foundationdb.nix>
|
services.fprintd.enableWhether to enable fprintd daemon and PAM module for fingerprint readers handling.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/security/fprintd.nix>
|
services.fprintd.packagefprintd package to use.
Type: package
Default: if config.services.fprintd.tod.enable then pkgs.fprintd-tod else pkgs.fprintd
Declared by:
<nixpkgs/nixos/modules/services/security/fprintd.nix>
|
services.fprintd.tod.enableWhether to enable Touch OEM Drivers library support.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/security/fprintd.nix>
|
services.fprintd.tod.driverTouch OEM Drivers (TOD) package to use.
Type: package
Example: pkgs.libfprint-2-tod1-goodix
Declared by:
<nixpkgs/nixos/modules/services/security/fprintd.nix>
|
services.fractalart.enableEnable FractalArt for generating colorful wallpapers on login
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/fractalart.nix>
|
services.fractalart.heightScreen height
Type: null or signed integer
Default: null
Example: 1080
Declared by:
<nixpkgs/nixos/modules/services/x11/fractalart.nix>
|
services.fractalart.widthScreen width
Type: null or signed integer
Default: null
Example: 1920
Declared by:
<nixpkgs/nixos/modules/services/x11/fractalart.nix>
|
services.freeciv.enableWhether to enable freeciv.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/games/freeciv.nix>
|
services.freeciv.openFirewallWhether to enable opening the firewall for the port listening for clients.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/games/freeciv.nix>
|
services.freeciv.settingsParameters of freeciv-server.
Type: freeciv-server params
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/games/freeciv.nix>
|
services.freeciv.settings.AnnounceAnnounce game in LAN using given protocol.
Type: one of "IPv4", "IPv6", "none"
Default: "none"
Declared by:
<nixpkgs/nixos/modules/services/games/freeciv.nix>
|
services.freeciv.settings.DatabaseEnable database connection with given configuration.
Type: null or string
Default:
''
[fcdb]
backend="sqlite"
database="/var/lib/freeciv/auth.sqlite"
''Declared by:
<nixpkgs/nixos/modules/services/games/freeciv.nix>
|
services.freeciv.settings.GuestsWhether to enable guests to login if auth is enabled.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/games/freeciv.nix>
|
services.freeciv.settings.NewusersWhether to enable new users to login if auth is enabled.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/games/freeciv.nix>
|
services.freeciv.settings.authWhether to enable server authentication.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/games/freeciv.nix>
|
services.freeciv.settings.debugSet debug log level.
Type: integer between 0 and 3 (both inclusive)
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/games/freeciv.nix>
|
services.freeciv.settings.exit-on-endWhether to enable exit instead of restarting when a game ends..
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/games/freeciv.nix>
|
services.freeciv.settings.portListen for clients on given port
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 5556
Declared by:
<nixpkgs/nixos/modules/services/games/freeciv.nix>
|
services.freeciv.settings.quitidleQuit if no players for given time in seconds.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/games/freeciv.nix>
|
services.freeciv.settings.readStartup script.
Type: strings concatenated with "\n"
Default:
'' /fcdb lua sqlite_createdb() ''
Declared by:
<nixpkgs/nixos/modules/services/games/freeciv.nix>
|
services.freeciv.settings.savesSave games to given directory, a sub-directory named after the starting date of the service will me inserted to preserve older saves.
Type: null or string
Default: "/var/lib/freeciv/saves/"
Declared by:
<nixpkgs/nixos/modules/services/games/freeciv.nix>
|
services.freefall.enableWhether to protect HP/Dell laptop hard drives (not SSDs) in free fall.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/hardware/freefall.nix>
|
services.freefall.packagefreefall derivation to use.
Type: package
Default: pkgs.freefall
Declared by:
<nixpkgs/nixos/modules/services/hardware/freefall.nix>
|
services.freefall.devicesDevice paths to all internal spinning hard drives.
Type: list of string
Default:
[ "/dev/sda" ]
Declared by:
<nixpkgs/nixos/modules/services/hardware/freefall.nix>
|
services.freenet.enableEnable the Freenet daemon
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/freenet.nix>
|
services.freenet.niceSet the nice level for the Freenet daemon
Type: signed integer
Default: 10
Declared by:
<nixpkgs/nixos/modules/services/networking/freenet.nix>
|
services.freeradius.enableWhether to enable the freeradius server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/freeradius.nix>
|
services.freeradius.configDirThe path of the freeradius server configuration directory.
Type: path
Default: "/etc/raddb"
Declared by:
<nixpkgs/nixos/modules/services/networking/freeradius.nix>
|
services.freeradius.debugWhether to enable debug logging for freeradius (-xx option). This should not be left on, since it includes sensitive data such as passwords in the logs.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/freeradius.nix>
|
services.freeswitch.enableWhether to enable FreeSWITCH.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/freeswitch.nix>
|
services.freeswitch.enableReloadIssue the reloadxml command to FreeSWITCH when configuration directory changes (instead of restart).
See FreeSWITCH documentation for more info.
The configuration directory is exposed at /etc/freeswitch.
See also systemd.services.*.restartIfChanged.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/freeswitch.nix>
|
services.freeswitch.packageFreeSWITCH package.
Type: package
Default: pkgs.freeswitch
Declared by:
<nixpkgs/nixos/modules/services/misc/freeswitch.nix>
|
services.freeswitch.configDirOverride file in FreeSWITCH config template directory. Each top-level attribute denotes a file path in the configuration directory, its value is the file path. See FreeSWITCH documentation for more info. Also check available templates in FreeSWITCH repository.
Type: attribute set of path
Default: { }
Example:
{
"freeswitch.xml" = ./freeswitch.xml;
"dialplan/default.xml" = pkgs.writeText "dialplan-default.xml" ''
[xml lines]
'';
}
Declared by:
<nixpkgs/nixos/modules/services/misc/freeswitch.nix>
|
services.freeswitch.configTemplateConfiguration template to use. See available templates in FreeSWITCH repository. You can also set your own configuration directory.
Type: path
Default: "${config.services.freeswitch.package}/share/freeswitch/conf/vanilla"
Example: "${config.services.freeswitch.package}/share/freeswitch/conf/minimal"
Declared by:
<nixpkgs/nixos/modules/services/misc/freeswitch.nix>
|
services.freshrss.enableWhether to enable FreshRSS feed reader.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/freshrss.nix>
|
services.freshrss.packageWhich FreshRSS package to use.
Type: package
Default: pkgs.freshrss
Declared by:
<nixpkgs/nixos/modules/services/web-apps/freshrss.nix>
|
services.freshrss.baseUrlDefault URL for FreshRSS.
Type: string
Example: "https://freshrss.example.com"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/freshrss.nix>
|
services.freshrss.dataDirDefault data folder for FreshRSS.
Type: string
Default: "/var/lib/freshrss"
Example: "/mnt/freshrss"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/freshrss.nix>
|
services.freshrss.database.hostDatabase host for FreshRSS.
Type: null or string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/freshrss.nix>
|
services.freshrss.database.nameDatabase name for FreshRSS.
Type: null or string
Default: "freshrss"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/freshrss.nix>
|
services.freshrss.database.passFileDatabase password file for FreshRSS.
Type: null or string
Default: null
Example: "/run/secrets/freshrss"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/freshrss.nix>
|
services.freshrss.database.portDatabase port for FreshRSS.
Type: null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: null
Example: 3306
Declared by:
<nixpkgs/nixos/modules/services/web-apps/freshrss.nix>
|
services.freshrss.database.tableprefixDatabase table prefix for FreshRSS.
Type: null or string
Default: null
Example: "freshrss"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/freshrss.nix>
|
services.freshrss.database.typeDatabase type.
Type: one of "sqlite", "pgsql", "mysql"
Default: "sqlite"
Example: "pgsql"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/freshrss.nix>
|
services.freshrss.database.userDatabase user for FreshRSS.
Type: null or string
Default: "freshrss"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/freshrss.nix>
|
services.freshrss.defaultUserDefault username for FreshRSS.
Type: string
Default: "admin"
Example: "eva"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/freshrss.nix>
|
services.freshrss.languageDefault language for FreshRSS.
Type: string
Default: "en"
Example: "de"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/freshrss.nix>
|
services.freshrss.passwordFilePassword for the defaultUser for FreshRSS.
Type: path
Example: "/run/secrets/freshrss"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/freshrss.nix>
|
services.freshrss.poolName of the phpfpm pool to use and setup. If not specified, a pool will be created with default values.
Type: string
Default: "freshrss"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/freshrss.nix>
|
services.freshrss.virtualHostName of the nginx virtualhost to use and setup. If null, do not setup any virtualhost.
Type: null or string
Default: "freshrss"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/freshrss.nix>
|
services.frr.babel.enableWhether to enable the FRR BABEL routing protocol.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.babel.configbabeld configuration statements.
Type: strings concatenated with "\n"
Default: ""
Example: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.babel.configFileConfiguration file to use for FRR babeld. By default the NixOS generated files are used.
Type: null or path
Default: null
Example: "/etc/frr/babeld.conf"
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.babel.extraOptionsExtra options for the daemon.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.babel.vtyListenAddressAddress to bind to for the VTY interface.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.babel.vtyListenPortTCP Port to bind to for the VTY interface.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.bfd.enableWhether to enable the FRR BFD routing protocol.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.bfd.configbfdd configuration statements.
Type: strings concatenated with "\n"
Default: ""
Example: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.bfd.configFileConfiguration file to use for FRR bfdd. By default the NixOS generated files are used.
Type: null or path
Default: null
Example: "/etc/frr/bfdd.conf"
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.bfd.extraOptionsExtra options for the daemon.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.bfd.vtyListenAddressAddress to bind to for the VTY interface.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.bfd.vtyListenPortTCP Port to bind to for the VTY interface.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.bgp.enableWhether to enable the FRR BGP routing protocol.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.bgp.configbgpd configuration statements.
Type: strings concatenated with "\n"
Default: ""
Example:
''
router bgp 65001
neighbor 10.0.0.1 remote-as 65001
''Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.bgp.configFileConfiguration file to use for FRR bgpd. By default the NixOS generated files are used.
Type: null or path
Default: null
Example: "/etc/frr/bgpd.conf"
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.bgp.extraOptionsExtra options for the daemon.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.bgp.vtyListenAddressAddress to bind to for the VTY interface.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.bgp.vtyListenPortTCP Port to bind to for the VTY interface.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.eigrp.enableWhether to enable the FRR EIGRP routing protocol.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.eigrp.configeigrpd configuration statements.
Type: strings concatenated with "\n"
Default: ""
Example: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.eigrp.configFileConfiguration file to use for FRR eigrpd. By default the NixOS generated files are used.
Type: null or path
Default: null
Example: "/etc/frr/eigrpd.conf"
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.eigrp.extraOptionsExtra options for the daemon.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.eigrp.vtyListenAddressAddress to bind to for the VTY interface.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.eigrp.vtyListenPortTCP Port to bind to for the VTY interface.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.fabric.enableWhether to enable the FRR FABRIC routing protocol.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.fabric.configfabricd configuration statements.
Type: strings concatenated with "\n"
Default: ""
Example: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.fabric.configFileConfiguration file to use for FRR fabricd. By default the NixOS generated files are used.
Type: null or path
Default: null
Example: "/etc/frr/fabricd.conf"
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.fabric.extraOptionsExtra options for the daemon.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.fabric.vtyListenAddressAddress to bind to for the VTY interface.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.fabric.vtyListenPortTCP Port to bind to for the VTY interface.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.isis.enableWhether to enable the FRR ISIS routing protocol.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.isis.configisisd configuration statements.
Type: strings concatenated with "\n"
Default: ""
Example: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.isis.configFileConfiguration file to use for FRR isisd. By default the NixOS generated files are used.
Type: null or path
Default: null
Example: "/etc/frr/isisd.conf"
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.isis.extraOptionsExtra options for the daemon.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.isis.vtyListenAddressAddress to bind to for the VTY interface.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.isis.vtyListenPortTCP Port to bind to for the VTY interface.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.ldp.enableWhether to enable the FRR LDP routing protocol.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.ldp.configldpd configuration statements.
Type: strings concatenated with "\n"
Default: ""
Example: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.ldp.configFileConfiguration file to use for FRR ldpd. By default the NixOS generated files are used.
Type: null or path
Default: null
Example: "/etc/frr/ldpd.conf"
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.ldp.extraOptionsExtra options for the daemon.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.ldp.vtyListenAddressAddress to bind to for the VTY interface.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.ldp.vtyListenPortTCP Port to bind to for the VTY interface.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.nhrp.enableWhether to enable the FRR NHRP routing protocol.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.nhrp.confignhrpd configuration statements.
Type: strings concatenated with "\n"
Default: ""
Example: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.nhrp.configFileConfiguration file to use for FRR nhrpd. By default the NixOS generated files are used.
Type: null or path
Default: null
Example: "/etc/frr/nhrpd.conf"
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.nhrp.extraOptionsExtra options for the daemon.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.nhrp.vtyListenAddressAddress to bind to for the VTY interface.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.nhrp.vtyListenPortTCP Port to bind to for the VTY interface.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.ospf.enableWhether to enable the FRR OSPF routing protocol.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.ospf.configospfd configuration statements.
Type: strings concatenated with "\n"
Default: ""
Example:
''
router ospf
network 10.0.0.0/8 area 0
''Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.ospf.configFileConfiguration file to use for FRR ospfd. By default the NixOS generated files are used.
Type: null or path
Default: null
Example: "/etc/frr/ospfd.conf"
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.ospf.extraOptionsExtra options for the daemon.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.ospf.vtyListenAddressAddress to bind to for the VTY interface.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.ospf.vtyListenPortTCP Port to bind to for the VTY interface.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.ospf6.enableWhether to enable the FRR OSPF6 routing protocol.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.ospf6.configospf6d configuration statements.
Type: strings concatenated with "\n"
Default: ""
Example: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.ospf6.configFileConfiguration file to use for FRR ospf6d. By default the NixOS generated files are used.
Type: null or path
Default: null
Example: "/etc/frr/ospf6d.conf"
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.ospf6.extraOptionsExtra options for the daemon.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.ospf6.vtyListenAddressAddress to bind to for the VTY interface.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.ospf6.vtyListenPortTCP Port to bind to for the VTY interface.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.pbr.enableWhether to enable the FRR PBR routing protocol.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.pbr.configpbrd configuration statements.
Type: strings concatenated with "\n"
Default: ""
Example: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.pbr.configFileConfiguration file to use for FRR pbrd. By default the NixOS generated files are used.
Type: null or path
Default: null
Example: "/etc/frr/pbrd.conf"
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.pbr.extraOptionsExtra options for the daemon.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.pbr.vtyListenAddressAddress to bind to for the VTY interface.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.pbr.vtyListenPortTCP Port to bind to for the VTY interface.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.pim.enableWhether to enable the FRR PIM routing protocol.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.pim.configpimd configuration statements.
Type: strings concatenated with "\n"
Default: ""
Example: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.pim.configFileConfiguration file to use for FRR pimd. By default the NixOS generated files are used.
Type: null or path
Default: null
Example: "/etc/frr/pimd.conf"
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.pim.extraOptionsExtra options for the daemon.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.pim.vtyListenAddressAddress to bind to for the VTY interface.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.pim.vtyListenPortTCP Port to bind to for the VTY interface.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.rip.enableWhether to enable the FRR RIP routing protocol.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.rip.configripd configuration statements.
Type: strings concatenated with "\n"
Default: ""
Example:
''
router rip
network 10.0.0.0/8
''Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.rip.configFileConfiguration file to use for FRR ripd. By default the NixOS generated files are used.
Type: null or path
Default: null
Example: "/etc/frr/ripd.conf"
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.rip.extraOptionsExtra options for the daemon.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.rip.vtyListenAddressAddress to bind to for the VTY interface.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.rip.vtyListenPortTCP Port to bind to for the VTY interface.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.ripng.enableWhether to enable the FRR RIPNG routing protocol.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.ripng.configripngd configuration statements.
Type: strings concatenated with "\n"
Default: ""
Example: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.ripng.configFileConfiguration file to use for FRR ripngd. By default the NixOS generated files are used.
Type: null or path
Default: null
Example: "/etc/frr/ripngd.conf"
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.ripng.extraOptionsExtra options for the daemon.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.ripng.vtyListenAddressAddress to bind to for the VTY interface.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.ripng.vtyListenPortTCP Port to bind to for the VTY interface.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.sharp.enableWhether to enable the FRR SHARP routing protocol.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.sharp.configsharpd configuration statements.
Type: strings concatenated with "\n"
Default: ""
Example: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.sharp.configFileConfiguration file to use for FRR sharpd. By default the NixOS generated files are used.
Type: null or path
Default: null
Example: "/etc/frr/sharpd.conf"
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.sharp.extraOptionsExtra options for the daemon.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.sharp.vtyListenAddressAddress to bind to for the VTY interface.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.sharp.vtyListenPortTCP Port to bind to for the VTY interface.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.static.enableWhether to enable the FRR STATIC routing protocol.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.static.configstaticd configuration statements.
Type: strings concatenated with "\n"
Default: ""
Example: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.static.configFileConfiguration file to use for FRR staticd. By default the NixOS generated files are used.
Type: null or path
Default: null
Example: "/etc/frr/staticd.conf"
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.static.extraOptionsExtra options for the daemon.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.static.vtyListenAddressAddress to bind to for the VTY interface.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.static.vtyListenPortTCP Port to bind to for the VTY interface.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.zebra.enableWhether to enable the Zebra routing manager.
The Zebra routing manager is automatically enabled if any routing protocols are configured.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.zebra.configzebra configuration statements.
Type: strings concatenated with "\n"
Default: ""
Example: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.zebra.configFileConfiguration file to use for FRR zebra. By default the NixOS generated files are used.
Type: null or path
Default: null
Example: "/etc/frr/zebra.conf"
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.zebra.extraOptionsExtra options for the daemon.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.zebra.vtyListenAddressAddress to bind to for the VTY interface.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.frr.zebra.vtyListenPortTCP Port to bind to for the VTY interface.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/frr.nix>
|
services.fstrim.enableWhether to enable periodic SSD TRIM of mounted partitions in background.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/fstrim.nix>
|
services.fstrim.intervalHow often we run fstrim. For most desktop and server systems a sufficient trimming frequency is once a week.
The format is described in systemd.time(7).
Type: string
Default: "weekly"
Declared by:
<nixpkgs/nixos/modules/services/misc/fstrim.nix>
|
services.fusionInventory.enableWhether to enable Fusion Inventory Agent.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/fusion-inventory.nix>
|
services.fusionInventory.extraConfigConfiguration that is injected verbatim into the configuration file.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/fusion-inventory.nix>
|
services.fusionInventory.serversThe urls of the OCS/GLPI servers to connect to.
Type: list of string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/fusion-inventory.nix>
|
services.fwupd.enableWhether to enable fwupd, a DBus service that allows applications to update firmware.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/hardware/fwupd.nix>
|
services.fwupd.enableTestRemoteWhether to enable test remote. This is used by installed tests.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/hardware/fwupd.nix>
|
services.fwupd.packageWhich fwupd package to use.
Type: package
Default: pkgs.fwupd
Declared by:
<nixpkgs/nixos/modules/services/hardware/fwupd.nix>
|
services.fwupd.daemonSettingsConfigurations for the fwupd daemon.
Type: attribute set of (INI atom (null, bool, int, float or string) or a non-empty list of them)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/hardware/fwupd.nix>
|
services.fwupd.daemonSettings.DisabledDevicesList of device GUIDs to be disabled.
Type: list of string
Default: [ ]
Example:
[ "2082b5e0-7a64-478a-b1b2-e3404fab6dad" ]
Declared by:
<nixpkgs/nixos/modules/services/hardware/fwupd.nix>
|
services.fwupd.daemonSettings.DisabledPluginsList of plugins to be disabled.
Type: list of string
Default: [ ]
Example:
[ "udev" ]
Declared by:
<nixpkgs/nixos/modules/services/hardware/fwupd.nix>
|
services.fwupd.extraRemotesEnables extra remotes in fwupd. See /etc/fwupd/remotes.d.
Type: list of string
Default: [ ]
Example:
[ "lvfs-testing" ]
Declared by:
<nixpkgs/nixos/modules/services/hardware/fwupd.nix>
|
services.fwupd.extraTrustedKeysInstalling a public key allows firmware signed with a matching private key to be recognized as trusted, which may require less authentication to install than for untrusted files. By default trusted firmware can be upgraded (but not downgraded) without the user or administrator password. Only very few keys are installed by default.
Type: list of path
Default: [ ]
Example: [ /etc/nixos/fwupd/myfirmware.pem ]
Declared by:
<nixpkgs/nixos/modules/services/hardware/fwupd.nix>
|
services.galene.enableWhether to enable Galene Service..
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/galene.nix>
|
services.galene.packagePackage for running Galene.
Type: package
Default: pkgs.galene
Declared by:
<nixpkgs/nixos/modules/services/web-apps/galene.nix>
|
services.galene.certFilePath to the server's certificate. The file is copied at runtime to Galene's data directory where it needs to reside.
Type: null or string
Default: null
Example: "/path/to/your/cert.pem"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/galene.nix>
|
services.galene.dataDirData directory.
Type: string
Default: "${config.services.galene.stateDir}/data"
Example: "/var/lib/galene/data"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/galene.nix>
|
services.galene.groupGroup under which galene runs.
Type: string
Default: "galene"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/galene.nix>
|
services.galene.groupsDirWeb server directory.
Type: string
Default: "${config.services.galene.stateDir}/groups"
Example: "/var/lib/galene/groups"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/galene.nix>
|
services.galene.httpAddressHTTP listen address for galene.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/galene.nix>
|
services.galene.httpPortHTTP listen port.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8443
Declared by:
<nixpkgs/nixos/modules/services/web-apps/galene.nix>
|
services.galene.insecureWhether Galene should listen in http or in https. If left as the default value (false), Galene needs to be fed a private key and a certificate.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/galene.nix>
|
services.galene.keyFilePath to the server's private key. The file is copied at runtime to Galene's data directory where it needs to reside.
Type: null or string
Default: null
Example: "/path/to/your/key.pem"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/galene.nix>
|
services.galene.recordingsDirRecordings directory.
Type: string
Default: "${config.services.galene.stateDir}/recordings"
Example: "/var/lib/galene/recordings"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/galene.nix>
|
services.galene.stateDirThe directory where Galene stores its internal state. If left as the default value this directory will automatically be created before the Galene server starts, otherwise the sysadmin is responsible for ensuring the directory exists with appropriate ownership and permissions.
Type: string
Default: "/var/lib/galene"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/galene.nix>
|
services.galene.staticDirWeb server directory.
Type: string
Default: "${package.static}/static"
Example: "/var/lib/galene/static"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/galene.nix>
|
services.galene.userUser account under which galene runs.
Type: string
Default: "galene"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/galene.nix>
|
services.gammu-smsd.enableWhether to enable gammu-smsd daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/gammu-smsd.nix>
|
services.gammu-smsd.backend.files.errorSMSPathWhere SMSes with error in transmission is placed
Type: path
Default: "/var/spool/sms/error/"
Declared by:
<nixpkgs/nixos/modules/services/misc/gammu-smsd.nix>
|
services.gammu-smsd.backend.files.inboxPathWhere the received SMSes are stored
Type: path
Default: "/var/spool/sms/inbox/"
Declared by:
<nixpkgs/nixos/modules/services/misc/gammu-smsd.nix>
|
services.gammu-smsd.backend.files.outboxPathWhere SMSes to be sent should be placed
Type: path
Default: "/var/spool/sms/outbox/"
Declared by:
<nixpkgs/nixos/modules/services/misc/gammu-smsd.nix>
|
services.gammu-smsd.backend.files.sentSMSPathWhere the transmitted SMSes are placed
Type: path
Default: "/var/spool/sms/sent/"
Declared by:
<nixpkgs/nixos/modules/services/misc/gammu-smsd.nix>
|
services.gammu-smsd.backend.serviceService to use to store sms data.
Type: one of "null", "files", "sql"
Default: "null"
Declared by:
<nixpkgs/nixos/modules/services/misc/gammu-smsd.nix>
|
services.gammu-smsd.backend.sql.databaseDatabase name to store sms data
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/gammu-smsd.nix>
|
services.gammu-smsd.backend.sql.driverDB driver to use
Type: one of "native_mysql", "native_pgsql", "odbc", "dbi"
Declared by:
<nixpkgs/nixos/modules/services/misc/gammu-smsd.nix>
|
services.gammu-smsd.backend.sql.hostDatabase server address
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/misc/gammu-smsd.nix>
|
services.gammu-smsd.backend.sql.passwordUser password used for connection to the database
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/gammu-smsd.nix>
|
services.gammu-smsd.backend.sql.sqlDialectSQL dialect to use (odbc driver only)
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/gammu-smsd.nix>
|
services.gammu-smsd.backend.sql.userUser name used for connection to the database
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/gammu-smsd.nix>
|
services.gammu-smsd.device.connectionProtocol which will be used to talk to the phone
Type: string
Default: "at"
Declared by:
<nixpkgs/nixos/modules/services/misc/gammu-smsd.nix>
|
services.gammu-smsd.device.groupOwner group of the device
Type: string
Default: "root"
Example: "dialout"
Declared by:
<nixpkgs/nixos/modules/services/misc/gammu-smsd.nix>
|
services.gammu-smsd.device.pathDevice node or address of the phone
Type: path
Example: "/dev/ttyUSB2"
Declared by:
<nixpkgs/nixos/modules/services/misc/gammu-smsd.nix>
|
services.gammu-smsd.device.pinPIN code for the simcard
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/gammu-smsd.nix>
|
services.gammu-smsd.device.synchronizeTimeWhether to set time from computer to the phone during starting connection
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/misc/gammu-smsd.nix>
|
services.gammu-smsd.extraConfig.gammuExtra config lines to be added into [gammu] section
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/misc/gammu-smsd.nix>
|
services.gammu-smsd.extraConfig.smsdExtra config lines to be added into [smsd] section
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/misc/gammu-smsd.nix>
|
services.gammu-smsd.log.filePath to file where information about communication will be stored
Type: string
Default: "syslog"
Declared by:
<nixpkgs/nixos/modules/services/misc/gammu-smsd.nix>
|
services.gammu-smsd.log.formatDetermines what will be logged to the LogFile
Type: one of "nothing", "text", "textall", "textalldate", "errors", "errorsdate", "binary"
Default: "errors"
Declared by:
<nixpkgs/nixos/modules/services/misc/gammu-smsd.nix>
|
services.gammu-smsd.userUser that has access to the device
Type: string
Default: "smsd"
Declared by:
<nixpkgs/nixos/modules/services/misc/gammu-smsd.nix>
|
services.garage.enableWhether to enable Garage Object Storage (S3 compatible).
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-servers/garage.nix>
|
services.garage.packageGarage package to use.
Type: package
Default: pkgs.garage
Declared by:
<nixpkgs/nixos/modules/services/web-servers/garage.nix>
|
services.garage.extraEnvironmentExtra environment variables to pass to the Garage server.
Type: attribute set of string
Default: { }
Example:
{
RUST_BACKTRACE = "yes";
}Declared by:
<nixpkgs/nixos/modules/services/web-servers/garage.nix>
|
services.garage.logLevelGarage log level, see https://garagehq.deuxfleurs.fr/documentation/quick-start/#launching-the-garage-server for examples.
Type: one of "info", "debug", "trace"
Default: "info"
Example: "debug"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/garage.nix>
|
services.garage.settingsGarage configuration, see https://garagehq.deuxfleurs.fr/reference_manual/configuration.html for reference.
Type: TOML value
Declared by:
<nixpkgs/nixos/modules/services/web-servers/garage.nix>
|
services.garage.settings.data_dirThe main data storage, put this on your large storage (e.g. high capacity HDD)
Type: path
Default: "/var/lib/garage/data"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/garage.nix>
|
services.garage.settings.metadata_dirThe metadata directory, put this on a fast disk (e.g. SSD) if possible.
Type: path
Default: "/var/lib/garage/meta"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/garage.nix>
|
services.garage.settings.replication_modeGarage replication mode, defaults to none, see: https://garagehq.deuxfleurs.fr/reference_manual/configuration.html#replication_mode for reference.
Type: one of "none", "1", "2", "3", 1, 2, 3
Default: "none"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/garage.nix>
|
services.gateone.enableWhether to enable GateOne server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/gateone.nix>
|
services.gateone.pidDirPath of pid files for GateOne.
Type: path
Default: "/run/gateone"
Declared by:
<nixpkgs/nixos/modules/services/networking/gateone.nix>
|
services.gateone.settingsDirPath of configuration files for GateOne.
Type: path
Default: "/var/lib/gateone"
Declared by:
<nixpkgs/nixos/modules/services/networking/gateone.nix>
|
services.gdomap.enableWhether to enable GNUstep Distributed Objects name server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/gdomap.nix>
|
services.geoclue2.enableWhether to enable GeoClue 2 daemon, a DBus service that provides location information for accessing.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/desktops/geoclue2.nix>
|
services.geoclue2.enable3GWhether to enable 3G source.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/desktops/geoclue2.nix>
|
services.geoclue2.enableCDMAWhether to enable CDMA source.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/desktops/geoclue2.nix>
|
services.geoclue2.enableDemoAgentWhether to use the GeoClue demo agent. This should be overridden by desktop environments that provide their own agent.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/desktops/geoclue2.nix>
|
services.geoclue2.enableModemGPSWhether to enable Modem-GPS source.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/desktops/geoclue2.nix>
|
services.geoclue2.enableNmeaWhether to fetch location from NMEA sources on local network.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/desktops/geoclue2.nix>
|
services.geoclue2.enableWifiWhether to enable WiFi source.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/desktops/geoclue2.nix>
|
services.geoclue2.appConfigSpecify extra settings per application.
Type: attribute set of (submodule)
Default: { }
Example:
"com.github.app" = {
isAllowed = true;
isSystem = true;
users = [ "300" ];
};
Declared by:
<nixpkgs/nixos/modules/services/desktops/geoclue2.nix>
|
services.geoclue2.appConfig.<name>.desktopIDDesktop ID of the application.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/desktops/geoclue2.nix>
|
services.geoclue2.appConfig.<name>.isAllowedWhether the application will be allowed access to location information.
Type: boolean
Declared by:
<nixpkgs/nixos/modules/services/desktops/geoclue2.nix>
|
services.geoclue2.appConfig.<name>.isSystemWhether the application is a system component or not.
Type: boolean
Declared by:
<nixpkgs/nixos/modules/services/desktops/geoclue2.nix>
|
services.geoclue2.appConfig.<name>.usersList of UIDs of all users for which this application is allowed location info access, Defaults to an empty string to allow it for all users.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/desktops/geoclue2.nix>
|
services.geoclue2.geoProviderUrlThe url to the wifi GeoLocation Service.
Type: string
Default: "https://location.services.mozilla.com/v1/geolocate?key=geoclue"
Example: "https://www.googleapis.com/geolocation/v1/geolocate?key=YOUR_KEY"
Declared by:
<nixpkgs/nixos/modules/services/desktops/geoclue2.nix>
|
services.geoclue2.submissionNickA nickname to submit network data with. Must be 2-32 characters long.
Type: string
Default: "geoclue"
Declared by:
<nixpkgs/nixos/modules/services/desktops/geoclue2.nix>
|
services.geoclue2.submissionUrlThe url to submit data to a GeoLocation Service.
Type: string
Default: "https://location.services.mozilla.com/v1/submit?key=geoclue"
Declared by:
<nixpkgs/nixos/modules/services/desktops/geoclue2.nix>
|
services.geoclue2.submitDataWhether to submit data to a GeoLocation Service.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/desktops/geoclue2.nix>
|
services.geoipupdate.enableWhether to enable periodic downloading of GeoIP databases using geoipupdate. .
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/geoipupdate.nix>
|
services.geoipupdate.intervalUpdate the GeoIP databases at this time / interval. The format is described in systemd.time(7).
Type: string
Default: "weekly"
Declared by:
<nixpkgs/nixos/modules/services/misc/geoipupdate.nix>
|
services.geoipupdate.settingsgeoipupdate configuration options. See https://github.com/maxmind/geoipupdate/blob/main/doc/GeoIP.conf.md for a full list of available options.
Settings containing secret data should be set to an
attribute set containing the attribute
_secret - a string pointing to a file
containing the value the option should be set to. See the
example to get a better picture of this: in the resulting
GeoIP.conf file, the
ProxyUserPassword key will be set to the
contents of the
/run/keys/proxy_pass file.
Type: attribute set of (string or signed integer or boolean or list of (string or signed integer or boolean))
Example:
{
AccountID = 200001;
DatabaseDirectory = "/var/lib/GeoIP";
LicenseKey = { _secret = "/run/keys/maxmind_license_key"; };
Proxy = "10.0.0.10:8888";
ProxyUserPassword = { _secret = "/run/keys/proxy_pass"; };
}
Declared by:
<nixpkgs/nixos/modules/services/misc/geoipupdate.nix>
|
services.geoipupdate.settings.AccountIDYour MaxMind account ID.
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/services/misc/geoipupdate.nix>
|
services.geoipupdate.settings.DatabaseDirectoryThe directory to store the database files in. The
directory will be automatically created, the owner
changed to geoip and permissions
set to world readable. This applies if the directory
already exists as well, so don't use a directory with
sensitive contents.
Type: path
Default: "/var/lib/GeoIP"
Example: "/run/GeoIP"
Declared by:
<nixpkgs/nixos/modules/services/misc/geoipupdate.nix>
|
services.geoipupdate.settings.EditionIDsList of database edition IDs. This includes new string
IDs like GeoIP2-City and old
numeric IDs like 106.
Type: list of (string or signed integer)
Example:
[ "GeoLite2-ASN" "GeoLite2-City" "GeoLite2-Country" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/geoipupdate.nix>
|
services.geoipupdate.settings.LicenseKeyA file containing the MaxMind license key.
Always handled as a secret whether the value is
wrapped in a { _secret = ...; }
attrset or not (refer to services.geoipupdate.settings for
details).
Type: path or attribute set of path
Declared by:
<nixpkgs/nixos/modules/services/misc/geoipupdate.nix>
|
services.gerrit.enableWhether to enable Gerrit service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/gerrit.nix>
|
services.gerrit.packageGerrit package to use
Type: package
Default: pkgs.gerrit
Declared by:
<nixpkgs/nixos/modules/services/web-apps/gerrit.nix>
|
services.gerrit.builtinPluginsList of builtins plugins to install. Those are shipped in the
gerrit.war file.
Type: list of (one of "codemirror-editor", "commit-message-length-validator", "delete-project", "download-commands", "gitiles", "hooks", "plugin-manager", "replication", "reviewnotes", "singleusergroup", "webhooks")
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/gerrit.nix>
|
services.gerrit.jvmHeapLimitHow much memory to allocate to the JVM heap
Type: string
Default: "1024m"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/gerrit.nix>
|
services.gerrit.jvmOptsA list of JVM options to start gerrit with.
Type: list of string
Default:
[ "-Dflogger.backend_factory=com.google.common.flogger.backend.log4j.Log4jBackendFactory#getInstance" "-Dflogger.logging_context=com.google.gerrit.server.logging.LoggingContext#getInstance" ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/gerrit.nix>
|
services.gerrit.jvmPackageJava Runtime Environment package to use
Type: package
Default: pkgs.jre_headless
Declared by:
<nixpkgs/nixos/modules/services/web-apps/gerrit.nix>
|
services.gerrit.listenAddresshostname:port to listen for HTTP traffic.
This is bound using the systemd socket activation.
Type: string
Default: "[::]:8080"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/gerrit.nix>
|
services.gerrit.pluginsList of plugins to add to Gerrit. Each derivation is a jar file itself where the name of the derivation is the name of plugin.
Type: list of package
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/gerrit.nix>
|
services.gerrit.replicationSettingsReplication configuration. This will be generated to the
etc/replication.config file.
Type: lazy attribute set of lazy attribute set of (string or boolean or signed integer or list of (string or boolean or signed integer) or lazy attribute set of (string or boolean or signed integer or list of (string or boolean or signed integer)))
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/web-apps/gerrit.nix>
|
services.gerrit.serverIdSet a UUID that uniquely identifies the server.
This can be generated with
nix-shell -p util-linux --run uuidgen.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/gerrit.nix>
|
services.gerrit.settingsGerrit configuration. This will be generated to the
etc/gerrit.config file.
Type: lazy attribute set of lazy attribute set of (string or boolean or signed integer or list of (string or boolean or signed integer) or lazy attribute set of (string or boolean or signed integer or list of (string or boolean or signed integer)))
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/web-apps/gerrit.nix>
|
services.gethSpecification of one or more geth instances.
Type: attribute set of (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/blockchain/ethereum/geth.nix>
|
services.geth.<name>.enableWhether to enable Go Ethereum Node.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/blockchain/ethereum/geth.nix>
|
services.geth.<name>.packagePackage to use as Go Ethereum node.
Type: package
Default: pkgs.go-ethereum.geth
Declared by:
<nixpkgs/nixos/modules/services/blockchain/ethereum/geth.nix>
|
services.geth.<name>.authrpc.enableWhether to enable Go Ethereum Auth RPC API.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/blockchain/ethereum/geth.nix>
|
services.geth.<name>.authrpc.addressListen address of Go Ethereum Auth RPC API.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/blockchain/ethereum/geth.nix>
|
services.geth.<name>.authrpc.jwtsecretPath to a JWT secret for authenticated RPC endpoint.
Type: string
Default: ""
Example: "/var/run/geth/jwtsecret"
Declared by:
<nixpkgs/nixos/modules/services/blockchain/ethereum/geth.nix>
|
services.geth.<name>.authrpc.portPort number of Go Ethereum Auth RPC API.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8551
Declared by:
<nixpkgs/nixos/modules/services/blockchain/ethereum/geth.nix>
|
services.geth.<name>.authrpc.vhostsList of virtual hostnames from which to accept requests.
Type: null or (list of string)
Default:
[ "localhost" ]
Example:
[ "localhost" "geth.example.org" ]
Declared by:
<nixpkgs/nixos/modules/services/blockchain/ethereum/geth.nix>
|
services.geth.<name>.extraArgsAdditional arguments passed to Go Ethereum.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/blockchain/ethereum/geth.nix>
|
services.geth.<name>.gcmodeBlockchain garbage collection mode.
Type: one of "full", "archive"
Default: "full"
Declared by:
<nixpkgs/nixos/modules/services/blockchain/ethereum/geth.nix>
|
services.geth.<name>.http.enableWhether to enable Go Ethereum HTTP API.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/blockchain/ethereum/geth.nix>
|
services.geth.<name>.http.addressListen address of Go Ethereum HTTP API.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/blockchain/ethereum/geth.nix>
|
services.geth.<name>.http.apisAPIs to enable over WebSocket
Type: null or (list of string)
Default: null
Example:
[ "net" "eth" ]
Declared by:
<nixpkgs/nixos/modules/services/blockchain/ethereum/geth.nix>
|
services.geth.<name>.http.portPort number of Go Ethereum HTTP API.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8545
Declared by:
<nixpkgs/nixos/modules/services/blockchain/ethereum/geth.nix>
|
services.geth.<name>.maxpeersMaximum peers to connect to.
Type: signed integer
Default: 50
Declared by:
<nixpkgs/nixos/modules/services/blockchain/ethereum/geth.nix>
|
services.geth.<name>.metrics.enableWhether to enable Go Ethereum prometheus metrics.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/blockchain/ethereum/geth.nix>
|
services.geth.<name>.metrics.addressListen address of Go Ethereum metrics service.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/blockchain/ethereum/geth.nix>
|
services.geth.<name>.metrics.portPort number of Go Ethereum metrics service.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 6060
Declared by:
<nixpkgs/nixos/modules/services/blockchain/ethereum/geth.nix>
|
services.geth.<name>.networkThe network to connect to. Mainnet (null) is the default ethereum network.
Type: null or one of "goerli", "rinkeby", "yolov2", "ropsten"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/blockchain/ethereum/geth.nix>
|
services.geth.<name>.portPort number Go Ethereum will be listening on, both TCP and UDP.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 30303
Declared by:
<nixpkgs/nixos/modules/services/blockchain/ethereum/geth.nix>
|
services.geth.<name>.syncmodeBlockchain sync mode.
Type: one of "snap", "fast", "full", "light"
Default: "snap"
Declared by:
<nixpkgs/nixos/modules/services/blockchain/ethereum/geth.nix>
|
services.geth.<name>.websocket.enableWhether to enable Go Ethereum WebSocket API.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/blockchain/ethereum/geth.nix>
|
services.geth.<name>.websocket.addressListen address of Go Ethereum WebSocket API.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/blockchain/ethereum/geth.nix>
|
services.geth.<name>.websocket.apisAPIs to enable over WebSocket
Type: null or (list of string)
Default: null
Example:
[ "net" "eth" ]
Declared by:
<nixpkgs/nixos/modules/services/blockchain/ethereum/geth.nix>
|
services.geth.<name>.websocket.portPort number of Go Ethereum WebSocket API.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8546
Declared by:
<nixpkgs/nixos/modules/services/blockchain/ethereum/geth.nix>
|
services.getty.autologinUserUsername of the account that will be automatically logged in at the console. If unspecified, a login prompt is shown as usual.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/ttys/getty.nix>
|
services.getty.extraArgsAdditional arguments passed to agetty.
Type: list of string
Default: [ ]
Example:
[ "--nohostname" ]
Declared by:
<nixpkgs/nixos/modules/services/ttys/getty.nix>
|
services.getty.greetingLineWelcome line printed by agetty. The default shows current NixOS version label, machine type and tty.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/ttys/getty.nix>
|
services.getty.helpLineHelp line printed by agetty below the welcome line. Used by the installation CD to give some hints on how to proceed.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/ttys/getty.nix>
|
services.getty.loginOptionsTemplate for arguments to be passed to login(1).
See agetty(1) for details,
including security considerations. If unspecified, agetty
will not be invoked with a --login-options
option.
Type: null or string
Default: null
Example: "-h darkstar -- \\u"
Declared by:
<nixpkgs/nixos/modules/services/ttys/getty.nix>
|
services.getty.loginProgramPath to the login binary executed by agetty.
Type: path
Default: "${pkgs.shadow}/bin/login"
Declared by:
<nixpkgs/nixos/modules/services/ttys/getty.nix>
|
services.ghostunnel.enableWhether to enable ghostunnel.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/ghostunnel.nix>
|
services.ghostunnel.packageThe ghostunnel package to use.
Type: package
Default: pkgs.ghostunnel
Declared by:
<nixpkgs/nixos/modules/services/networking/ghostunnel.nix>
|
services.ghostunnel.serversServer mode ghostunnels (TLS listener -> plain TCP/UNIX target)
Type: attribute set of (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/ghostunnel.nix>
|
services.ghostunnel.servers.<name>.allowAllIf true, allow all clients, do not check client cert subject.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/ghostunnel.nix>
|
services.ghostunnel.servers.<name>.allowCNAllow client if common name appears in the list.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/ghostunnel.nix>
|
services.ghostunnel.servers.<name>.allowDNSAllow client if DNS subject alternative name appears in the list.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/ghostunnel.nix>
|
services.ghostunnel.servers.<name>.allowOUAllow client if organizational unit name appears in the list.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/ghostunnel.nix>
|
services.ghostunnel.servers.<name>.allowURIAllow client if URI subject alternative name appears in the list.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/ghostunnel.nix>
|
services.ghostunnel.servers.<name>.cacertPath to CA bundle file (PEM/X509). Uses system trust store if null.
Type: null or string
Declared by:
<nixpkgs/nixos/modules/services/networking/ghostunnel.nix>
|
services.ghostunnel.servers.<name>.certPath to certificate (PEM with certificate chain).
Not required if keystore is set.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/ghostunnel.nix>
|
services.ghostunnel.servers.<name>.disableAuthenticationDisable client authentication, no client certificate will be required.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/ghostunnel.nix>
|
services.ghostunnel.servers.<name>.extraArgumentsExtra arguments to pass to ghostunnel server
Type: strings concatenated with " "
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/ghostunnel.nix>
|
services.ghostunnel.servers.<name>.keyPath to certificate private key (PEM with private key).
Not required if keystore is set.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/ghostunnel.nix>
|
services.ghostunnel.servers.<name>.keystorePath to keystore (combined PEM with cert/key, or PKCS12 keystore).
NB: storepass is not supported because it would expose credentials via /proc/*/cmdline.
Specify this or cert and key.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/ghostunnel.nix>
|
services.ghostunnel.servers.<name>.listenAddress and port to listen on (can be HOST:PORT, unix:PATH).
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/ghostunnel.nix>
|
services.ghostunnel.servers.<name>.targetAddress to forward connections to (can be HOST:PORT or unix:PATH).
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/ghostunnel.nix>
|
services.ghostunnel.servers.<name>.unsafeTargetIf set, does not limit target to localhost, 127.0.0.1, [::1], or UNIX sockets.
This is meant to protect against accidental unencrypted traffic on untrusted networks.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/ghostunnel.nix>
|
services.gitDaemon.enableEnable Git daemon, which allows public hosting of git repositories without any access controls. This is mostly intended for read-only access.
You can allow write access by setting daemon.receivepack configuration item of the repository to true. This is solely meant for a closed LAN setting where everybody is friendly.
If you need any access controls, use something else.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/git-daemon.nix>
|
services.gitDaemon.basePathRemap all the path requests as relative to the given path. For example, if you set base-path to /srv/git, then if you later try to pull git://example.com/hello.git, Git daemon will interpret the path as /srv/git/hello.git.
Type: string
Default: ""
Example: "/srv/git/"
Declared by:
<nixpkgs/nixos/modules/services/networking/git-daemon.nix>
|
services.gitDaemon.exportAllPublish all directories that look like Git repositories (have the objects and refs subdirectories), even if they do not have the git-daemon-export-ok file.
If disabled, you need to touch .git/git-daemon-export-ok in each repository you want the daemon to publish.
Warning: enabling this without a repository whitelist or basePath publishes every git repository you have.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/git-daemon.nix>
|
services.gitDaemon.groupGroup under which Git daemon would be running.
Type: string
Default: "git"
Declared by:
<nixpkgs/nixos/modules/services/networking/git-daemon.nix>
|
services.gitDaemon.listenAddressListen on a specific IP address or hostname.
Type: string
Default: ""
Example: "example.com"
Declared by:
<nixpkgs/nixos/modules/services/networking/git-daemon.nix>
|
services.gitDaemon.optionsExtra configuration options to be passed to Git daemon.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/git-daemon.nix>
|
services.gitDaemon.portPort to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9418
Declared by:
<nixpkgs/nixos/modules/services/networking/git-daemon.nix>
|
services.gitDaemon.repositoriesA whitelist of paths of git repositories, or directories containing repositories all of which would be published. Paths must not end in "/".
Warning: leaving this empty and enabling exportAll publishes all repositories in your filesystem or basePath if specified.
Type: list of string
Default: [ ]
Example:
[ "/srv/git" "/home/user/git/repo2" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/git-daemon.nix>
|
services.gitDaemon.userUser under which Git daemon would be running.
Type: string
Default: "git"
Declared by:
<nixpkgs/nixos/modules/services/networking/git-daemon.nix>
|
services.gitea.enableEnable Gitea Service.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
|
services.gitea.enableUnixSocketConfigure Gitea to listen on a unix socket instead of the default TCP port.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
|
services.gitea.packagegitea derivation to use
Type: package
Default: pkgs.gitea
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
|
services.gitea.appNameApplication name.
Type: string
Default: "gitea: Gitea Service"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
|
services.gitea.database.createDatabaseWhether to create a local database automatically.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
|
services.gitea.database.hostDatabase host address.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
|
services.gitea.database.nameDatabase name.
Type: string
Default: "gitea"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
|
services.gitea.database.passwordThe password corresponding to database.user.
Warning: this is stored in cleartext in the Nix store!
Use database.passwordFile instead.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
|
services.gitea.database.passwordFileA file containing the password corresponding to
database.user.
Type: null or path
Default: null
Example: "/run/keys/gitea-dbpassword"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
|
services.gitea.database.pathPath to the sqlite3 database file.
Type: string
Default: "${config.services.gitea.stateDir}/data/gitea.db"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
|
services.gitea.database.portDatabase host port.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
if config.services.gitea.database.type != "postgresql" then 3306 else config.services.postgresql.port
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
|
services.gitea.database.socketPath to the unix socket file to use for authentication.
Type: null or path
Default: null
Example: "/run/mysqld/mysqld.sock"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
|
services.gitea.database.typeDatabase engine to use.
Type: one of "sqlite3", "mysql", "postgres"
Default: "sqlite3"
Example: "mysql"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
|
services.gitea.database.userDatabase user.
Type: string
Default: "gitea"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
|
services.gitea.domainDomain name of your server.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
|
services.gitea.dump.enableEnable a timer that runs gitea dump to generate backup-files of the current gitea database and repositories.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
|
services.gitea.dump.backupDirPath to the dump files.
Type: string
Default: "${config.services.gitea.stateDir}/dump"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
|
services.gitea.dump.fileFilename to be used for the dump. If null a default name is chosen by gitea.
Type: null or string
Default: null
Example: "gitea-dump"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
|
services.gitea.dump.intervalRun a gitea dump at this interval. Runs by default at 04:31 every day.
The format is described in systemd.time(7).
Type: string
Default: "04:31"
Example: "hourly"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
|
services.gitea.dump.typeArchive format used to store the dump file.
Type: one of "zip", "rar", "tar", "sz", "tar.gz", "tar.xz", "tar.bz2", "tar.br", "tar.lz4"
Default: "zip"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
|
services.gitea.extraConfigConfiguration lines appended to the generated gitea configuration file.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
|
services.gitea.httpAddressHTTP listen address.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
|
services.gitea.httpPortHTTP listen port.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 3000
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
|
services.gitea.lfs.enableEnables git-lfs support.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
|
services.gitea.lfs.contentDirWhere to store LFS files.
Type: string
Default: "${config.services.gitea.stateDir}/data/lfs"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
|
services.gitea.mailerPasswordFilePath to a file containing the SMTP password.
Type: null or string
Default: null
Example: "/var/lib/secrets/gitea/mailpw"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
|
services.gitea.repositoryRootPath to the git repositories.
Type: string
Default: "${config.services.gitea.stateDir}/repositories"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
|
services.gitea.rootUrlFull public URL of gitea server.
Type: string
Default: "http://localhost:3000/"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
|
services.gitea.settingsGitea configuration. Refer to https://docs.gitea.io/en-us/config-cheat-sheet/ for details on supported values.
Type: attribute set of attribute set of (INI atom (null, bool, int, float or string))
Default: { }
Example:
{
"cron.sync_external_users" = {
RUN_AT_START = true;
SCHEDULE = "@every 24h";
UPDATE_EXISTING = true;
};
mailer = {
ENABLED = true;
MAILER_TYPE = "sendmail";
FROM = "do-not-reply@example.org";
SENDMAIL_PATH = "${pkgs.system-sendmail}/bin/sendmail";
};
other = {
SHOW_FOOTER_VERSION = false;
};
}
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
|
services.gitea.settings.log.LEVELGeneral log level.
Type: one of "Trace", "Debug", "Info", "Warn", "Error", "Critical"
Default: "Info"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
|
services.gitea.settings.log.ROOT_PATHRoot path for log files.
Type: string
Default: "${config.services.gitea.stateDir}/log"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
|
services.gitea.settings.server.DISABLE_SSHDisable external SSH feature.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
|
services.gitea.settings.server.SSH_PORTSSH port displayed in clone URL. The option is required to configure a service when the external visible port differs from the local listening port i.e. if port forwarding is used.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 22
Example: 2222
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
|
services.gitea.settings.service.DISABLE_REGISTRATIONBy default any user can create an account on this gitea instance.
This can be disabled by using this option.
Note: please keep in mind that this should be added after the initial
deploy unless services.gitea.useWizard
is true as the first registered user will be the administrator if
no install wizard is used.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
|
services.gitea.settings.session.COOKIE_SECUREMarks session cookies as "secure" as a hint for browsers to only send them via HTTPS. This option is recommend, if gitea is being served over HTTPS.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
|
services.gitea.stateDirgitea data directory.
Type: string
Default: "/var/lib/gitea"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
|
services.gitea.staticRootPathUpper level of template and static files path.
Type: string or path
Default: package.data
Example: "/var/lib/gitea/data"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
|
services.gitea.useWizardDo not generate a configuration and use gitea' installation wizard instead. The first registered user will be administrator.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
|
services.gitea.userUser account under which gitea runs.
Type: string
Default: "gitea"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitea.nix>
|
services.github-runner.enableWhether to enable GitHub Actions runner.
Note: GitHub recommends using self-hosted runners with private repositories only. Learn more here: About self-hosted runners.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/github-runner.nix>
|
services.github-runner.packageWhich github-runner derivation to use.
Type: package
Default: pkgs.github-runner
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/github-runner.nix>
|
services.github-runner.ephemeralIf enabled, causes the following behavior:
Passes the --ephemeral flag to the runner configuration script
De-registers and stops the runner with GitHub after it has processed one job
On stop, systemd wipes the runtime directory (this always happens, even without using the ephemeral option)
Restarts the service after its successful exit
On start, wipes the state directory and configures a new runner
You should only enable this option if tokenFile points to a file which contains a
personal access token (PAT). If you're using the option with a registration token, restarting the
service will fail as soon as the registration token expired.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/github-runner.nix>
|
services.github-runner.extraEnvironmentExtra environment variables to set for the runner, as an attrset.
Type: attribute set
Default: { }
Example:
{
GIT_CONFIG = "/path/to/git/config";
}Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/github-runner.nix>
|
services.github-runner.extraLabelsExtra labels in addition to the default (["self-hosted", "Linux", "X64"]).
Changing this option triggers a new runner registration.
Type: list of string
Default: [ ]
Example: [ "nixos" ]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/github-runner.nix>
|
services.github-runner.extraPackagesExtra packages to add to PATH of the service to make them available to workflows.
Type: list of package
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/github-runner.nix>
|
services.github-runner.nameName of the runner to configure. Defaults to the hostname.
Changing this option triggers a new runner registration.
Type: string matching the pattern ^$|^[[:alnum:]]([[:alnum:]_-]{0,61}[[:alnum:]])?$
Default: config.networking.hostName
Example: "nixos"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/github-runner.nix>
|
services.github-runner.replaceReplace any existing runner with the same name.
Without this flag, registering a new runner with the same name fails.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/github-runner.nix>
|
services.github-runner.runnerGroupName of the runner group to add this runner to (defaults to the default runner group).
Changing this option triggers a new runner registration.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/github-runner.nix>
|
services.github-runner.serviceOverridesOverrides for the systemd service. Can be used to adjust the sandboxing options.
Type: attribute set
Default: { }
Example:
{
ProtectHome = false;
}Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/github-runner.nix>
|
services.github-runner.tokenFileThe full path to a file which contains either a runner registration token or a
(fine-grained) personal access token (PAT).
The file should contain exactly one line with the token without any newline.
If a registration token is given, it can be used to re-register a runner of the same
name but is time-limited. If the file contains a PAT, the service creates a new
registration token on startup as needed. Make sure the PAT has a scope of
admin:org for organization-wide registrations or a scope of
repo for a single repository. Fine-grained PATs need read and write permission
to the "Administration" resources.
Changing this option or the file's content triggers a new runner registration.
Type: path
Example: "/run/secrets/github-runner/nixos.token"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/github-runner.nix>
|
services.github-runner.urlRepository to add the runner to.
Changing this option triggers a new runner registration.
IMPORTANT: If your token is org-wide (not per repository), you need to
provide a github org link, not a single repository, so do it like this
https://github.com/nixos, not like this
https://github.com/nixos/nixpkgs.
Otherwise, you are going to get a 404 NotFound
from POST https://api.github.com/actions/runner-registration
in the configure script.
Type: string
Example: "https://github.com/nixos/nixpkgs"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/github-runner.nix>
|
services.github-runner.userUser under which to run the service. If null, will use a systemd dynamic user.
Type: null or string
Default: username
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/github-runner.nix>
|
services.github-runnersMultiple GitHub Runners.
Type: attribute set of (submodule)
Default: { }
Example:
{
runner1 = {
enable = true;
name = "runner1";
tokenFile = "/secrets/token1";
url = "https://github.com/owner/repo";
};
runner2 = {
enable = true;
name = "runner2";
tokenFile = "/secrets/token2";
url = "https://github.com/owner/repo";
};
}Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/github-runners.nix>
|
services.github-runners.<name>.enableWhether to enable GitHub Actions runner.
Note: GitHub recommends using self-hosted runners with private repositories only. Learn more here: About self-hosted runners.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/github-runners.nix>
|
services.github-runners.<name>.packageWhich github-runner derivation to use.
Type: package
Default: pkgs.github-runner
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/github-runners.nix>
|
services.github-runners.<name>.ephemeralIf enabled, causes the following behavior:
Passes the --ephemeral flag to the runner configuration script
De-registers and stops the runner with GitHub after it has processed one job
On stop, systemd wipes the runtime directory (this always happens, even without using the ephemeral option)
Restarts the service after its successful exit
On start, wipes the state directory and configures a new runner
You should only enable this option if tokenFile points to a file which contains a
personal access token (PAT). If you're using the option with a registration token, restarting the
service will fail as soon as the registration token expired.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/github-runners.nix>
|
services.github-runners.<name>.extraEnvironmentExtra environment variables to set for the runner, as an attrset.
Type: attribute set
Default: { }
Example:
{
GIT_CONFIG = "/path/to/git/config";
}Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/github-runners.nix>
|
services.github-runners.<name>.extraLabelsExtra labels in addition to the default (["self-hosted", "Linux", "X64"]).
Changing this option triggers a new runner registration.
Type: list of string
Default: [ ]
Example: [ "nixos" ]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/github-runners.nix>
|
services.github-runners.<name>.extraPackagesExtra packages to add to PATH of the service to make them available to workflows.
Type: list of package
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/github-runners.nix>
|
services.github-runners.<name>.nameName of the runner to configure. Defaults to the hostname.
Changing this option triggers a new runner registration.
Type: null or string matching the pattern ^$|^[[:alnum:]]([[:alnum:]_-]{0,61}[[:alnum:]])?$
Default: null
Example: "nixos"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/github-runners.nix>
|
services.github-runners.<name>.replaceReplace any existing runner with the same name.
Without this flag, registering a new runner with the same name fails.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/github-runners.nix>
|
services.github-runners.<name>.runnerGroupName of the runner group to add this runner to (defaults to the default runner group).
Changing this option triggers a new runner registration.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/github-runners.nix>
|
services.github-runners.<name>.serviceOverridesOverrides for the systemd service. Can be used to adjust the sandboxing options.
Type: attribute set
Default: { }
Example:
{
ProtectHome = false;
}Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/github-runners.nix>
|
services.github-runners.<name>.tokenFileThe full path to a file which contains either a runner registration token or a
(fine-grained) personal access token (PAT).
The file should contain exactly one line with the token without any newline.
If a registration token is given, it can be used to re-register a runner of the same
name but is time-limited. If the file contains a PAT, the service creates a new
registration token on startup as needed. Make sure the PAT has a scope of
admin:org for organization-wide registrations or a scope of
repo for a single repository. Fine-grained PATs need read and write permission
to the "Administration" resources.
Changing this option or the file's content triggers a new runner registration.
Type: path
Example: "/run/secrets/github-runner/nixos.token"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/github-runners.nix>
|
services.github-runners.<name>.urlRepository to add the runner to.
Changing this option triggers a new runner registration.
IMPORTANT: If your token is org-wide (not per repository), you need to
provide a github org link, not a single repository, so do it like this
https://github.com/nixos, not like this
https://github.com/nixos/nixpkgs.
Otherwise, you are going to get a 404 NotFound
from POST https://api.github.com/actions/runner-registration
in the configure script.
Type: string
Example: "https://github.com/nixos/nixpkgs"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/github-runners.nix>
|
services.github-runners.<name>.userUser under which to run the service. If null, will use a systemd dynamic user.
Type: null or string
Default: username
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/github-runners.nix>
|
services.gitlab.enableEnable the gitlab service.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.packages.gitalyReference to the gitaly package
Type: package
Default: pkgs.gitaly
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.packages.gitlabReference to the gitlab package
Type: package
Default: pkgs.gitlab
Example: pkgs.gitlab-ee
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.packages.gitlab-shellReference to the gitlab-shell package
Type: package
Default: pkgs.gitlab-shell
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.packages.gitlab-workhorseReference to the gitlab-workhorse package
Type: package
Default: pkgs.gitlab-workhorse
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.packages.pagesReference to the gitlab-pages package
Type: package
Default: pkgs.gitlab-pages
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.backup.keepTimeHow long to keep the backups around, in
hours. 0 means “keep forever”.
Type: signed integer
Default: 0
Example: 48
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.backup.pathGitLab path for backups.
Type: string
Default: config.services.gitlab.statePath + "/backup"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.backup.skipDirectories to exclude from the backup. The example excludes
CI artifacts and LFS objects from the backups. The
tar option skips the creation of a tar
file.
Refer to https://docs.gitlab.com/ee/raketasks/backup_restore.html#excluding-specific-directories-from-the-backup for more information.
Type: one of "db", "uploads", "builds", "artifacts", "lfs", "registry", "pages", "repositories", "tar" or list of (one of "db", "uploads", "builds", "artifacts", "lfs", "registry", "pages", "repositories", "tar")
Default: [ ]
Example:
[ "artifacts" "lfs" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.backup.startAtThe time(s) to run automatic backup of GitLab state. Specified in systemd's time format; see systemd.time(7).
Type: string or list of string
Default: [ ]
Example: "03:00"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.backup.uploadOptionsGitLab automatic upload specification. Tells GitLab to upload the backup to a remote location when done.
Attributes specified here are added under
production -> backup -> upload in
config/gitlab.yml.
Type: attribute set
Default: { }
Example:
{
# Fog storage connection settings, see http://fog.io/storage/
connection = {
provider = "AWS";
region = "eu-north-1";
aws_access_key_id = "AKIAXXXXXXXXXXXXXXXX";
aws_secret_access_key = { _secret = config.deployment.keys.aws_access_key.path; };
};
# The remote 'directory' to store your backups in.
# For S3, this would be the bucket name.
remote_directory = "my-gitlab-backups";
# Use multipart uploads when file size reaches 100MB, see
# http://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html
multipart_chunk_size = 104857600;
# Turns on AWS Server-Side Encryption with Amazon S3-Managed Keys for backups, this is optional
encryption = "AES256";
# Specifies Amazon S3 storage class to use for backups, this is optional
storage_class = "STANDARD";
};
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.databaseCreateLocallyWhether a database should be automatically created on the
local host. Set this to false if you plan
on provisioning a local database yourself. This has no effect
if services.gitlab.databaseHost is customized.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.databaseHostGitLab database hostname. An empty string means “use local unix socket connection”.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.databaseNameGitLab database name.
Type: string
Default: "gitlab"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.databasePasswordFileFile containing the GitLab database user password.
This should be a string, not a nix path, since nix paths are copied into the world-readable nix store.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.databasePoolDatabase connection pool size.
Type: signed integer
Default: 5
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.databaseUsernameGitLab database user.
Type: string
Default: "gitlab"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.extraConfigExtra options to be added under
production in
config/gitlab.yml, as a nix attribute
set.
Options containing secret data should be set to an attribute
set containing the attribute _secret - a
string pointing to a file containing the value the option
should be set to. See the example to get a better picture of
this: in the resulting
config/gitlab.yml file, the
production.omniauth.providers[0].args.client_options.secret
key will be set to the contents of the
/var/keys/gitlab_oidc_secret file.
Type: YAML value
Default: { }
Example:
{
gitlab = {
default_projects_features = {
builds = false;
};
};
omniauth = {
enabled = true;
auto_sign_in_with_provider = "openid_connect";
allow_single_sign_on = ["openid_connect"];
block_auto_created_users = false;
providers = [
{
name = "openid_connect";
label = "OpenID Connect";
args = {
name = "openid_connect";
scope = ["openid" "profile"];
response_type = "code";
issuer = "https://keycloak.example.com/auth/realms/My%20Realm";
discovery = true;
client_auth_method = "query";
uid_field = "preferred_username";
client_options = {
identifier = "gitlab";
secret = { _secret = "/var/keys/gitlab_oidc_secret"; };
redirect_uri = "https://git.example.com/users/auth/openid_connect/callback";
};
};
}
];
};
};
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.extraDatabaseConfigExtra configuration in config/database.yml.
Type: attribute set
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.extraEnvAdditional environment variables for the GitLab environment.
Type: attribute set of string
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.extraGitlabRbExtra configuration to be placed in config/extra-gitlab.rb. This can be used to add configuration not otherwise exposed through this module's options.
Type: string
Default: ""
Example:
''
if Rails.env.production?
Rails.application.config.action_mailer.delivery_method = :sendmail
ActionMailer::Base.delivery_method = :sendmail
ActionMailer::Base.sendmail_settings = {
location: "/run/wrappers/bin/sendmail",
arguments: "-i -t"
}
end
''Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.extraShellConfigExtra configuration to merge into shell-config.yml
Type: attribute set
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.groupGroup to run gitlab and all related services.
Type: string
Default: "gitlab"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.hostGitLab host name. Used e.g. for copy-paste URLs.
Type: string
Default: config.networking.hostName
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.httpsWhether gitlab prints URLs with https as scheme.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.initialRootEmailInitial email address of the root account if this is a new install.
Type: string
Default: "admin@local.host"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.initialRootPasswordFileFile containing the initial password of the root account if this is a new install.
This should be a string, not a nix path, since nix paths are copied into the world-readable nix store.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.logrotate.enableEnable rotation of log files.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.logrotate.frequencyHow often to rotate the logs.
Type: string
Default: "daily"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.logrotate.keepHow many rotations to keep.
Type: signed integer
Default: 30
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.pagesExtraArgsArguments to pass to the gitlab-pages daemon
Type: list of string
Default:
[ "-listen-proxy" "127.0.0.1:8090" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.portGitLab server port for copy-paste URLs, e.g. 80 or 443 if you're service over https.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8080
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.puma.threadsMaxThe maximum number of threads Puma should use per worker. This limits how many threads Puma will automatically spawn in response to requests. In contrast to workers, threads will never be able to run Ruby code in parallel, but give higher IO parallelism.
Each thread consumes memory and contributes to Global VM Lock contention, so be careful when increasing this.
Type: signed integer
Default: 4
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.puma.threadsMinThe minimum number of threads Puma should use per worker.
Each thread consumes memory and contributes to Global VM Lock contention, so be careful when increasing this.
Type: signed integer
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.puma.workersThe number of worker processes Puma should spawn. This
controls the amount of parallel Ruby code can be
executed. GitLab recommends Number of CPU cores - 1, but at least two.
Each worker consumes quite a bit of memory, so be careful when increasing this.
Type: signed integer
Default: 2
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.redisUrlRedis URL for all GitLab services.
Type: string
Default: "unix:/run/gitlab/redis.sock"
Example: "redis://localhost:6379/"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.registry.enableEnable GitLab container registry.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.registry.certFilePath to GitLab container registry certificate.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.registry.defaultForProjectsIf GitLab container registry should be enabled by default for projects.
Type: boolean
Default: config.services.gitlab.registry.enable
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.registry.externalAddressExternal address used to access registry from the internet
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.registry.externalPortExternal port used to access registry from the internet
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.registry.hostGitLab container registry host name.
Type: string
Default: config.services.gitlab.host
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.registry.issuerGitLab container registry issuer.
Type: string
Default: "gitlab-issuer"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.registry.keyFilePath to GitLab container registry certificate-key.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.registry.portGitLab container registry port.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 4567
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.registry.serviceNameGitLab container registry service name.
Type: string
Default: "container_registry"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.secrets.dbFileA file containing the secret used to encrypt variables in the DB. If you change or lose this key you will be unable to access variables stored in database.
Make sure the secret is at least 32 characters and all random, no regular words or you'll be exposed to dictionary attacks.
This should be a string, not a nix path, since nix paths are copied into the world-readable nix store.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.secrets.jwsFileA file containing the secret used to encrypt session keys. If you change or lose this key, users will be disconnected.
Make sure the secret is an RSA private key in PEM format. You can generate one with
openssl genrsa 2048
This should be a string, not a nix path, since nix paths are copied into the world-readable nix store.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.secrets.otpFileA file containing the secret used to encrypt secrets for OTP tokens. If you change or lose this key, users which have 2FA enabled for login won't be able to login anymore.
Make sure the secret is at least 32 characters and all random, no regular words or you'll be exposed to dictionary attacks.
This should be a string, not a nix path, since nix paths are copied into the world-readable nix store.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.secrets.secretFileA file containing the secret used to encrypt variables in the DB. If you change or lose this key you will be unable to access variables stored in database.
Make sure the secret is at least 32 characters and all random, no regular words or you'll be exposed to dictionary attacks.
This should be a string, not a nix path, since nix paths are copied into the world-readable nix store.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.sidekiq.memoryKiller.enableWhether the Sidekiq MemoryKiller should be turned on. MemoryKiller kills Sidekiq when its memory consumption exceeds a certain limit.
See https://docs.gitlab.com/ee/administration/operations/sidekiq_memory_killer.html for details.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.sidekiq.memoryKiller.graceTimeThe time MemoryKiller waits after noticing excessive memory consumption before killing Sidekiq.
Type: signed integer
Default: 900
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.sidekiq.memoryKiller.maxMemoryThe maximum amount of memory, in MiB, a Sidekiq worker is allowed to consume before being killed.
Type: signed integer
Default: 2000
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.sidekiq.memoryKiller.shutdownWaitThe time allowed for all jobs to finish before Sidekiq is killed forcefully.
Type: signed integer
Default: 30
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.smtp.enableEnable gitlab mail delivery over SMTP.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.smtp.enableStartTLSAutoWhether to try to use StartTLS.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.smtp.addressAddress of the SMTP server for GitLab.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.smtp.authenticationAuthentication type to use, see http://api.rubyonrails.org/classes/ActionMailer/Base.html
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.smtp.domainHELO domain to use for outgoing mail.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.smtp.opensslVerifyModeHow OpenSSL checks the certificate, see http://api.rubyonrails.org/classes/ActionMailer/Base.html
Type: string
Default: "peer"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.smtp.passwordFileFile containing the password of the SMTP server for GitLab.
This should be a string, not a nix path, since nix paths are copied into the world-readable nix store.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.smtp.portPort of the SMTP server for GitLab.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 25
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.smtp.tlsWhether to use TLS wrapper-mode.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.smtp.usernameUsername of the SMTP server for GitLab.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.statePathGitLab state directory. Configuration, repositories and logs, among other things, are stored here.
The directory will be created automatically if it doesn't
exist already. Its parent directories must be owned by
either root or the user set in
services.gitlab.user.
Type: string
Default: "/var/gitlab/state"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.userUser to run gitlab and all related services.
Type: string
Default: "gitlab"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab.workhorse.configConfiguration options to add to Workhorse's configuration file.
See https://gitlab.com/gitlab-org/gitlab/-/blob/master/workhorse/config.toml.example and https://docs.gitlab.com/ee/development/workhorse/configuration.html for examples and option documentation.
Options containing secret data should be set to an attribute
set containing the attribute _secret - a string pointing
to a file containing the value the option should be set
to. See the example to get a better picture of this: in the
resulting configuration file, the
object_storage.s3.aws_secret_access_key key will be set to
the contents of the /var/keys/aws_secret_access_key
file.
Type: TOML value
Default: { }
Example:
{
object_storage.provider = "AWS";
object_storage.s3 = {
aws_access_key_id = "AKIAXXXXXXXXXXXXXXXX";
aws_secret_access_key = { _secret = "/var/keys/aws_secret_access_key"; };
};
};
Declared by:
<nixpkgs/nixos/modules/services/misc/gitlab.nix>
|
services.gitlab-runner.enableWhether to enable Gitlab Runner.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gitlab-runner.nix>
|
services.gitlab-runner.packageGitlab Runner package to use.
Type: package
Default: pkgs.gitlab-runner
Example: pkgs.gitlab-runner_1_11
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gitlab-runner.nix>
|
services.gitlab-runner.clear-docker-cache.enableWhether to periodically prune gitlab runner's Docker resources. If
enabled, a systemd timer will run clear-docker-cache as
specified by the dates option.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gitlab-runner.nix>
|
services.gitlab-runner.clear-docker-cache.packageDocker package to use for clearing up docker cache.
Type: unspecified value
Default: config.virtualisation.docker.package
Example: pkgs.docker
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gitlab-runner.nix>
|
services.gitlab-runner.clear-docker-cache.datesSpecification (in the format described by systemd.time(7)) of the time at which the prune will occur.
Type: string
Default: "weekly"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gitlab-runner.nix>
|
services.gitlab-runner.clear-docker-cache.flagsAny additional flags passed to clear-docker-cache.
Type: list of string
Default: [ ]
Example:
[ "prune" ]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gitlab-runner.nix>
|
services.gitlab-runner.configFileConfiguration file for gitlab-runner.
configFile takes precedence over services.
checkInterval and concurrent will be ignored too.
This option is deprecated, please use services instead.
You can use registrationConfigFile and
registrationFlags
for settings not covered by this module.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gitlab-runner.nix>
|
services.gitlab-runner.extraPackagesExtra packages to add to PATH for the gitlab-runner process.
Type: list of package
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gitlab-runner.nix>
|
services.gitlab-runner.gracefulTerminationFinish all remaining jobs before stopping. If not set gitlab-runner will stop immediately without waiting for jobs to finish, which will lead to failed builds.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gitlab-runner.nix>
|
services.gitlab-runner.gracefulTimeoutTime to wait until a graceful shutdown is turned into a forceful one.
Type: string
Default: "infinity"
Example: "5min 20s"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gitlab-runner.nix>
|
services.gitlab-runner.servicesGitLab Runner services.
Type: attribute set of (submodule)
Default: { }
Example:
{
# runner for building in docker via host's nix-daemon
# nix store will be readable in runner, might be insecure
nix = {
# File should contain at least these two variables:
# `CI_SERVER_URL`
# `REGISTRATION_TOKEN`
registrationConfigFile = "/run/secrets/gitlab-runner-registration";
dockerImage = "alpine";
dockerVolumes = [
"/nix/store:/nix/store:ro"
"/nix/var/nix/db:/nix/var/nix/db:ro"
"/nix/var/nix/daemon-socket:/nix/var/nix/daemon-socket:ro"
];
dockerDisableCache = true;
preBuildScript = pkgs.writeScript "setup-container" ''
mkdir -p -m 0755 /nix/var/log/nix/drvs
mkdir -p -m 0755 /nix/var/nix/gcroots
mkdir -p -m 0755 /nix/var/nix/profiles
mkdir -p -m 0755 /nix/var/nix/temproots
mkdir -p -m 0755 /nix/var/nix/userpool
mkdir -p -m 1777 /nix/var/nix/gcroots/per-user
mkdir -p -m 1777 /nix/var/nix/profiles/per-user
mkdir -p -m 0755 /nix/var/nix/profiles/per-user/root
mkdir -p -m 0700 "$HOME/.nix-defexpr"
. ${pkgs.nix}/etc/profile.d/nix.sh
${pkgs.nix}/bin/nix-env -i ${concatStringsSep " " (with pkgs; [ nix cacert git openssh ])}
${pkgs.nix}/bin/nix-channel --add https://nixos.org/channels/nixpkgs-unstable
${pkgs.nix}/bin/nix-channel --update nixpkgs
'';
environmentVariables = {
ENV = "/etc/profile";
USER = "root";
NIX_REMOTE = "daemon";
PATH = "/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin:/bin:/sbin:/usr/bin:/usr/sbin";
NIX_SSL_CERT_FILE = "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt";
};
tagList = [ "nix" ];
};
# runner for building docker images
docker-images = {
# File should contain at least these two variables:
# `CI_SERVER_URL`
# `REGISTRATION_TOKEN`
registrationConfigFile = "/run/secrets/gitlab-runner-registration";
dockerImage = "docker:stable";
dockerVolumes = [
"/var/run/docker.sock:/var/run/docker.sock"
];
tagList = [ "docker-images" ];
};
# runner for executing stuff on host system (very insecure!)
# make sure to add required packages (including git!)
# to `environment.systemPackages`
shell = {
# File should contain at least these two variables:
# `CI_SERVER_URL`
# `REGISTRATION_TOKEN`
registrationConfigFile = "/run/secrets/gitlab-runner-registration";
executor = "shell";
tagList = [ "shell" ];
};
# runner for everything else
default = {
# File should contain at least these two variables:
# `CI_SERVER_URL`
# `REGISTRATION_TOKEN`
registrationConfigFile = "/run/secrets/gitlab-runner-registration";
dockerImage = "debian:stable";
};
}
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gitlab-runner.nix>
|
services.gitlab-runner.services.<name>.buildsDirAbsolute path to a directory where builds will be stored in context of selected executor (Locally, Docker, SSH).
Type: null or path
Default: null
Example: "/var/lib/gitlab-runner/builds"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gitlab-runner.nix>
|
services.gitlab-runner.services.<name>.cloneUrlOverwrite the URL for the GitLab instance. Used if the Runner can’t connect to GitLab on the URL GitLab exposes itself.
Type: null or string
Default: null
Example: "http://gitlab.example.local"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gitlab-runner.nix>
|
services.gitlab-runner.services.<name>.debugTraceDisabledWhen set to true Runner will disable the possibility of
using the CI_DEBUG_TRACE feature.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gitlab-runner.nix>
|
services.gitlab-runner.services.<name>.descriptionName/description of the runner.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gitlab-runner.nix>
|
services.gitlab-runner.services.<name>.dockerAllowedImagesWhitelist allowed images.
Type: list of string
Default: [ ]
Example:
[ "ruby:*" "python:*" "php:*" "my.registry.tld:5000/*:*" ]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gitlab-runner.nix>
|
services.gitlab-runner.services.<name>.dockerAllowedServicesWhitelist allowed services.
Type: list of string
Default: [ ]
Example:
[ "postgres:9" "redis:*" "mysql:*" ]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gitlab-runner.nix>
|
services.gitlab-runner.services.<name>.dockerDisableCacheDisable all container caching.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gitlab-runner.nix>
|
services.gitlab-runner.services.<name>.dockerExtraHostsAdd a custom host-to-IP mapping.
Type: list of string
Default: [ ]
Example:
[ "other-host:127.0.0.1" ]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gitlab-runner.nix>
|
services.gitlab-runner.services.<name>.dockerImageDocker image to be used.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gitlab-runner.nix>
|
services.gitlab-runner.services.<name>.dockerPrivilegedGive extended privileges to container.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gitlab-runner.nix>
|
services.gitlab-runner.services.<name>.dockerVolumesBind-mount a volume and create it if it doesn't exist prior to mounting.
Type: list of string
Default: [ ]
Example:
[ "/var/run/docker.sock:/var/run/docker.sock" ]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gitlab-runner.nix>
|
services.gitlab-runner.services.<name>.environmentVariablesCustom environment variables injected to build environment.
For secrets you can use registrationConfigFile
with RUNNER_ENV variable set.
Type: attribute set of string
Default: { }
Example:
{
NAME = "value";
}Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gitlab-runner.nix>
|
services.gitlab-runner.services.<name>.executorSelect executor, eg. shell, docker, etc. See runner documentation for more information.
Type: string
Default: "docker"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gitlab-runner.nix>
|
services.gitlab-runner.services.<name>.limitLimit how many jobs can be handled concurrently by this service. 0 (default) simply means don't limit.
Type: signed integer
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gitlab-runner.nix>
|
services.gitlab-runner.services.<name>.maximumTimeoutWhat is the maximum timeout (in seconds) that will be set for job when using this Runner. 0 (default) simply means don't limit.
Type: signed integer
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gitlab-runner.nix>
|
services.gitlab-runner.services.<name>.postBuildScriptRunner-specific command script executed after code is pulled and just after build executes.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gitlab-runner.nix>
|
services.gitlab-runner.services.<name>.preBuildScriptRunner-specific command script executed after code is pulled, just before build executes.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gitlab-runner.nix>
|
services.gitlab-runner.services.<name>.preCloneScriptRunner-specific command script executed before code is pulled.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gitlab-runner.nix>
|
services.gitlab-runner.services.<name>.protectedWhen set to true Runner will only run on pipelines triggered on protected branches.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gitlab-runner.nix>
|
services.gitlab-runner.services.<name>.registrationConfigFileAbsolute path to a file with environment variables
used for gitlab-runner registration.
A list of all supported environment variables can be found in
gitlab-runner register --help.
Ones that you probably want to set is
CI_SERVER_URL=<CI server URL>
REGISTRATION_TOKEN=<registration secret>
WARNING: make sure to use quoted absolute path, or it is going to be copied to Nix Store.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gitlab-runner.nix>
|
services.gitlab-runner.services.<name>.registrationFlagsExtra command-line flags passed to
gitlab-runner register.
Execute gitlab-runner register --help
for a list of supported flags.
Type: list of string
Default: [ ]
Example:
[ "--docker-helper-image my/gitlab-runner-helper" ]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gitlab-runner.nix>
|
services.gitlab-runner.services.<name>.requestConcurrencyLimit number of concurrent requests for new jobs from GitLab.
Type: signed integer
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gitlab-runner.nix>
|
services.gitlab-runner.services.<name>.runUntaggedRegister to run untagged builds; defaults to
true when tagList is empty.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gitlab-runner.nix>
|
services.gitlab-runner.services.<name>.tagListTag list.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gitlab-runner.nix>
|
services.gitlab-runner.settingsGlobal gitlab-runner configuration. See https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-global-section for supported values.
Type: JSON value
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gitlab-runner.nix>
|
services.gitolite.enableEnable gitolite management under the
gitolite user. After
switching to a configuration with Gitolite enabled, you can
then run git clone gitolite@host:gitolite-admin.git to manage it further.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/gitolite.nix>
|
services.gitolite.enableGitAnnexEnable git-annex support. Uses the extraGitoliteRc option
to apply the necessary configuration.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/gitolite.nix>
|
services.gitolite.adminPubkeyInitial administrative public key for Gitolite. This should be an SSH Public Key. Note that this key will only be used once, upon the first initialization of the Gitolite user. The key string cannot have any line breaks in it.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/misc/gitolite.nix>
|
services.gitolite.commonHooksA list of custom git hooks that get copied to ~/.gitolite/hooks/common.
Type: list of path
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/misc/gitolite.nix>
|
services.gitolite.dataDirThe gitolite home directory used to store all repositories. If left as the default value this directory will automatically be created before the gitolite server starts, otherwise the sysadmin is responsible for ensuring the directory exists with appropriate ownership and permissions.
Type: string
Default: "/var/lib/gitolite"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitolite.nix>
|
services.gitolite.descriptionGitolite user account's description.
Type: string
Default: "Gitolite user"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitolite.nix>
|
services.gitolite.extraGitoliteRcExtra configuration to append to the default ~/.gitolite.rc.
This should be Perl code that modifies the %RC
configuration variable. The default ~/.gitolite.rc
content is generated by invoking gitolite print-default-rc,
and extra configuration from this option is appended to it. The result
is placed to Nix store, and the ~/.gitolite.rc file
becomes a symlink to it.
If you already have a customized (or otherwise changed)
~/.gitolite.rc file, NixOS will refuse to replace
it with a symlink, and the gitolite-init initialization service
will fail. In this situation, in order to use this option, you
will need to take any customizations you may have in
~/.gitolite.rc, convert them to appropriate Perl
statements, add them to this option, and remove the file.
See also the enableGitAnnex option.
Type: strings concatenated with "\n"
Default: ""
Example:
''
$RC{UMASK} = 0027;
$RC{SITE_INFO} = 'This is our private repository host';
push( @{$RC{ENABLE}}, 'Kindergarten' ); # enable the command/feature
@{$RC{ENABLE}} = grep { $_ ne 'desc' } @{$RC{ENABLE}}; # disable the command/feature
''
Declared by:
<nixpkgs/nixos/modules/services/misc/gitolite.nix>
|
services.gitolite.groupPrimary group of the Gitolite user account.
Type: string
Default: "gitolite"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitolite.nix>
|
services.gitolite.userGitolite user account. This is the username of the gitolite endpoint.
Type: string
Default: "gitolite"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitolite.nix>
|
services.gitweb.extraConfigVerbatim configuration text appended to the generated gitweb.conf file.
Type: strings concatenated with "\n"
Default: ""
Example:
''
$feature{'highlight'}{'default'} = [1];
$feature{'ctags'}{'default'} = [1];
$feature{'avatar'}{'default'} = ['gravatar'];
''Declared by:
<nixpkgs/nixos/modules/services/misc/gitweb.nix>
|
services.gitweb.gitwebThemeUse an alternative theme for gitweb, strongly inspired by GitHub.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/gitweb.nix>
|
services.gitweb.projectrootPath to git projects (bare repositories) that should be served by gitweb. Must not end with a slash.
Type: path
Default: "/srv/git"
Declared by:
<nixpkgs/nixos/modules/services/misc/gitweb.nix>
|
services.globalprotect.enableWhether to enable globalprotect.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/globalprotect-vpn.nix>
|
services.globalprotect.csdWrapperA script that will produce a Host Integrity Protection (HIP) report, as described at https://www.infradead.org/openconnect/hip.html
Type: null or path
Default: null
Example: "${pkgs.openconnect}/libexec/openconnect/hipreport.sh"
Declared by:
<nixpkgs/nixos/modules/services/networking/globalprotect-vpn.nix>
|
services.globalprotect.settingsGlobalProtect-openconnect configuration. For more information, visit https://github.com/yuezk/GlobalProtect-openconnect/wiki/Configuration.
Type: attribute set
Default: { }
Example:
{
"vpn1.company.com" = {
openconnect-args = "--script=/path/to/vpnc-script";
};
}Declared by:
<nixpkgs/nixos/modules/services/networking/globalprotect-vpn.nix>
|
services.glusterfs.enableWhether to enable GlusterFS Daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/glusterfs.nix>
|
services.glusterfs.enableGlustereventsdWhether to enable the GlusterFS Events Daemon
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/glusterfs.nix>
|
services.glusterfs.extraFlagsExtra flags passed to the GlusterFS daemon
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/glusterfs.nix>
|
services.glusterfs.killModeThe systemd KillMode to use for glusterd.
glusterd spawns other daemons like gsyncd. If you want these to stop when glusterd is stopped (e.g. to ensure that NixOS config changes are reflected even for these sub-daemons), set this to 'control-group'. If however you want running volume processes (glusterfsd) and thus gluster mounts not be interrupted when glusterd is restarted (for example, when you want to restart them manually at a later time), set this to 'process'.
Type: one of "control-group", "process", "mixed", "none"
Default: "control-group"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/glusterfs.nix>
|
services.glusterfs.logLevelLog level used by the GlusterFS daemon
Type: one of "DEBUG", "INFO", "WARNING", "ERROR", "CRITICAL", "TRACE", "NONE"
Default: "INFO"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/glusterfs.nix>
|
services.glusterfs.stopKillTimeoutThe systemd TimeoutStopSec to use.
After this time after having been asked to shut down, glusterd (and depending on the killMode setting also its child processes) are killed by systemd.
The default is set low because GlusterFS (as of 3.10) is known to not tell its children (like gsyncd) to terminate at all.
Type: string
Default: "5s"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/glusterfs.nix>
|
services.glusterfs.tlsSettingsMake the server communicate via TLS. This means it will only connect to other gluster servers having certificates signed by the same CA.
Enabling this will create a file /var/lib/glusterd/secure-access.
Disabling will delete this file again.
See also: https://gluster.readthedocs.io/en/latest/Administrator%20Guide/SSL/
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/glusterfs.nix>
|
services.glusterfs.tlsSettings.caCertPath certificate authority used to sign the cluster certificates.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/glusterfs.nix>
|
services.glusterfs.tlsSettings.tlsKeyPathPath to the private key used for TLS.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/glusterfs.nix>
|
services.glusterfs.tlsSettings.tlsPemPath to the certificate used for TLS.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/glusterfs.nix>
|
services.glusterfs.useRpcbindEnable use of rpcbind. This is required for Gluster's NFS functionality.
You may want to turn it off to reduce the attack surface for DDoS reflection attacks.
See https://davelozier.com/glusterfs-and-rpcbind-portmap-ddos-reflection-attacks/ and https://bugzilla.redhat.com/show_bug.cgi?id=1426842 for details.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/glusterfs.nix>
|
services.gnome.at-spi2-core.enableWhether to enable at-spi2-core, a service for the Assistive Technologies available on the GNOME platform.
Enable this if you get the error or warning
The name org.a11y.Bus was not provided by any .service files.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/desktops/gnome/at-spi2-core.nix>
|
services.gnome.core-developer-tools.enableWhether to enable GNOME core developer tools.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/gnome.nix>
|
services.gnome.core-os-services.enableWhether to enable essential services for GNOME3.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/gnome.nix>
|
services.gnome.core-shell.enableWhether to enable GNOME Shell services.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/gnome.nix>
|
services.gnome.core-utilities.enableWhether to enable GNOME core utilities.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/gnome.nix>
|
services.gnome.evolution-data-server.enableWhether to enable Evolution Data Server, a collection of services for storing addressbooks and calendars..
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/desktops/gnome/evolution-data-server.nix>
|
services.gnome.evolution-data-server.pluginsPlugins for Evolution Data Server.
Type: list of package
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/desktops/gnome/evolution-data-server.nix>
|
services.gnome.games.enableWhether to enable GNOME games.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/gnome.nix>
|
services.gnome.glib-networking.enableWhether to enable network extensions for GLib.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/desktops/gnome/glib-networking.nix>
|
services.gnome.gnome-browser-connector.enableWhether to enable Native host connector for the GNOME Shell browser extension, a DBus service allowing to install GNOME Shell extensions from a web browser. .
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/desktops/gnome/gnome-browser-connector.nix>
|
services.gnome.gnome-initial-setup.enableWhether to enable GNOME Initial Setup, a Simple, easy, and safe way to prepare a new system.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/desktops/gnome/gnome-initial-setup.nix>
|
services.gnome.gnome-keyring.enableWhether to enable GNOME Keyring daemon, a service designed to take care of the user's security credentials, such as user names and passwords.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/desktops/gnome/gnome-keyring.nix>
|
services.gnome.gnome-online-accounts.enableWhether to enable GNOME Online Accounts daemon, a service that provides a single sign-on framework for the GNOME desktop.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/desktops/gnome/gnome-online-accounts.nix>
|
services.gnome.gnome-online-miners.enableWhether to enable GNOME Online Miners, a service that crawls through your online content.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/desktops/gnome/gnome-online-miners.nix>
|
services.gnome.gnome-remote-desktop.enableWhether to enable Remote Desktop support using Pipewire.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/desktops/gnome/gnome-remote-desktop.nix>
|
services.gnome.gnome-settings-daemon.enableWhether to enable GNOME Settings Daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/desktops/gnome/gnome-settings-daemon.nix>
|
services.gnome.gnome-user-share.enableWhether to enable GNOME User Share, a user-level file sharing service for GNOME.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/desktops/gnome/gnome-user-share.nix>
|
services.gnome.rygel.enableWhether to enable Rygel UPnP Mediaserver.
You will need to also allow UPnP connections in firewall, see the following comment.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/desktops/gnome/rygel.nix>
|
services.gnome.sushi.enableWhether to enable Sushi, a quick previewer for nautilus.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/desktops/gnome/sushi.nix>
|
services.gnome.tracker.enableWhether to enable Tracker services, a search engine, search tool and metadata storage system.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/desktops/gnome/tracker.nix>
|
services.gnome.tracker-miners.enableWhether to enable Tracker miners, indexing services for Tracker search engine and metadata storage system.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/desktops/gnome/tracker-miners.nix>
|
services.gnunet.enableWhether to run the GNUnet daemon. GNUnet is GNU's anonymous peer-to-peer communication and file sharing framework.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/gnunet.nix>
|
services.gnunet.packageOverridable attribute of the gnunet package to use.
Type: package
Default: pkgs.gnunet
Example: pkgs.gnunet_git
Declared by:
<nixpkgs/nixos/modules/services/networking/gnunet.nix>
|
services.gnunet.extraOptionsAdditional options that will be copied verbatim in gnunet.conf'. Seegnunet.conf(5)' for details.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/gnunet.nix>
|
services.gnunet.fileSharing.quotaMaximum file system usage (in MiB) for file sharing.
Type: signed integer
Default: 1024
Declared by:
<nixpkgs/nixos/modules/services/networking/gnunet.nix>
|
services.gnunet.load.hardNetUpBandwidthHard bandwidth limit (in bits per second) when uploading data.
Type: signed integer
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/networking/gnunet.nix>
|
services.gnunet.load.maxNetDownBandwidthMaximum bandwidth usage (in bits per second) for GNUnet when downloading data.
Type: signed integer
Default: 50000
Declared by:
<nixpkgs/nixos/modules/services/networking/gnunet.nix>
|
services.gnunet.load.maxNetUpBandwidthMaximum bandwidth usage (in bits per second) for GNUnet when downloading data.
Type: signed integer
Default: 50000
Declared by:
<nixpkgs/nixos/modules/services/networking/gnunet.nix>
|
services.gnunet.tcp.portThe TCP port for use by GNUnet.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 2086
Declared by:
<nixpkgs/nixos/modules/services/networking/gnunet.nix>
|
services.gnunet.udp.portThe UDP port for use by GNUnet.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 2086
Declared by:
<nixpkgs/nixos/modules/services/networking/gnunet.nix>
|
services.go-autoconfig.enableWhether to enable IMAP/SMTP autodiscover feature for mail clients.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/go-autoconfig.nix>
|
services.go-autoconfig.settingsConfiguration for go-autoconfig. See https://github.com/L11R/go-autoconfig/blob/master/config.yml for more information.
Type: YAML value
Default: { }
Example:
{
service_addr = ":1323";
domain = "autoconfig.example.org";
imap = {
server = "example.org";
port = 993;
};
smtp = {
server = "example.org";
port = 465;
};
}
Declared by:
<nixpkgs/nixos/modules/services/networking/go-autoconfig.nix>
|
services.go-neb.enableWhether to enable Extensible matrix bot written in Go.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/go-neb.nix>
|
services.go-neb.baseUrlPublic-facing endpoint that can receive webhooks.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/go-neb.nix>
|
services.go-neb.bindAddressPort (and optionally address) to listen on.
Type: string
Default: ":4050"
Declared by:
<nixpkgs/nixos/modules/services/networking/go-neb.nix>
|
services.go-neb.configYour config.yaml as a Nix attribute set.
See config.sample.yaml
for possible options.
Type: YAML value
Declared by:
<nixpkgs/nixos/modules/services/networking/go-neb.nix>
|
services.go-neb.secretFileEnvironment variables from this file will be interpolated into the
final config file using envsubst with this syntax: $ENVIRONMENT
or ${VARIABLE}.
The file should contain lines formatted as SECRET_VAR=SECRET_VALUE.
This is useful to avoid putting secrets into the nix store.
Type: null or path
Default: null
Example: "/run/keys/go-neb.env"
Declared by:
<nixpkgs/nixos/modules/services/networking/go-neb.nix>
|
services.go-shadowsocks2.server.enableWhether to enable go-shadowsocks2 server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/go-shadowsocks2.nix>
|
services.go-shadowsocks2.server.listenAddressServer listen address or URL
Type: string
Example: "ss://AEAD_CHACHA20_POLY1305:your-password@:8488"
Declared by:
<nixpkgs/nixos/modules/services/networking/go-shadowsocks2.nix>
|
services.gobgpd.enableWhether to enable GoBGP Routing Daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/gobgpd.nix>
|
services.gobgpd.settingsGoBGP configuration. Refer to https://github.com/osrg/gobgp#documentation for details on supported values.
Type: TOML value
Default: { }
Example:
{
global = {
config = {
as = 64512;
router-id = "192.168.255.1";
};
};
neighbors = [
{
config = {
neighbor-address = "10.0.255.1";
peer-as = 65001;
};
}
{
config = {
neighbor-address = "10.0.255.2";
peer-as = 65002;
};
}
];
}
Declared by:
<nixpkgs/nixos/modules/services/networking/gobgpd.nix>
|
services.gocd-agent.enableWhether to enable gocd-agent.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gocd-agent/default.nix>
|
services.gocd-agent.packagesPackages to add to PATH for the Go.CD agent process.
Type: list of package
Default: [ pkgs.stdenv pkgs.jre pkgs.git config.programs.ssh.package pkgs.nix ]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gocd-agent/default.nix>
|
services.gocd-agent.agentConfigAgent registration configuration.
Type: string
Default: ""
Example:
'' agent.auto.register.resources=ant,java agent.auto.register.environments=QA,Performance agent.auto.register.hostname=Agent01 ''
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gocd-agent/default.nix>
|
services.gocd-agent.environmentAdditional environment variables to be passed to the Go.CD agent process.
As a base environment, Go.CD agent receives NIX_PATH from
environment.sessionVariables, NIX_REMOTE is set to
"daemon".
Type: attribute set of string
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gocd-agent/default.nix>
|
services.gocd-agent.extraGroupsList of extra groups that the "gocd-agent" user should be a part of.
Type: list of string
Default: [ ]
Example:
[ "wheel" "docker" ]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gocd-agent/default.nix>
|
services.gocd-agent.extraOptionsSpecifies additional command line arguments to pass to Go.CD agent java process. Example contains debug and gcLog arguments.
Type: list of string
Default: [ ]
Example:
[ "-X debug" "-Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=5006" "-verbose:gc" "-Xloggc:go-agent-gc.log" "-XX:+PrintGCTimeStamps" "-XX:+PrintTenuringDistribution" "-XX:+PrintGCDetails" "-XX:+PrintGC" ]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gocd-agent/default.nix>
|
services.gocd-agent.goServerURL of the GoCD Server to attach the Go.CD Agent to.
Type: string
Default: "https://127.0.0.1:8154/go"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gocd-agent/default.nix>
|
services.gocd-agent.groupIf the default user "gocd-agent" is configured then this is the primary group of that user.
Type: string
Default: "gocd-agent"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gocd-agent/default.nix>
|
services.gocd-agent.initialJavaHeapSizeSpecifies the initial java heap memory size for the Go.CD agent java process.
Type: string
Default: "128m"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gocd-agent/default.nix>
|
services.gocd-agent.maxJavaHeapMemorySpecifies the java maximum heap memory size for the Go.CD agent java process.
Type: string
Default: "256m"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gocd-agent/default.nix>
|
services.gocd-agent.startupOptionsSpecifies startup command line arguments to pass to Go.CD agent java process.
Type: list of string
Default:
[
"-Xms${config.services.gocd-agent.initialJavaHeapSize}"
"-Xmx${config.services.gocd-agent.maxJavaHeapMemory}"
"-Djava.io.tmpdir=/tmp"
"-Dcruise.console.publish.interval=10"
"-Djava.security.egd=file:/dev/./urandom"
]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gocd-agent/default.nix>
|
services.gocd-agent.userUser the Go.CD agent should execute under.
Type: string
Default: "gocd-agent"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gocd-agent/default.nix>
|
services.gocd-agent.workDirSpecifies the working directory in which the Go.CD agent java archive resides.
Type: string
Default: "/var/lib/go-agent"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gocd-agent/default.nix>
|
services.gocd-server.enableWhether to enable gocd-server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gocd-server/default.nix>
|
services.gocd-server.packagesPackages to add to PATH for the Go.CD server's process.
Type: list of package
Default: [ pkgs.stdenv pkgs.jre pkgs.git config.programs.ssh.package pkgs.nix ]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gocd-server/default.nix>
|
services.gocd-server.environmentAdditional environment variables to be passed to the gocd-server process.
As a base environment, gocd-server receives NIX_PATH from
environment.sessionVariables, NIX_REMOTE is set to
"daemon".
Type: attribute set of string
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gocd-server/default.nix>
|
services.gocd-server.extraGroupsList of extra groups that the "gocd-server" user should be a part of.
Type: list of string
Default: [ ]
Example:
[ "wheel" "docker" ]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gocd-server/default.nix>
|
services.gocd-server.extraOptionsSpecifies additional command line arguments to pass to Go.CD server's java process. Example contains debug and gcLog arguments.
Type: list of string
Default: [ ]
Example:
[ "-X debug" "-Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=5005" "-verbose:gc" "-Xloggc:go-server-gc.log" "-XX:+PrintGCTimeStamps" "-XX:+PrintTenuringDistribution" "-XX:+PrintGCDetails" "-XX:+PrintGC" ]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gocd-server/default.nix>
|
services.gocd-server.groupIf the default user "gocd-server" is configured then this is the primary group of that user.
Type: string
Default: "gocd-server"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gocd-server/default.nix>
|
services.gocd-server.initialJavaHeapSizeSpecifies the initial java heap memory size for the Go.CD server's java process.
Type: string
Default: "512m"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gocd-server/default.nix>
|
services.gocd-server.listenAddressSpecifies the bind address on which the Go.CD server HTTP interface listens.
Type: string
Default: "0.0.0.0"
Example: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gocd-server/default.nix>
|
services.gocd-server.maxJavaHeapMemorySpecifies the java maximum heap memory size for the Go.CD server's java process.
Type: string
Default: "1024m"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gocd-server/default.nix>
|
services.gocd-server.portSpecifies port number on which the Go.CD server HTTP interface listens.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8153
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gocd-server/default.nix>
|
services.gocd-server.sslPortSpecifies port number on which the Go.CD server HTTPS interface listens.
Type: signed integer
Default: 8154
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gocd-server/default.nix>
|
services.gocd-server.startupOptionsSpecifies startup command line arguments to pass to Go.CD server java process.
Type: list of string
Default:
[
"-Xms${config.services.gocd-server.initialJavaHeapSize}"
"-Xmx${config.services.gocd-server.maxJavaHeapMemory}"
"-Dcruise.listen.host=${config.services.gocd-server.listenAddress}"
"-Duser.language=en"
"-Djruby.rack.request.size.threshold.bytes=30000000"
"-Duser.country=US"
"-Dcruise.config.dir=${config.services.gocd-server.workDir}/conf"
"-Dcruise.config.file=${config.services.gocd-server.workDir}/conf/cruise-config.xml"
"-Dcruise.server.port=${toString config.services.gocd-server.port}"
"-Dcruise.server.ssl.port=${toString config.services.gocd-server.sslPort}"
"--add-opens=java.base/java.lang=ALL-UNNAMED"
"--add-opens=java.base/java.util=ALL-UNNAMED"
]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gocd-server/default.nix>
|
services.gocd-server.userUser the Go.CD server should execute under.
Type: string
Default: "gocd-server"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gocd-server/default.nix>
|
services.gocd-server.workDirSpecifies the working directory in which the Go.CD server java archive resides.
Type: string
Default: "/var/lib/go-server"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/gocd-server/default.nix>
|
services.gogs.enableEnable Go Git Service.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/gogs.nix>
|
services.gogs.appNameApplication name.
Type: string
Default: "Gogs: Go Git Service"
Declared by:
<nixpkgs/nixos/modules/services/misc/gogs.nix>
|
services.gogs.cookieSecureMarks session cookies as "secure" as a hint for browsers to only send them via HTTPS. This option is recommend, if Gogs is being served over HTTPS.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/gogs.nix>
|
services.gogs.database.hostDatabase host address.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/misc/gogs.nix>
|
services.gogs.database.nameDatabase name.
Type: string
Default: "gogs"
Declared by:
<nixpkgs/nixos/modules/services/misc/gogs.nix>
|
services.gogs.database.passwordThe password corresponding to database.user.
Warning: this is stored in cleartext in the Nix store!
Use database.passwordFile instead.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/misc/gogs.nix>
|
services.gogs.database.passwordFileA file containing the password corresponding to
database.user.
Type: null or path
Default: null
Example: "/run/keys/gogs-dbpassword"
Declared by:
<nixpkgs/nixos/modules/services/misc/gogs.nix>
|
services.gogs.database.pathPath to the sqlite3 database file.
Type: string
Default: "${config.services.gogs.stateDir}/data/gogs.db"
Declared by:
<nixpkgs/nixos/modules/services/misc/gogs.nix>
|
services.gogs.database.portDatabase host port.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 3306
Declared by:
<nixpkgs/nixos/modules/services/misc/gogs.nix>
|
services.gogs.database.typeDatabase engine to use.
Type: one of "sqlite3", "mysql", "postgres"
Default: "sqlite3"
Example: "mysql"
Declared by:
<nixpkgs/nixos/modules/services/misc/gogs.nix>
|
services.gogs.database.userDatabase user.
Type: string
Default: "gogs"
Declared by:
<nixpkgs/nixos/modules/services/misc/gogs.nix>
|
services.gogs.domainDomain name of your server.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/misc/gogs.nix>
|
services.gogs.extraConfigConfiguration lines appended to the generated Gogs configuration file.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/misc/gogs.nix>
|
services.gogs.groupGroup account under which Gogs runs.
Type: string
Default: "gogs"
Declared by:
<nixpkgs/nixos/modules/services/misc/gogs.nix>
|
services.gogs.httpAddressHTTP listen address.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/misc/gogs.nix>
|
services.gogs.httpPortHTTP listen port.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 3000
Declared by:
<nixpkgs/nixos/modules/services/misc/gogs.nix>
|
services.gogs.repositoryRootPath to the git repositories.
Type: string
Default: "${config.services.gogs.stateDir}/repositories"
Declared by:
<nixpkgs/nixos/modules/services/misc/gogs.nix>
|
services.gogs.rootUrlFull public URL of Gogs server.
Type: string
Default: "http://localhost:3000/"
Declared by:
<nixpkgs/nixos/modules/services/misc/gogs.nix>
|
services.gogs.stateDirGogs data directory.
Type: string
Default: "/var/lib/gogs"
Declared by:
<nixpkgs/nixos/modules/services/misc/gogs.nix>
|
services.gogs.useWizardDo not generate a configuration and use Gogs' installation wizard instead. The first registered user will be administrator.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/gogs.nix>
|
services.gogs.userUser account under which Gogs runs.
Type: string
Default: "gogs"
Declared by:
<nixpkgs/nixos/modules/services/misc/gogs.nix>
|
services.gollum.enableWhether to enable Gollum service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/gollum.nix>
|
services.gollum.packageThe package used in the service
Type: package
Default: pkgs.gollum
Declared by:
<nixpkgs/nixos/modules/services/misc/gollum.nix>
|
services.gollum.addressIP address on which the web server will listen.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/misc/gollum.nix>
|
services.gollum.allowUploadsEnable uploads of external files
Type: null or one of "dir", "page"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/gollum.nix>
|
services.gollum.branchGit branch to serve
Type: string
Default: "master"
Example: "develop"
Declared by:
<nixpkgs/nixos/modules/services/misc/gollum.nix>
|
services.gollum.emojiParse and interpret emoji tags
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/gollum.nix>
|
services.gollum.extraConfigContent of the configuration file
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/misc/gollum.nix>
|
services.gollum.h1-titleUse the first h1 as page title
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/gollum.nix>
|
services.gollum.local-timeUse the browser's local timezone instead of the server's for displaying dates.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/gollum.nix>
|
services.gollum.mathjaxEnable support for math rendering using MathJax
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/gollum.nix>
|
services.gollum.no-editDisable editing pages
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/gollum.nix>
|
services.gollum.portPort on which the web server will run.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 4567
Declared by:
<nixpkgs/nixos/modules/services/misc/gollum.nix>
|
services.gollum.stateDirSpecifies the path of the repository directory. If it does not exist, Gollum will create it on startup.
Type: path
Default: "/var/lib/gollum"
Declared by:
<nixpkgs/nixos/modules/services/misc/gollum.nix>
|
services.gollum.user-iconsEnable specific user icons for history view
Type: null or one of "gravatar", "identicon"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/gollum.nix>
|
services.gotify.enableWhether to enable Gotify webserver.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/gotify-server.nix>
|
services.gotify.portPort the server listens to.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Declared by:
<nixpkgs/nixos/modules/services/web-apps/gotify-server.nix>
|
services.gotify.stateDirectoryNameThe name of the directory below /var/lib where
gotify stores its runtime data.
Type: string
Default: "gotify-server"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/gotify-server.nix>
|
services.gpm.enableWhether to enable GPM, the General Purpose Mouse daemon, which enables mouse support in virtual consoles.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/ttys/gpm.nix>
|
services.gpm.protocolMouse protocol to use.
Type: string
Default: "ps/2"
Declared by:
<nixpkgs/nixos/modules/services/ttys/gpm.nix>
|
services.gpsd.enableWhether to enable `gpsd', a GPS service daemon.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/gpsd.nix>
|
services.gpsd.debugLevelThe debugging level.
Type: signed integer
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/misc/gpsd.nix>
|
services.gpsd.deviceA device may be a local serial device for GPS input, or a URL of the form:
[{dgpsip|ntrip}://][user:passwd@]host[:port][/stream]
in which case it specifies an input source for DGPS or ntrip data.
Type: string
Default: "/dev/ttyUSB0"
Declared by:
<nixpkgs/nixos/modules/services/misc/gpsd.nix>
|
services.gpsd.listenanyListen on all addresses rather than just loopback.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/gpsd.nix>
|
services.gpsd.nowaitdon't wait for client connects to poll GPS
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/gpsd.nix>
|
services.gpsd.portThe port where to listen for TCP connections.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 2947
Declared by:
<nixpkgs/nixos/modules/services/misc/gpsd.nix>
|
services.gpsd.readonlyWhether to enable the broken-device-safety, otherwise known as read-only mode. Some popular bluetooth and USB receivers lock up or become totally inaccessible when probed or reconfigured. This switch prevents gpsd from writing to a receiver. This means that gpsd cannot configure the receiver for optimal performance, but it also means that gpsd cannot break the receiver. A better solution would be for Bluetooth to not be so fragile. A platform independent method to identify serial-over-Bluetooth devices would also be nice.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/misc/gpsd.nix>
|
services.grafana.enableWhether to enable grafana.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.packagePackage to use.
Type: package
Default: pkgs.grafana
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.dataDirData directory.
Type: path
Default: "/var/lib/grafana"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.declarativePluginsIf non-null, then a list of packages containing Grafana plugins to install. If set, plugins cannot be manually installed.
Type: null or (list of path)
Default: null
Example: with pkgs.grafanaPlugins; [ grafana-piechart-panel ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.provision.enableWhether to enable provision.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.provision.alerting.contactPoints.pathPath to YAML contact points configuration. Can't be used with
services.grafana.provision.alerting.contactPoints.settings simultaneously.
Can be either a directory or a single YAML file. Will end up in the store.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.provision.alerting.contactPoints.settingsGrafana contact points configuration in Nix. Can't be used with
services.grafana.provision.alerting.contactPoints.path simultaneously. See
https://grafana.com/docs/grafana/latest/administration/provisioning/#contact-points
for supported options.
Type: null or (submodule)
Default: null
Example:
{
apiVersion = 1;
contactPoints = [{
orgId = 1;
name = "cp_1";
receivers = [{
uid = "first_uid";
type = "prometheus-alertmanager";
settings.url = "http://test:9000";
}];
}];
deleteContactPoints = [{
orgId = 1;
uid = "first_uid";
}];
}
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.provision.alerting.contactPoints.settings.apiVersionConfig file version.
Type: signed integer
Default: 1
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.provision.alerting.contactPoints.settings.contactPointsList of contact points to import or update.
Type: list of (YAML value)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.provision.alerting.contactPoints.settings.contactPoints.*.nameName of the contact point. Required.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.provision.alerting.contactPoints.settings.deleteContactPointsList of receivers that should be deleted.
Type: list of (submodule)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.provision.alerting.contactPoints.settings.deleteContactPoints.*.orgIdOrganization ID, default = 1.
Type: signed integer
Default: 1
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.provision.alerting.contactPoints.settings.deleteContactPoints.*.uidUnique identifier for the receiver. Required.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.provision.alerting.muteTimings.pathPath to YAML mute timings configuration. Can't be used with
services.grafana.provision.alerting.muteTimings.settings simultaneously.
Can be either a directory or a single YAML file. Will end up in the store.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.provision.alerting.muteTimings.settingsGrafana mute timings configuration in Nix. Can't be used with
services.grafana.provision.alerting.muteTimings.path simultaneously. See
https://grafana.com/docs/grafana/latest/administration/provisioning/#mute-timings
for supported options.
Type: null or (submodule)
Default: null
Example:
{
apiVersion = 1;
muteTimes = [{
orgId = 1;
name = "mti_1";
time_intervals = [{
times = [{
start_time = "06:00";
end_time = "23:59";
}];
weekdays = [
"monday:wednesday"
"saturday"
"sunday"
];
months = [
"1:3"
"may:august"
"december"
];
years = [
"2020:2022"
"2030"
];
days_of_month = [
"1:5"
"-3:-1"
];
}];
}];
deleteMuteTimes = [{
orgId = 1;
name = "mti_1";
}];
}
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.provision.alerting.muteTimings.settings.apiVersionConfig file version.
Type: signed integer
Default: 1
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.provision.alerting.muteTimings.settings.deleteMuteTimesList of mute time intervals that should be deleted.
Type: list of (submodule)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.provision.alerting.muteTimings.settings.deleteMuteTimes.*.nameName of the mute time interval, must be unique. Required.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.provision.alerting.muteTimings.settings.deleteMuteTimes.*.orgIdOrganization ID, default = 1.
Type: signed integer
Default: 1
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.provision.alerting.muteTimings.settings.muteTimesList of mute time intervals to import or update.
Type: list of (YAML value)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.provision.alerting.muteTimings.settings.muteTimes.*.nameName of the mute time interval, must be unique. Required.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.provision.alerting.policies.pathPath to YAML notification policies configuration. Can't be used with
services.grafana.provision.alerting.policies.settings simultaneously.
Can be either a directory or a single YAML file. Will end up in the store.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.provision.alerting.policies.settingsGrafana notification policies configuration in Nix. Can't be used with
services.grafana.provision.alerting.policies.path simultaneously. See
https://grafana.com/docs/grafana/latest/administration/provisioning/#notification-policies
for supported options.
Type: null or (submodule)
Default: null
Example:
{
apiVersion = 1;
policies = [{
orgId = 1;
receiver = "grafana-default-email";
group_by = [ "..." ];
matchers = [
"alertname = Watchdog"
"severity =~ \"warning|critical\""
];
mute_time_intervals = [
"abc"
];
group_wait = "30s";
group_interval = "5m";
repeat_interval = "4h";
}];
resetPolicies = [
1
];
}
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.provision.alerting.policies.settings.apiVersionConfig file version.
Type: signed integer
Default: 1
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.provision.alerting.policies.settings.policiesList of contact points to import or update.
Type: list of (YAML value)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.provision.alerting.policies.settings.resetPoliciesList of orgIds that should be reset to the default policy.
Type: list of signed integer
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.provision.alerting.rules.pathPath to YAML rules configuration. Can't be used with
services.grafana.provision.alerting.rules.settings simultaneously.
Can be either a directory or a single YAML file. Will end up in the store.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.provision.alerting.rules.settingsGrafana rules configuration in Nix. Can't be used with
services.grafana.provision.alerting.rules.path simultaneously. See
https://grafana.com/docs/grafana/latest/administration/provisioning/#rules
for supported options.
Type: null or (submodule)
Default: null
Example:
{
apiVersion = 1;
groups = [{
orgId = 1;
name = "my_rule_group";
folder = "my_first_folder";
interval = "60s";
rules = [{
uid = "my_id_1";
title = "my_first_rule";
condition = "A";
data = [{
refId = "A";
datasourceUid = "-100";
model = {
conditions = [{
evaluator = {
params = [ 3 ];
type = "git";
};
operator.type = "and";
query.params = [ "A" ];
reducer.type = "last";
type = "query";
}];
datasource = {
type = "__expr__";
uid = "-100";
};
expression = "1==0";
intervalMs = 1000;
maxDataPoints = 43200;
refId = "A";
type = "math";
};
}];
dashboardUid = "my_dashboard";
panelId = 123;
noDataState = "Alerting";
for = "60s";
annotations.some_key = "some_value";
labels.team = "sre_team1";
}];
}];
deleteRules = [{
orgId = 1;
uid = "my_id_1";
}];
}
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.provision.alerting.rules.settings.apiVersionConfig file version.
Type: signed integer
Default: 1
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.provision.alerting.rules.settings.deleteRulesList of alert rule UIDs that should be deleted.
Type: list of (submodule)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.provision.alerting.rules.settings.deleteRules.*.orgIdOrganization ID, default = 1
Type: signed integer
Default: 1
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.provision.alerting.rules.settings.deleteRules.*.uidUnique identifier for the rule. Required.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.provision.alerting.rules.settings.groupsList of rule groups to import or update.
Type: list of (YAML value)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.provision.alerting.rules.settings.groups.*.folderName of the folder the rule group will be stored in. Required.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.provision.alerting.rules.settings.groups.*.intervalInterval that the rule group should be evaluated at. Required.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.provision.alerting.rules.settings.groups.*.nameName of the rule group. Required.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.provision.alerting.templates.pathPath to YAML templates configuration. Can't be used with
services.grafana.provision.alerting.templates.settings simultaneously.
Can be either a directory or a single YAML file. Will end up in the store.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.provision.alerting.templates.settingsGrafana templates configuration in Nix. Can't be used with
services.grafana.provision.alerting.templates.path simultaneously. See
https://grafana.com/docs/grafana/latest/administration/provisioning/#templates
for supported options.
Type: null or (submodule)
Default: null
Example:
{
apiVersion = 1;
templates = [{
orgId = 1;
name = "my_first_template";
template = "Alerting with a custom text template";
}];
deleteTemplates = [{
orgId = 1;
name = "my_first_template";
}];
}
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.provision.alerting.templates.settings.apiVersionConfig file version.
Type: signed integer
Default: 1
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.provision.alerting.templates.settings.deleteTemplatesList of alert rule UIDs that should be deleted.
Type: list of (submodule)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.provision.alerting.templates.settings.deleteTemplates.*.nameName of the template, must be unique. Required.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.provision.alerting.templates.settings.deleteTemplates.*.orgIdOrganization ID, default = 1.
Type: signed integer
Default: 1
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.provision.alerting.templates.settings.templatesList of templates to import or update.
Type: list of (YAML value)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.provision.alerting.templates.settings.templates.*.nameName of the template, must be unique. Required.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.provision.alerting.templates.settings.templates.*.templateAlerting with a custom text template
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.provision.dashboardsDeclaratively provision Grafana's dashboards.
Type: (submodule) or (Wrapper-type for backwards compat of Grafana's declarative provisioning) convertible to it
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.provision.dashboards.pathPath to YAML dashboard configuration. Can't be used with
services.grafana.provision.dashboards.settings simultaneously.
Can be either a directory or a single YAML file. Will end up in the store.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.provision.dashboards.settingsGrafana dashboard configuration in Nix. Can't be used with
services.grafana.provision.dashboards.path simultaneously. See
https://grafana.com/docs/grafana/latest/administration/provisioning/#dashboards
for supported options.
Type: null or (submodule)
Default: null
Example:
{
apiVersion = 1;
providers = [{
name = "default";
options.path = "/var/lib/grafana/dashboards";
}];
}
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.provision.dashboards.settings.apiVersionConfig file version.
Type: signed integer
Default: 1
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.provision.dashboards.settings.providersList of dashboards to insert/update.
Type: list of (YAML value)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.provision.dashboards.settings.providers.*.nameA unique provider name.
Type: string
Default: "default"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.provision.dashboards.settings.providers.*.options.pathPath grafana will watch for dashboards. Required when using the 'file' type.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.provision.dashboards.settings.providers.*.typeDashboard provider type.
Type: string
Default: "file"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.provision.datasourcesDeclaratively provision Grafana's datasources.
Type: (submodule) or (Wrapper-type for backwards compat of Grafana's declarative provisioning) convertible to it
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.provision.datasources.pathPath to YAML datasource configuration. Can't be used with
services.grafana.provision.datasources.settings simultaneously.
Can be either a directory or a single YAML file. Will end up in the store.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.provision.datasources.settingsGrafana datasource configuration in Nix. Can't be used with
services.grafana.provision.datasources.path simultaneously. See
https://grafana.com/docs/grafana/latest/administration/provisioning/#data-sources
for supported options.
Type: null or (submodule)
Default: null
Example:
{
apiVersion = 1;
datasources = [{
name = "Graphite";
type = "graphite";
}];
deleteDatasources = [{
name = "Graphite";
orgId = 1;
}];
}
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.provision.datasources.settings.apiVersionConfig file version.
Type: signed integer
Default: 1
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.provision.datasources.settings.datasourcesList of datasources to insert/update.
Type: list of (YAML value)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.provision.datasources.settings.datasources.*.accessAccess mode. proxy or direct (Server or Browser in the UI). Required.
Type: one of "proxy", "direct"
Default: "proxy"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.provision.datasources.settings.datasources.*.editableAllow users to edit datasources from the UI.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.provision.datasources.settings.datasources.*.nameName of the datasource. Required.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.provision.datasources.settings.datasources.*.secureJsonDataDatasource specific secure configuration. Please note that the contents of this option will end up in a world-readable Nix store. Use the file provider pointing at a reasonably secured file in the local filesystem to work around that. Look at the documentation for details: https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/#file-provider
Type: null or (attribute set)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.provision.datasources.settings.datasources.*.typeDatasource type. Required.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.provision.datasources.settings.datasources.*.uidCustom UID which can be used to reference this datasource in other parts of the configuration, if not specified will be generated automatically.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.provision.datasources.settings.datasources.*.urlUrl of the datasource.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.provision.datasources.settings.deleteDatasourcesList of datasources that should be deleted from the database.
Type: list of (submodule)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.provision.datasources.settings.deleteDatasources.*.nameName of the datasource to delete.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.provision.datasources.settings.deleteDatasources.*.orgIdOrganization ID of the datasource to delete.
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.provision.notifiersGrafana notifier configuration.
Type: list of (submodule)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.provision.notifiers.*.disable_resolve_messageTurn off the message that sends when an alert returns to OK.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.provision.notifiers.*.frequencyHow frequently should the notifier be sent reminders.
Type: string
Default: "5m"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.provision.notifiers.*.is_defaultIs the default notifier.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.provision.notifiers.*.nameNotifier name.
Type: string
Default: "default"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.provision.notifiers.*.org_idOrganization ID.
Type: signed integer
Default: 1
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.provision.notifiers.*.org_nameOrganization name.
Type: string
Default: "Main Org."
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.provision.notifiers.*.secure_settingsSecure settings for the notifier type. Please note that the contents of this option will end up in a world-readable Nix store. Use the file provider pointing at a reasonably secured file in the local filesystem to work around that. Look at the documentation for details: https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/#file-provider
Type: null or (attribute set)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.provision.notifiers.*.send_reminderShould the notifier be sent reminder notifications while alerts continue to fire.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.provision.notifiers.*.settingsSettings for the notifier type.
Type: null or (attribute set)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.provision.notifiers.*.typeNotifier type.
Type: one of "dingding", "discord", "email", "googlechat", "hipchat", "kafka", "line", "teams", "opsgenie", "pagerduty", "prometheus-alertmanager", "pushover", "sensu", "sensugo", "slack", "telegram", "threema", "victorops", "webhook"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.provision.notifiers.*.uidUnique notifier identifier.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.settingsGrafana settings. See https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/ for available options. INI format is used.
Type: attribute set of attribute set of (INI atom (null, bool, int, float or string))
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.settings.analytics.reporting_enabledWhether to allow anonymous usage reporting to stats.grafana.net.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.settings.database.hostDatabase host.
Type: string
Default: "127.0.0.1:3306"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.settings.database.nameDatabase name.
Type: string
Default: "grafana"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.settings.database.passwordDatabase password. Please note that the contents of this option will end up in a world-readable Nix store. Use the file provider pointing at a reasonably secured file in the local filesystem to work around that. Look at the documentation for details: https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/#file-provider
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.settings.database.pathOnly applicable to sqlite3 database. The file path where the database will be stored.
Type: path
Default: "${config.services.grafana.dataDir}/data/grafana.db"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.settings.database.typeDatabase type.
Type: one of "mysql", "sqlite3", "postgres"
Default: "sqlite3"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.settings.database.userDatabase user.
Type: string
Default: "root"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.settings.paths.pluginsDirectory where grafana will automatically scan and look for plugins
Type: path
Default: if (cfg.declarativePlugins == null) then "${cfg.dataDir}/plugins" else declarativePlugins
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.settings.paths.provisioningFolder that contains provisioning config files that grafana will apply on startup and while running.
Don't change the value of this option if you are planning to use services.grafana.provision options.
Type: path
Default: "directory with links to files generated from services.grafana.provision"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.settings.security.admin_passwordDefault admin password. Please note that the contents of this option will end up in a world-readable Nix store. Use the file provider pointing at a reasonably secured file in the local filesystem to work around that. Look at the documentation for details: https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/#file-provider
Type: string
Default: "admin"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.settings.security.admin_userDefault admin username.
Type: string
Default: "admin"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.settings.security.secret_keySecret key used for signing. Please note that the contents of this option will end up in a world-readable Nix store. Use the file provider pointing at a reasonably secured file in the local filesystem to work around that. Look at the documentation for details: https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/#file-provider
Type: string
Default: "SW2YcwTIb9zpOOhoPsMm"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.settings.server.enable_gzipSet this option to true to enable HTTP compression, this can improve transfer speed and bandwidth utilization. It is recommended that most users set it to true. By default it is set to false for compatibility reasons.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.settings.server.cert_fileCert file for ssl.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.settings.server.cert_keyCert key for ssl.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.settings.server.domainThe public facing domain name used to access grafana from a browser.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.settings.server.http_addrListening address.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.settings.server.http_portListening port.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 3000
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.settings.server.protocolWhich protocol to listen.
Type: one of "http", "https", "h2", "socket"
Default: "http"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.settings.server.root_urlFull public facing url.
Type: string
Default: "%(protocol)s://%(domain)s:%(http_port)s/"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.settings.server.socketPath where the socket should be created when protocol=socket. Make sure that Grafana has appropriate permissions before you change this setting.
Type: string
Default: "/run/grafana/grafana.sock"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.settings.server.static_root_pathRoot path for static assets.
Type: string
Default: "${package}/share/grafana/public"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.settings.smtp.enabledWhether to enable SMTP.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.settings.smtp.from_addressEmail address used for sending.
Type: string
Default: "admin@grafana.localhost"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.settings.smtp.hostHost to connect to.
Type: string
Default: "localhost:25"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.settings.smtp.passwordPassword used for authentication. Please note that the contents of this option will end up in a world-readable Nix store. Use the file provider pointing at a reasonably secured file in the local filesystem to work around that. Look at the documentation for details: https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/#file-provider
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.settings.smtp.userUser used for authentication.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.settings.users.allow_org_createWhether user is allowed to create organizations.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.settings.users.allow_sign_upDisable user signup / registration.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.settings.users.auto_assign_orgWhether to automatically assign new users to default org.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana.settings.users.auto_assign_org_roleDefault role new users will be auto assigned.
Type: one of "Viewer", "Editor"
Default: "Viewer"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana.nix>
|
services.grafana-agent.enableWhether to enable grafana-agent.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana-agent.nix>
|
services.grafana-agent.packageThe grafana-agent package to use.
Type: package
Default: pkgs.grafana-agent
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana-agent.nix>
|
services.grafana-agent.credentialsCredentials to load at service startup. Keys that are UPPER_SNAKE will be loaded as env vars. Values are absolute paths to the credentials.
Type: attribute set of string
Default: { }
Example:
{
LOGS_REMOTE_WRITE_URL = "/run/keys/grafana_agent_logs_remote_write_url";
LOGS_REMOTE_WRITE_USERNAME = "/run/keys/grafana_agent_logs_remote_write_username";
METRICS_REMOTE_WRITE_URL = "/run/keys/grafana_agent_metrics_remote_write_url";
METRICS_REMOTE_WRITE_USERNAME = "/run/keys/grafana_agent_metrics_remote_write_username";
logs_remote_write_password = "/run/keys/grafana_agent_logs_remote_write_password";
metrics_remote_write_password = "/run/keys/grafana_agent_metrics_remote_write_password";
}Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana-agent.nix>
|
services.grafana-agent.settingsConfiguration for grafana-agent.
See https://grafana.com/docs/agent/latest/configuration/
Type: YAML value
Default:
{
metrics = {
wal_directory = "\${STATE_DIRECTORY}";
global.scrape_interval = "5s";
};
integrations = {
agent.enabled = true;
agent.scrape_integration = true;
node_exporter.enabled = true;
replace_instance_label = true;
};
}
Example:
{
logs = {
configs = [
{
clients = [
{
basic_auth = {
password_file = "\${CREDENTIALS_DIRECTORY}/logs_remote_write_password";
username = "\${LOGS_REMOTE_WRITE_USERNAME}";
};
url = "\${LOGS_REMOTE_WRITE_URL}";
}
];
name = "default";
positions = {
filename = "\${STATE_DIRECTORY}/loki_positions.yaml";
};
scrape_configs = [
{
job_name = "journal";
journal = {
labels = {
job = "systemd-journal";
};
max_age = "12h";
};
relabel_configs = [
{
source_labels = [
"__journal__systemd_unit"
];
target_label = "systemd_unit";
}
{
source_labels = [
"__journal__hostname"
];
target_label = "nodename";
}
{
source_labels = [
"__journal_syslog_identifier"
];
target_label = "syslog_identifier";
}
];
}
];
}
];
};
metrics = {
global = {
remote_write = [
{
basic_auth = {
password_file = "\${CREDENTIALS_DIRECTORY}/metrics_remote_write_password";
username = "\${METRICS_REMOTE_WRITE_USERNAME}";
};
url = "\${METRICS_REMOTE_WRITE_URL}";
}
];
};
};
}Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana-agent.nix>
|
services.grafana-image-renderer.enableWhether to enable grafana-image-renderer.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana-image-renderer.nix>
|
services.grafana-image-renderer.chromiumThe chromium to use for image rendering.
Type: package
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana-image-renderer.nix>
|
services.grafana-image-renderer.provisionGrafanaWhether to enable Grafana configuration for grafana-image-renderer.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana-image-renderer.nix>
|
services.grafana-image-renderer.settingsConfiguration attributes for grafana-image-renderer.
See https://github.com/grafana/grafana-image-renderer/blob/ce1f81438e5f69c7fd7c73ce08bab624c4c92e25/default.json for supported values.
Type: JSON value
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana-image-renderer.nix>
|
services.grafana-image-renderer.settings.rendering.argsList of CLI flags passed to chromium.
Type: list of string
Default:
[ "--no-sandbox" ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana-image-renderer.nix>
|
services.grafana-image-renderer.settings.rendering.heightHeight of the PNG used to display the alerting graph.
Type: positive integer, meaning >0
Default: 500
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana-image-renderer.nix>
|
services.grafana-image-renderer.settings.rendering.modeRendering mode of grafana-image-renderer:
default: Creates on browser-instance
per rendering request.
reusable: One browser instance
will be started and reused for each rendering request.
clustered: allows to precisely
configure how many browser-instances are supposed to be used. The values
for that mode can be declared in rendering.clustering.
Type: one of "default", "reusable", "clustered"
Default: "default"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana-image-renderer.nix>
|
services.grafana-image-renderer.settings.rendering.widthWidth of the PNG used to display the alerting graph.
Type: positive integer, meaning >0
Default: 1000
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana-image-renderer.nix>
|
services.grafana-image-renderer.settings.service.logging.levelThe log-level of the grafana-image-renderer.service-unit.
Type: one of "error", "warning", "info", "debug"
Default: "info"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana-image-renderer.nix>
|
services.grafana-image-renderer.settings.service.portThe TCP port to use for the rendering server.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8081
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana-image-renderer.nix>
|
services.grafana-image-renderer.verboseWhether to enable verbosity for the service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana-image-renderer.nix>
|
services.grafana_reporter.enableWhether to enable grafana_reporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana-reporter.nix>
|
services.grafana_reporter.addrListening address.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana-reporter.nix>
|
services.grafana_reporter.grafana.addrGrafana address.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana-reporter.nix>
|
services.grafana_reporter.grafana.portGrafana port.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 3000
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana-reporter.nix>
|
services.grafana_reporter.grafana.protocolGrafana protocol.
Type: one of "http", "https"
Default: "http"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana-reporter.nix>
|
services.grafana_reporter.portListening port.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8686
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana-reporter.nix>
|
services.grafana_reporter.templateDirOptional template directory to use custom tex templates
Type: string or path
Default: pkgs.grafana_reporter
Declared by:
<nixpkgs/nixos/modules/services/monitoring/grafana-reporter.nix>
|
services.graphite.carbon.enableAggregatorWhether to enable carbon aggregator, the carbon buffering service.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
|
services.graphite.carbon.enableCacheWhether to enable carbon cache, the graphite storage daemon.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
|
services.graphite.carbon.enableRelayWhether to enable carbon relay, the carbon replication and sharding service.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
|
services.graphite.carbon.aggregationRulesDefines if and how received metrics will be aggregated.
Type: null or string
Default: null
Example:
'' <env>.applications.<app>.all.requests (60) = sum <env>.applications.<app>.*.requests <env>.applications.<app>.all.latency (60) = avg <env>.applications.<app>.*.latency ''
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
|
services.graphite.carbon.blacklistAny metrics received which match one of the expressions will be dropped.
Type: null or string
Default: null
Example: "^some\\.noisy\\.metric\\.prefix\\..*"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
|
services.graphite.carbon.configContent of carbon configuration file.
Type: string
Default:
'' [cache] # Listen on localhost by default for security reasons UDP_RECEIVER_INTERFACE = 127.0.0.1 PICKLE_RECEIVER_INTERFACE = 127.0.0.1 LINE_RECEIVER_INTERFACE = 127.0.0.1 CACHE_QUERY_INTERFACE = 127.0.0.1 # Do not log every update LOG_UPDATES = False LOG_CACHE_HITS = False ''
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
|
services.graphite.carbon.relayRulesRelay rules are used to send certain metrics to a certain backend.
Type: null or string
Default: null
Example:
'' [example] pattern = ^mydata\.foo\..+ servers = 10.1.2.3, 10.1.2.4:2004, myserver.mydomain.com ''
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
|
services.graphite.carbon.rewriteRulesRegular expression patterns that can be used to rewrite metric names in a search and replace fashion.
Type: null or string
Default: null
Example:
'' [post] _sum$ = _avg$ = ''
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
|
services.graphite.carbon.storageAggregationDefines how to aggregate data to lower-precision retentions.
Type: null or string
Default: null
Example:
'' [all_min] pattern = \.min$ xFilesFactor = 0.1 aggregationMethod = min ''
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
|
services.graphite.carbon.storageSchemasDefines retention rates for storing metrics.
Type: null or string
Default: ""
Example:
'' [apache_busyWorkers] pattern = ^servers\.www.*\.workers\.busyWorkers$ retentions = 15s:7d,1m:21d,15m:5y ''
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
|
services.graphite.carbon.whitelistOnly metrics received which match one of the expressions will be persisted.
Type: null or string
Default: null
Example: ".*"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
|
services.graphite.dataDirData directory for graphite.
Type: path
Default: "/var/db/graphite"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
|
services.graphite.seyren.enableWhether to enable seyren service.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
|
services.graphite.seyren.extraConfigExtra seyren configuration. See https://github.com/scobal/seyren#config
Type: attribute set of string
Default: { }
Example:
{
GRAPHITE_USERNAME = "user";
GRAPHITE_PASSWORD = "pass";
}
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
|
services.graphite.seyren.graphiteUrlHost where graphite service runs.
Type: string
Default: "http://${config.services.graphite.web.listenAddress}:${toString config.services.graphite.web.port}"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
|
services.graphite.seyren.mongoUrlMongodb connection string.
Type: string
Default: "mongodb://${config.services.mongodb.bind_ip}:27017/seyren"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
|
services.graphite.seyren.portSeyren listening port.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8081
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
|
services.graphite.seyren.seyrenUrlHost where seyren is accessible.
Type: string
Default: "http://localhost:${toString config.services.graphite.seyren.port}/"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
|
services.graphite.web.enableWhether to enable graphite web frontend.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
|
services.graphite.web.extraConfigGraphite webapp settings. See: http://graphite.readthedocs.io/en/latest/config-local-settings.html
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
|
services.graphite.web.listenAddressGraphite web frontend listen address.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
|
services.graphite.web.portGraphite web frontend port.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8080
Declared by:
<nixpkgs/nixos/modules/services/monitoring/graphite.nix>
|
services.graylog.enableWhether to enable Graylog.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/logging/graylog.nix>
|
services.graylog.packageGraylog package to use.
Type: package
Default: pkgs.graylog
Declared by:
<nixpkgs/nixos/modules/services/logging/graylog.nix>
|
services.graylog.elasticsearchHostsList of valid URIs of the http ports of your elastic nodes. If one or more of your elasticsearch hosts require authentication, include the credentials in each node URI that requires authentication
Type: list of string
Example: [ "http://node1:9200" "http://user:password@node2:19200" ]
Declared by:
<nixpkgs/nixos/modules/services/logging/graylog.nix>
|
services.graylog.extraConfigAny other configuration options you might want to add
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/logging/graylog.nix>
|
services.graylog.isMasterWhether this is the master instance of your Graylog cluster
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/logging/graylog.nix>
|
services.graylog.messageJournalDirThe directory which will be used to store the message journal. The directory must be exclusively used by Graylog and must not contain any other files than the ones created by Graylog itself
Type: string
Default: "/var/lib/graylog/data/journal"
Declared by:
<nixpkgs/nixos/modules/services/logging/graylog.nix>
|
services.graylog.mongodbUriMongoDB connection string. See http://docs.mongodb.org/manual/reference/connection-string/ for details
Type: string
Default: "mongodb://localhost/graylog"
Declared by:
<nixpkgs/nixos/modules/services/logging/graylog.nix>
|
services.graylog.nodeIdFilePath of the file containing the graylog node-id
Type: string
Default: "/var/lib/graylog/server/node-id"
Declared by:
<nixpkgs/nixos/modules/services/logging/graylog.nix>
|
services.graylog.passwordSecretYou MUST set a secret to secure/pepper the stored user passwords here. Use at least 64 characters. Generate one by using for example: pwgen -N 1 -s 96
Type: string
Declared by:
<nixpkgs/nixos/modules/services/logging/graylog.nix>
|
services.graylog.pluginsExtra graylog plugins
Type: list of package
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/logging/graylog.nix>
|
services.graylog.rootPasswordSha2You MUST specify a hash password for the root user (which you only need to initially set up the system and in case you lose connectivity to your authentication backend) This password cannot be changed using the API or via the web interface. If you need to change it, modify it here. Create one by using for example: echo -n yourpassword | shasum -a 256 and use the resulting hash value as string for the option
Type: string
Example: "e3c652f0ba0b4801205814f8b6bc49672c4c74e25b497770bb89b22cdeb4e952"
Declared by:
<nixpkgs/nixos/modules/services/logging/graylog.nix>
|
services.graylog.rootUsernameName of the default administrator user
Type: string
Default: "admin"
Declared by:
<nixpkgs/nixos/modules/services/logging/graylog.nix>
|
services.graylog.userUser account under which graylog runs
Type: string
Default: "graylog"
Declared by:
<nixpkgs/nixos/modules/services/logging/graylog.nix>
|
services.greenclip.enableWhether to enable Greenclip daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/greenclip.nix>
|
services.greenclip.packagegreenclip derivation to use.
Type: package
Default: pkgs.haskellPackages.greenclip
Declared by:
<nixpkgs/nixos/modules/services/misc/greenclip.nix>
|
services.greetd.enableWhether to enable greetd.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/display-managers/greetd.nix>
|
services.greetd.packageThe greetd package that should be used.
Type: package
Default: pkgs.greetd.greetd
Declared by:
<nixpkgs/nixos/modules/services/display-managers/greetd.nix>
|
services.greetd.restartWhether to restart greetd when it terminates (e.g. on failure). This is usually desirable so a user can always log in, but should be disabled when using 'settings.initial_session' (autologin), because every greetd restart will trigger the autologin again.
Type: boolean
Default: !(config.services.greetd.settings ? initial_session)
Declared by:
<nixpkgs/nixos/modules/services/display-managers/greetd.nix>
|
services.greetd.settingsgreetd configuration (documentation) as a Nix attribute set.
Type: TOML value
Example:
{
default_session = {
command = "${pkgs.greetd.greetd}/bin/agreety --cmd sway";
};
}
Declared by:
<nixpkgs/nixos/modules/services/display-managers/greetd.nix>
|
services.greetd.vtThe virtual console (tty) that greetd should use. This option also disables getty on that tty.
Type: signed integer
Default: 1
Declared by:
<nixpkgs/nixos/modules/services/display-managers/greetd.nix>
|
services.grocy.enableWhether to enable grocy.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/grocy.nix>
|
services.grocy.dataDirHome directory of the grocy user which contains
the application's state.
Type: string
Default: "/var/lib/grocy"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/grocy.nix>
|
services.grocy.hostNameFQDN for the grocy instance.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/grocy.nix>
|
services.grocy.nginx.enableSSLWhether or not to enable SSL (with ACME and let's encrypt) for the grocy vhost.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/grocy.nix>
|
services.grocy.phpfpm.settingsOptions for grocy's PHPFPM pool.
Type: attribute set of (signed integer or string or boolean)
Default:
{
catch_workers_output = true;
"listen.owner" = "nginx";
"php_admin_flag[log_errors]" = true;
"php_admin_value[error_log]" = "stderr";
pm = "dynamic";
"pm.max_children" = "32";
"pm.max_requests" = "500";
"pm.max_spare_servers" = "4";
"pm.min_spare_servers" = "2";
"pm.start_servers" = "2";
}Declared by:
<nixpkgs/nixos/modules/services/web-apps/grocy.nix>
|
services.grocy.settings.calendar.firstDayOfWeekWhich day of the week (0=Sunday, 1=Monday etc.) should be the first day.
Type: null or one of 0, 1, 2, 3, 4, 5, 6
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/grocy.nix>
|
services.grocy.settings.calendar.showWeekNumberShow the number of the weeks in the calendar views.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/grocy.nix>
|
services.grocy.settings.cultureDisplay language of the frontend.
Type: one of "de", "en", "da", "en_GB", "es", "fr", "hu", "it", "nl", "no", "pl", "pt_BR", "ru", "sk_SK", "sv_SE", "tr"
Default: "en"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/grocy.nix>
|
services.grocy.settings.currencyISO 4217 code for the currency to display.
Type: string
Default: "USD"
Example: "EUR"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/grocy.nix>
|
services.gsignond.enableWhether to enable gSignOn daemon, a DBus service which performs user authentication on behalf of its clients.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/desktops/gsignond.nix>
|
services.gsignond.pluginsWhat plugins to use with the gSignOn daemon.
Type: list of package
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/desktops/gsignond.nix>
|
services.gvfs.enableWhether to enable GVfs, a userspace virtual filesystem.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/desktops/gvfs.nix>
|
services.gvfs.packageWhich GVfs package to use.
Type: package
Default: pkgs.gnome.gvfs
Declared by:
<nixpkgs/nixos/modules/services/desktops/gvfs.nix>
|
services.gvpe.enableWhether to enable gvpe.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/gvpe.nix>
|
services.gvpe.configFileGVPE config file, if already present
Type: null or path
Default: null
Example: "/root/my-gvpe-conf"
Declared by:
<nixpkgs/nixos/modules/services/networking/gvpe.nix>
|
services.gvpe.configTextGVPE config contents
Type: null or strings concatenated with "\n"
Default: null
Example:
'' tcp-port = 655 udp-port = 655 mtu = 1480 ifname = vpn0 node = alpha hostname = alpha.example.org connect = always enable-udp = true enable-tcp = true on alpha if-up = if-up-0 on alpha pid-file = /var/gvpe/gvpe.pid ''
Declared by:
<nixpkgs/nixos/modules/services/networking/gvpe.nix>
|
services.gvpe.customIFSetupAdditional commands to apply in ifup script
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/gvpe.nix>
|
services.gvpe.ipAddressIP address to assign to GVPE interface
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/gvpe.nix>
|
services.gvpe.nodenameGVPE node name
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/gvpe.nix>
|
services.gvpe.subnetIP subnet assigned to GVPE network
Type: null or string
Default: null
Example: "10.0.0.0/8"
Declared by:
<nixpkgs/nixos/modules/services/networking/gvpe.nix>
|
services.hadoop.package
Type: package
Default: pkgs.hadoop
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/default.nix>
|
services.hadoop.containerExecutorCfgYarn container-executor.cfg definition https://hadoop.apache.org/docs/r2.7.2/hadoop-yarn/hadoop-yarn-site/SecureContainer.html
Type: attribute set of anything
Default:
{
"feature.mount-cgroup.enabled" = 1;
"feature.terminal.enabled" = 1;
"min.user.id" = 1000;
"yarn.nodemanager.linux-container-executor.group" = "hadoop";
}Example:
options.services.hadoop.containerExecutorCfg.default // {
"feature.terminal.enabled" = 0;
}
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/default.nix>
|
services.hadoop.coreSiteHadoop core-site.xml definition https://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-common/core-default.xml
Type: attribute set of anything
Default: { }
Example:
{
"fs.defaultFS" = "hdfs://localhost";
}
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/default.nix>
|
services.hadoop.extraConfDirsDirectories containing additional config files to be added to HADOOP_CONF_DIR
Type: list of path
Default: [ ]
Example:
[ ./extraHDFSConfs ./extraYARNConfs ]
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/default.nix>
|
services.hadoop.gatewayRole.enableWhether to enable gateway role for deploying hadoop configs.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/default.nix>
|
services.hadoop.gatewayRole.enableHbaseCliWhether to enable HBase CLI tools.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/hbase.nix>
|
services.hadoop.hbase.packageHBase package
Type: package
Default: pkgs.hbase
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/hbase.nix>
|
services.hadoop.hbase.master.enableWhether to enable HBase Master.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/hbase.nix>
|
services.hadoop.hbase.master.initHDFSWhether to enable initialization of the hbase directory on HDFS.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/hbase.nix>
|
services.hadoop.hbase.master.openFirewallOpen firewall ports for HBase master.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/hbase.nix>
|
services.hadoop.hbase.regionServer.enableWhether to enable HBase RegionServer.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/hbase.nix>
|
services.hadoop.hbase.regionServer.openFirewallOpen firewall ports for HBase master.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/hbase.nix>
|
services.hadoop.hbase.regionServer.overrideHostsRemove /etc/hosts entries for "127.0.0.2" and "::1" defined in nixos/modules/config/networking.nix Regionservers must be able to resolve their hostnames to their IP addresses, through PTR records or /etc/hosts entries.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/hbase.nix>
|
services.hadoop.hbase.rootdirThis option will set "hbase.rootdir" in hbase-site.xml and determine the directory shared by region servers and into which HBase persists. The URL should be 'fully-qualified' to include the filesystem scheme. If a core-site.xml is provided, the FS scheme defaults to the value of "fs.defaultFS".
Filesystems other than HDFS (like S3, QFS, Swift) are also supported.
Type: string
Default: "/hbase"
Example: "hdfs://nameservice1/hbase"
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/hbase.nix>
|
services.hadoop.hbase.zookeeperQuorumThis option will set "hbase.zookeeper.quorum" in hbase-site.xml. Comma separated list of servers in the ZooKeeper ensemble.
Type: null or strings concatenated with ","
Default: null
Example: "zk1.internal,zk2.internal,zk3.internal"
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/hbase.nix>
|
services.hadoop.hbaseSiteAdditional options and overrides for hbase-site.xml https://github.com/apache/hbase/blob/rel/2.4.11/hbase-common/src/main/resources/hbase-default.xml
Type: attribute set of anything
Default: { }
Example:
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/hbase.nix>
|
services.hadoop.hbaseSiteDefaultDefault options for hbase-site.xml
Type: attribute set of anything
Default:
{
"hbase.cluster.distributed" = "true";
"hbase.master.info.bindAddress" = "0.0.0.0";
"hbase.master.ipc.address" = "0.0.0.0";
"hbase.regionserver.info.bindAddress" = "0.0.0.0";
"hbase.regionserver.ipc.address" = "0.0.0.0";
}Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/hbase.nix>
|
services.hadoop.hdfs.datanode.enableWhether to enable HDFS DataNode.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/hdfs.nix>
|
services.hadoop.hdfs.datanode.dataDirsTier and path definitions for datanode storage.
Type: null or (list of (submodule))
Default: null
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/hdfs.nix>
|
services.hadoop.hdfs.datanode.dataDirs.*.pathDetermines where on the local filesystem a data node should store its blocks.
Type: path
Example:
[ "/var/lib/hadoop/hdfs/dn" ]
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/hdfs.nix>
|
services.hadoop.hdfs.datanode.dataDirs.*.typeStorage types ([SSD]/[DISK]/[ARCHIVE]/[RAM_DISK]) for HDFS storage policies.
Type: one of "SSD", "DISK", "ARCHIVE", "RAM_DISK"
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/hdfs.nix>
|
services.hadoop.hdfs.datanode.extraEnvExtra environment variables for HDFS DataNode
Type: attribute set of string
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/hdfs.nix>
|
services.hadoop.hdfs.datanode.extraFlagsExtra command line flags to pass to HDFS DataNode
Type: list of string
Default: [ ]
Example:
[ "-Dcom.sun.management.jmxremote" "-Dcom.sun.management.jmxremote.port=8010" ]
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/hdfs.nix>
|
services.hadoop.hdfs.datanode.openFirewallOpen firewall ports for HDFS DataNode.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/hdfs.nix>
|
services.hadoop.hdfs.datanode.restartIfChangedAutomatically restart the service on config change. This can be set to false to defer restarts on clusters running critical applications. Please consider the security implications of inadvertently running an older version, and the possibility of unexpected behavior caused by inconsistent versions across a cluster when disabling this option.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/hdfs.nix>
|
services.hadoop.hdfs.httpfs.enableWhether to enable HDFS JournalNode.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/hdfs.nix>
|
services.hadoop.hdfs.httpfs.extraEnvExtra environment variables for HDFS JournalNode
Type: attribute set of string
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/hdfs.nix>
|
services.hadoop.hdfs.httpfs.extraFlagsExtra command line flags to pass to HDFS JournalNode
Type: list of string
Default: [ ]
Example:
[ "-Dcom.sun.management.jmxremote" "-Dcom.sun.management.jmxremote.port=8010" ]
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/hdfs.nix>
|
services.hadoop.hdfs.httpfs.openFirewallOpen firewall ports for HDFS JournalNode.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/hdfs.nix>
|
services.hadoop.hdfs.httpfs.restartIfChangedAutomatically restart the service on config change. This can be set to false to defer restarts on clusters running critical applications. Please consider the security implications of inadvertently running an older version, and the possibility of unexpected behavior caused by inconsistent versions across a cluster when disabling this option.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/hdfs.nix>
|
services.hadoop.hdfs.httpfs.tempPathHTTPFS_TEMP path used by HTTPFS
Type: path
Default: "/tmp/hadoop/httpfs"
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/hdfs.nix>
|
services.hadoop.hdfs.journalnode.enableWhether to enable HDFS JournalNode.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/hdfs.nix>
|
services.hadoop.hdfs.journalnode.extraEnvExtra environment variables for HDFS JournalNode
Type: attribute set of string
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/hdfs.nix>
|
services.hadoop.hdfs.journalnode.extraFlagsExtra command line flags to pass to HDFS JournalNode
Type: list of string
Default: [ ]
Example:
[ "-Dcom.sun.management.jmxremote" "-Dcom.sun.management.jmxremote.port=8010" ]
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/hdfs.nix>
|
services.hadoop.hdfs.journalnode.openFirewallOpen firewall ports for HDFS JournalNode.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/hdfs.nix>
|
services.hadoop.hdfs.journalnode.restartIfChangedAutomatically restart the service on config change. This can be set to false to defer restarts on clusters running critical applications. Please consider the security implications of inadvertently running an older version, and the possibility of unexpected behavior caused by inconsistent versions across a cluster when disabling this option.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/hdfs.nix>
|
services.hadoop.hdfs.namenode.enableWhether to enable HDFS NameNode.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/hdfs.nix>
|
services.hadoop.hdfs.namenode.extraEnvExtra environment variables for HDFS NameNode
Type: attribute set of string
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/hdfs.nix>
|
services.hadoop.hdfs.namenode.extraFlagsExtra command line flags to pass to HDFS NameNode
Type: list of string
Default: [ ]
Example:
[ "-Dcom.sun.management.jmxremote" "-Dcom.sun.management.jmxremote.port=8010" ]
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/hdfs.nix>
|
services.hadoop.hdfs.namenode.formatOnInitFormat HDFS namenode on first start. This is useful for quickly spinning up ephemeral HDFS clusters with a single namenode. For HA clusters, initialization involves multiple steps across multiple nodes. Follow this guide to initialize an HA cluster manually: https://hadoop.apache.org/docs/stable/hadoop-project-dist/hadoop-hdfs/HDFSHighAvailabilityWithQJM.html
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/hdfs.nix>
|
services.hadoop.hdfs.namenode.openFirewallOpen firewall ports for HDFS NameNode.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/hdfs.nix>
|
services.hadoop.hdfs.namenode.restartIfChangedAutomatically restart the service on config change. This can be set to false to defer restarts on clusters running critical applications. Please consider the security implications of inadvertently running an older version, and the possibility of unexpected behavior caused by inconsistent versions across a cluster when disabling this option.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/hdfs.nix>
|
services.hadoop.hdfs.zkfc.enableWhether to enable HDFS ZooKeeper failover controller.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/hdfs.nix>
|
services.hadoop.hdfs.zkfc.extraEnvExtra environment variables for HDFS ZooKeeper failover controller
Type: attribute set of string
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/hdfs.nix>
|
services.hadoop.hdfs.zkfc.extraFlagsExtra command line flags to pass to HDFS ZooKeeper failover controller
Type: list of string
Default: [ ]
Example:
[ "-Dcom.sun.management.jmxremote" "-Dcom.sun.management.jmxremote.port=8010" ]
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/hdfs.nix>
|
services.hadoop.hdfs.zkfc.restartIfChangedAutomatically restart the service on config change. This can be set to false to defer restarts on clusters running critical applications. Please consider the security implications of inadvertently running an older version, and the possibility of unexpected behavior caused by inconsistent versions across a cluster when disabling this option.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/hdfs.nix>
|
services.hadoop.hdfsSiteAdditional options and overrides for hdfs-site.xml https://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-hdfs/hdfs-default.xml
Type: attribute set of anything
Default: { }
Example:
{
"dfs.nameservices" = "namenode1";
}
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/default.nix>
|
services.hadoop.hdfsSiteDefaultDefault options for hdfs-site.xml
Type: attribute set of anything
Default:
{
"dfs.namenode.http-address" = "0.0.0.0:9870";
"dfs.namenode.http-bind-host" = "0.0.0.0";
"dfs.namenode.rpc-bind-host" = "0.0.0.0";
"dfs.namenode.servicerpc-bind-host" = "0.0.0.0";
}Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/default.nix>
|
services.hadoop.httpfsSiteHadoop httpfs-site.xml definition https://hadoop.apache.org/docs/current/hadoop-hdfs-httpfs/httpfs-default.html
Type: attribute set of anything
Default: { }
Example:
{
"hadoop.http.max.threads" = 500;
}
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/default.nix>
|
services.hadoop.log4jPropertieslog4j.properties file added to HADOOP_CONF_DIR
Type: path
Default:
"${config.services.hadoop.package}/lib/${config.services.hadoop.package.untarDir}/etc/hadoop/log4j.properties"
Example:
"${pkgs.hadoop}/lib/${pkgs.hadoop.untarDir}/etc/hadoop/log4j.properties";
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/default.nix>
|
services.hadoop.mapredSiteAdditional options and overrides for mapred-site.xml https://hadoop.apache.org/docs/current/hadoop-mapreduce-client/hadoop-mapreduce-client-core/mapred-default.xml
Type: attribute set of anything
Default: { }
Example:
{
"mapreduce.map.java.opts" = "-Xmx900m -XX:+UseParallelGC";
}
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/default.nix>
|
services.hadoop.mapredSiteDefaultDefault options for mapred-site.xml
Type: attribute set of anything
Default:
{
"mapreduce.framework.name" = "yarn";
"yarn.app.mapreduce.am.env" = "HADOOP_MAPRED_HOME=${config.services.hadoop.package}/lib/${config.services.hadoop.package.untarDir}";
"mapreduce.map.env" = "HADOOP_MAPRED_HOME=${config.services.hadoop.package}/lib/${config.services.hadoop.package.untarDir}";
"mapreduce.reduce.env" = "HADOOP_MAPRED_HOME=${config.services.hadoop.package}/lib/${config.services.hadoop.package.untarDir}";
}
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/default.nix>
|
services.hadoop.yarn.nodemanager.enableWhether to enable Hadoop YARN NodeManager.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/yarn.nix>
|
services.hadoop.yarn.nodemanager.addBinBashAdd /bin/bash. This is needed by the linux container executor's launch script.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/yarn.nix>
|
services.hadoop.yarn.nodemanager.extraEnvExtra environment variables
Type: attribute set of string
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/yarn.nix>
|
services.hadoop.yarn.nodemanager.extraFlagsExtra command line flags to pass to the service
Type: list of string
Default: [ ]
Example:
[ "-Dcom.sun.management.jmxremote" "-Dcom.sun.management.jmxremote.port=8010" ]
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/yarn.nix>
|
services.hadoop.yarn.nodemanager.localDirList of directories to store localized files in.
Type: null or (list of path)
Default: null
Example:
[ "/var/lib/hadoop/yarn/nm" ]
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/yarn.nix>
|
services.hadoop.yarn.nodemanager.openFirewallOpen firewall ports for nodemanager. Because containers can listen on any ephemeral port, TCP ports 1024–65535 will be opened.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/yarn.nix>
|
services.hadoop.yarn.nodemanager.resource.cpuVCoresNumber of vcores that can be allocated for containers.
Type: null or positive integer, meaning >0
Default: null
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/yarn.nix>
|
services.hadoop.yarn.nodemanager.resource.maximumAllocationMBThe maximum physical memory any container can be allocated.
Type: null or positive integer, meaning >0
Default: null
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/yarn.nix>
|
services.hadoop.yarn.nodemanager.resource.maximumAllocationVCoresThe maximum virtual CPU cores any container can be allocated.
Type: null or positive integer, meaning >0
Default: null
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/yarn.nix>
|
services.hadoop.yarn.nodemanager.resource.memoryMBAmount of physical memory, in MB, that can be allocated for containers.
Type: null or positive integer, meaning >0
Default: null
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/yarn.nix>
|
services.hadoop.yarn.nodemanager.restartIfChangedAutomatically restart the service on config change. This can be set to false to defer restarts on clusters running critical applications. Please consider the security implications of inadvertently running an older version, and the possibility of unexpected behavior caused by inconsistent versions across a cluster when disabling this option.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/yarn.nix>
|
services.hadoop.yarn.nodemanager.useCGroupsUse cgroups to enforce resource limits on containers
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/yarn.nix>
|
services.hadoop.yarn.resourcemanager.enableWhether to enable Hadoop YARN ResourceManager.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/yarn.nix>
|
services.hadoop.yarn.resourcemanager.extraEnvExtra environment variables
Type: attribute set of string
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/yarn.nix>
|
services.hadoop.yarn.resourcemanager.extraFlagsExtra command line flags to pass to the service
Type: list of string
Default: [ ]
Example:
[ "-Dcom.sun.management.jmxremote" "-Dcom.sun.management.jmxremote.port=8010" ]
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/yarn.nix>
|
services.hadoop.yarn.resourcemanager.openFirewallOpen firewall ports for resourcemanager
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/yarn.nix>
|
services.hadoop.yarn.resourcemanager.restartIfChangedAutomatically restart the service on config change. This can be set to false to defer restarts on clusters running critical applications. Please consider the security implications of inadvertently running an older version, and the possibility of unexpected behavior caused by inconsistent versions across a cluster when disabling this option.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/yarn.nix>
|
services.hadoop.yarnSiteAdditional options and overrides for yarn-site.xml https://hadoop.apache.org/docs/current/hadoop-yarn/hadoop-yarn-common/yarn-default.xml
Type: attribute set of anything
Default: { }
Example:
{
"yarn.resourcemanager.hostname" = "${config.networking.hostName}";
}
Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/default.nix>
|
services.hadoop.yarnSiteDefaultDefault options for yarn-site.xml
Type: attribute set of anything
Default:
{
"yarn.nodemanager.admin-env" = "PATH=$PATH";
"yarn.nodemanager.aux-services" = "mapreduce_shuffle";
"yarn.nodemanager.aux-services.mapreduce_shuffle.class" = "org.apache.hadoop.mapred.ShuffleHandler";
"yarn.nodemanager.bind-host" = "0.0.0.0";
"yarn.nodemanager.container-executor.class" = "org.apache.hadoop.yarn.server.nodemanager.LinuxContainerExecutor";
"yarn.nodemanager.env-whitelist" = "JAVA_HOME,HADOOP_COMMON_HOME,HADOOP_HDFS_HOME,HADOOP_CONF_DIR,CLASSPATH_PREPEND_DISTCACHE,HADOOP_YARN_HOME,HADOOP_HOME,LANG,TZ";
"yarn.nodemanager.linux-container-executor.group" = "hadoop";
"yarn.nodemanager.linux-container-executor.path" = "/run/wrappers/yarn-nodemanager/bin/container-executor";
"yarn.nodemanager.log-dirs" = "/var/log/hadoop/yarn/nodemanager";
"yarn.resourcemanager.bind-host" = "0.0.0.0";
"yarn.resourcemanager.scheduler.class" = "org.apache.hadoop.yarn.server.resourcemanager.scheduler.fair.FairScheduler";
}Declared by:
<nixpkgs/nixos/modules/services/cluster/hadoop/default.nix>
|
services.hail.enableEnables the Hail Auto Update Service. Hail can automatically deploy artifacts built by a Hydra Continuous Integration server. A common use case is to provide continuous deployment for single services or a full NixOS configuration.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hail.nix>
|
services.hail.packageHail package to use.
Type: package
Default: pkgs.haskellPackages.hail
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hail.nix>
|
services.hail.hydraJobUriThe URI of the Hydra Job.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hail.nix>
|
services.hail.netrcThe netrc file to use when fetching data from Hydra.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hail.nix>
|
services.hail.profileThe name of the Nix profile used by Hail.
Type: string
Default: "hail-profile"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hail.nix>
|
services.haka.enableWhether to enable Haka.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/security/haka.nix>
|
services.haka.packageWhich Haka derivation to use.
Type: package
Default: pkgs.haka
Declared by:
<nixpkgs/nixos/modules/services/security/haka.nix>
|
services.haka.configFileSpecify which configuration file Haka uses. It can be absolute path or a path relative to the sample directory of the haka git repo.
Type: string
Default: "empty.lua"
Example: "/srv/haka/myfilter.lua"
Declared by:
<nixpkgs/nixos/modules/services/security/haka.nix>
|
services.haka.dump.enableWhether to enable dump.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/security/haka.nix>
|
services.haka.dump.inputPath to file where incoming packets are dumped
Type: path
Default: "/tmp/input.pcap"
Example: "/path/to/file.pcap"
Declared by:
<nixpkgs/nixos/modules/services/security/haka.nix>
|
services.haka.dump.outputPath to file where outgoing packets are dumped
Type: path
Default: "/tmp/output.pcap"
Example: "/path/to/file.pcap"
Declared by:
<nixpkgs/nixos/modules/services/security/haka.nix>
|
services.haka.interfacesSpecify which interface(s) Haka listens to. Use 'any' to listen to all interfaces.
Type: list of string
Default:
[ "eth0" ]
Example:
[ "any" ]
Declared by:
<nixpkgs/nixos/modules/services/security/haka.nix>
|
services.haka.nfqueueWhether to enable nfqueue.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/security/haka.nix>
|
services.haka.pcapWhether to enable pcap
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/security/haka.nix>
|
services.haka.threadsThe number of threads that will be used. All system threads are used by default.
Type: signed integer
Default: 0
Example: 4
Declared by:
<nixpkgs/nixos/modules/services/security/haka.nix>
|
services.hans.clientsEach attribute of this option defines a systemd service that
runs hans. Many or none may be defined.
The name of each service is
hans-«name»
where «name» is the name of the
corresponding attribute name.
Type: attribute set of (submodule)
Default: { }
Example:
{
foo = {
server = "192.0.2.1";
extraConfig = "-v";
}
}
Declared by:
<nixpkgs/nixos/modules/services/networking/hans.nix>
|
services.hans.clients.<name>.extraConfigAdditional command line parameters
Type: string
Default: ""
Example: "-v"
Declared by:
<nixpkgs/nixos/modules/services/networking/hans.nix>
|
services.hans.clients.<name>.passwordFileFile that contains password
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/hans.nix>
|
services.hans.clients.<name>.serverIP address of server running hans
Type: string
Default: ""
Example: "192.0.2.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/hans.nix>
|
services.hans.server.enableenable hans server
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/hans.nix>
|
services.hans.server.extraConfigAdditional command line parameters
Type: string
Default: ""
Example: "-v"
Declared by:
<nixpkgs/nixos/modules/services/networking/hans.nix>
|
services.hans.server.ipThe assigned ip range
Type: string
Default: ""
Example: "198.51.100.0"
Declared by:
<nixpkgs/nixos/modules/services/networking/hans.nix>
|
services.hans.server.passwordFileFile that contains password
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/hans.nix>
|
services.hans.server.respondToSystemPingsForce hans respond to ordinary pings
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/hans.nix>
|
services.haproxy.enableWhether to enable HAProxy, the reliable, high performance TCP/HTTP load balancer.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/haproxy.nix>
|
services.haproxy.configContents of the HAProxy configuration file,
haproxy.conf.
Type: null or strings concatenated with "\n"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/haproxy.nix>
|
services.haproxy.groupGroup account under which haproxy runs.
Type: string
Default: "haproxy"
Declared by:
<nixpkgs/nixos/modules/services/networking/haproxy.nix>
|
services.haproxy.userUser account under which haproxy runs.
Type: string
Default: "haproxy"
Declared by:
<nixpkgs/nixos/modules/services/networking/haproxy.nix>
|
services.hardware.argonone.enableWhether to enable the driver for Argon One Raspberry Pi case fan and power button.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/hardware/argonone.nix>
|
services.hardware.argonone.packageThe package implementing the Argon One driver
Type: package
Default: pkgs.argononed
Declared by:
<nixpkgs/nixos/modules/services/hardware/argonone.nix>
|
services.hardware.bolt.enableWhether to enable Bolt, a userspace daemon to enable security levels for Thunderbolt 3 on GNU/Linux.
Bolt is used by GNOME 3 to handle Thunderbolt settings.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/hardware/bolt.nix>
|
services.hardware.lcd.client.enableEnable the LCD panel client (LCDproc)
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/hardware/lcd.nix>
|
services.hardware.lcd.client.extraConfigAdditional configuration added verbatim to the client config.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/hardware/lcd.nix>
|
services.hardware.lcd.client.restartForeverTry restarting the client forever.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/hardware/lcd.nix>
|
services.hardware.lcd.server.enableEnable the LCD panel server (LCDd)
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/hardware/lcd.nix>
|
services.hardware.lcd.server.extraConfigAdditional configuration added verbatim to the server config.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/hardware/lcd.nix>
|
services.hardware.lcd.server.openPortsOpen the ports in the firewall
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/hardware/lcd.nix>
|
services.hardware.lcd.server.usbGroupThe group to use for settings permissions. This group must exist or you will have to create it.
Type: string
Default: "dialout"
Declared by:
<nixpkgs/nixos/modules/services/hardware/lcd.nix>
|
services.hardware.lcd.server.usbPermissionsSet group-write permissions on a USB device.
A USB connected LCD panel will most likely require having its
permissions modified for lcdd to write to it. Enabling this option
sets group-write permissions on the device identified by
services.hardware.lcd.usbVid and
services.hardware.lcd.usbPid. In order to find the
values, you can run the lsusb command. Example
output:
Bus 005 Device 002: ID 0403:c630 Future Technology Devices International, Ltd lcd2usb interface
In this case the vendor id is 0403 and the product id is c630.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/hardware/lcd.nix>
|
services.hardware.lcd.server.usbPidThe product ID of the USB device to claim.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/hardware/lcd.nix>
|
services.hardware.lcd.server.usbVidThe vendor ID of the USB device to claim.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/hardware/lcd.nix>
|
services.hardware.lcd.serverHostHost on which LCDd is listening.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/hardware/lcd.nix>
|
services.hardware.lcd.serverPortPort on which LCDd is listening.
Type: signed integer
Default: 13666
Declared by:
<nixpkgs/nixos/modules/services/hardware/lcd.nix>
|
services.hardware.openrgb.enableWhether to enable OpenRGB server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/hardware/openrgb.nix>
|
services.hardware.openrgb.packageSet version of openrgb package to use.
Type: package
Default: pkgs.openrgb
Declared by:
<nixpkgs/nixos/modules/services/hardware/openrgb.nix>
|
services.hardware.openrgb.motherboardCPU family of motherboard. Allows for addition motherboard i2c support.
Type: null or one of "amd", "intel"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/hardware/openrgb.nix>
|
services.hardware.openrgb.server.portSet server port of openrgb.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 6742
Declared by:
<nixpkgs/nixos/modules/services/hardware/openrgb.nix>
|
services.hardware.pommed.enableWhether to use the pommed tool to handle Apple laptop keyboard hotkeys.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/hardware/pommed.nix>
|
services.hardware.pommed.configFileThe path to the pommed.conf file. Leave
to null to use the default config file
(/etc/pommed.conf.mactel). See the
files /etc/pommed.conf.mactel and
/etc/pommed.conf.pmac for examples to
build on.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/hardware/pommed.nix>
|
services.haste-server.enableWhether to enable haste-server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/editors/haste.nix>
|
services.haste-server.openFirewallWhether to enable firewall passthrough for haste-server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/editors/haste.nix>
|
services.haste-server.settingsConfiguration for haste-server. For documentation see project readme
Type: JSON value
Declared by:
<nixpkgs/nixos/modules/services/editors/haste.nix>
|
services.haveged.enableWhether to enable haveged entropy daemon, which refills /dev/random when low. NOTE: does nothing on kernels newer than 5.6. .
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/security/haveged.nix>
|
services.haveged.refill_thresholdThe number of bits of available entropy beneath which haveged should refill the entropy pool.
Type: signed integer
Default: 1024
Declared by:
<nixpkgs/nixos/modules/services/security/haveged.nix>
|
services.hbase-standalone.enableWhether to enable HBase master in standalone mode with embedded regionserver and zookeper. Do not use this configuration for production nor for evaluating HBase performance. .
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/databases/hbase-standalone.nix>
|
services.hbase-standalone.packageHBase package to use.
Type: package
Default: pkgs.hbase
Declared by:
<nixpkgs/nixos/modules/services/databases/hbase-standalone.nix>
|
services.hbase-standalone.dataDirSpecifies location of HBase database files. This location should be writable and readable for the user the HBase service runs as (hbase by default).
Type: path
Default: "/var/lib/hbase"
Declared by:
<nixpkgs/nixos/modules/services/databases/hbase-standalone.nix>
|
services.hbase-standalone.groupGroup account under which HBase runs.
Type: string
Default: "hbase"
Declared by:
<nixpkgs/nixos/modules/services/databases/hbase-standalone.nix>
|
services.hbase-standalone.logDirSpecifies the location of HBase log files.
Type: path
Default: "/var/log/hbase"
Declared by:
<nixpkgs/nixos/modules/services/databases/hbase-standalone.nix>
|
services.hbase-standalone.settingsconfigurations in hbase-site.xml, see https://github.com/apache/hbase/blob/master/hbase-server/src/test/resources/hbase-site.xml for details.
Type: attribute set of (string or signed integer or boolean)
Default:
{
"hbase.rootdir" = "file://${config.services.hbase-standalone.dataDir}/hbase";
"hbase.zookeeper.property.dataDir" = "${config.services.hbase-standalone.dataDir}/zookeeper";
}
Declared by:
<nixpkgs/nixos/modules/services/databases/hbase-standalone.nix>
|
services.hbase-standalone.userUser account under which HBase runs.
Type: string
Default: "hbase"
Declared by:
<nixpkgs/nixos/modules/services/databases/hbase-standalone.nix>
|
services.hdapsd.enableWhether to enable Hard Drive Active Protection System Daemon, devices are detected and managed automatically by udev and systemd .
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/hdaps.nix>
|
services.headphones.enableWhether to enable the headphones server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/headphones.nix>
|
services.headphones.configFilePath to config file.
Type: path
Default: "${config.services.headphones.dataDir}/config.ini"
Declared by:
<nixpkgs/nixos/modules/services/misc/headphones.nix>
|
services.headphones.dataDirPath where to store data files.
Type: path
Default: "/var/lib/headphones"
Declared by:
<nixpkgs/nixos/modules/services/misc/headphones.nix>
|
services.headphones.groupGroup to run the service as
Type: string
Default: "headphones"
Declared by:
<nixpkgs/nixos/modules/services/misc/headphones.nix>
|
services.headphones.hostHost to listen on.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/misc/headphones.nix>
|
services.headphones.portPort to bind to.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8181
Declared by:
<nixpkgs/nixos/modules/services/misc/headphones.nix>
|
services.headphones.userUser to run the service as
Type: string
Default: "headphones"
Declared by:
<nixpkgs/nixos/modules/services/misc/headphones.nix>
|
services.headscale.enableWhether to enable headscale, Open Source coordination server for Tailscale.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/headscale.nix>
|
services.headscale.packageWhich headscale package to use for the running server.
Type: package
Default: pkgs.headscale
Declared by:
<nixpkgs/nixos/modules/services/networking/headscale.nix>
|
services.headscale.aclPolicyFilePath to a file containing ACL policies.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/headscale.nix>
|
services.headscale.addressListening address of headscale.
Type: string
Default: "127.0.0.1"
Example: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/networking/headscale.nix>
|
services.headscale.database.hostDatabase host address.
Type: null or string
Default: null
Example: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/headscale.nix>
|
services.headscale.database.nameDatabase name.
Type: null or string
Default: null
Example: "headscale"
Declared by:
<nixpkgs/nixos/modules/services/networking/headscale.nix>
|
services.headscale.database.passwordFileA file containing the password corresponding to
database.user.
Type: null or path
Default: null
Example: "/run/keys/headscale-dbpassword"
Declared by:
<nixpkgs/nixos/modules/services/networking/headscale.nix>
|
services.headscale.database.pathPath to the sqlite3 database file.
Type: null or string
Default: "/var/lib/headscale/db.sqlite"
Declared by:
<nixpkgs/nixos/modules/services/networking/headscale.nix>
|
services.headscale.database.portDatabase host port.
Type: null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: null
Example: 3306
Declared by:
<nixpkgs/nixos/modules/services/networking/headscale.nix>
|
services.headscale.database.typeDatabase engine to use.
Type: one of "sqlite3", "postgres"
Default: "sqlite3"
Example: "postgres"
Declared by:
<nixpkgs/nixos/modules/services/networking/headscale.nix>
|
services.headscale.database.userDatabase user.
Type: null or string
Default: null
Example: "headscale"
Declared by:
<nixpkgs/nixos/modules/services/networking/headscale.nix>
|
services.headscale.derp.autoUpdateWhether to automatically update DERP maps on a set frequency.
Type: boolean
Default: true
Example: false
Declared by:
<nixpkgs/nixos/modules/services/networking/headscale.nix>
|
services.headscale.derp.pathsList of file paths containing DERP maps. See How Tailscale works for more information on DERP maps.
Type: list of path
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/headscale.nix>
|
services.headscale.derp.updateFrequencyFrequency to update DERP maps.
Type: string
Default: "24h"
Example: "5m"
Declared by:
<nixpkgs/nixos/modules/services/networking/headscale.nix>
|
services.headscale.derp.urlsList of urls containing DERP maps. See How Tailscale works for more information on DERP maps.
Type: list of string
Default:
[ "https://controlplane.tailscale.com/derpmap/default" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/headscale.nix>
|
services.headscale.dns.baseDomainDefines the base domain to create the hostnames for MagicDNS.
baseDomain must be a FQDNs, without the trailing dot.
The FQDN of the hosts will be
hostname.namespace.base_domain (e.g.
myhost.mynamespace.example.com).
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/headscale.nix>
|
services.headscale.dns.domainsSearch domains to inject to Tailscale clients.
Type: list of string
Default: [ ]
Example:
[ "mydomain.internal" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/headscale.nix>
|
services.headscale.dns.magicDnsWhether to use MagicDNS. Only works if there is at least a nameserver defined.
Type: boolean
Default: true
Example: false
Declared by:
<nixpkgs/nixos/modules/services/networking/headscale.nix>
|
services.headscale.dns.nameserversList of nameservers to pass to Tailscale clients.
Type: list of string
Default:
[ "1.1.1.1" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/headscale.nix>
|
services.headscale.ephemeralNodeInactivityTimeoutTime before an inactive ephemeral node is deleted.
Type: string
Default: "30m"
Example: "5m"
Declared by:
<nixpkgs/nixos/modules/services/networking/headscale.nix>
|
services.headscale.groupGroup under which headscale runs.
If left as the default value this group will automatically be created on system activation, otherwise you are responsible for ensuring the user exists before the headscale service starts.
Type: string
Default: "headscale"
Declared by:
<nixpkgs/nixos/modules/services/networking/headscale.nix>
|
services.headscale.logLevelheadscale log level.
Type: string
Default: "info"
Example: "debug"
Declared by:
<nixpkgs/nixos/modules/services/networking/headscale.nix>
|
services.headscale.openIdConnect.clientIdOpenID Connect client ID.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/headscale.nix>
|
services.headscale.openIdConnect.clientSecretFilePath to OpenID Connect client secret file.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/headscale.nix>
|
services.headscale.openIdConnect.domainMapDomain map is used to map incoming users (by their email) to a namespace. The key can be a string, or regex.
Type: attribute set of string
Default: { }
Example:
{
".*" = "default-namespace";
}Declared by:
<nixpkgs/nixos/modules/services/networking/headscale.nix>
|
services.headscale.openIdConnect.issuerURL to OpenID issuer.
Type: string
Default: ""
Example: "https://openid.example.com"
Declared by:
<nixpkgs/nixos/modules/services/networking/headscale.nix>
|
services.headscale.portListening port of headscale.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8080
Example: 443
Declared by:
<nixpkgs/nixos/modules/services/networking/headscale.nix>
|
services.headscale.privateKeyFilePath to private key file, generated automatically if it does not exist.
Type: path
Default: "/var/lib/headscale/private.key"
Declared by:
<nixpkgs/nixos/modules/services/networking/headscale.nix>
|
services.headscale.serverUrlThe url clients will connect to.
Type: string
Default: "http://127.0.0.1:8080"
Example: "https://myheadscale.example.com:443"
Declared by:
<nixpkgs/nixos/modules/services/networking/headscale.nix>
|
services.headscale.settingsOverrides to config.yaml as a Nix attribute set.
This option is ideal for overriding settings not exposed as Nix options.
Check the example config
for possible options.
Type: YAML value
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/headscale.nix>
|
services.headscale.tls.certFilePath to already created certificate.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/headscale.nix>
|
services.headscale.tls.keyFilePath to key for already created certificate.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/headscale.nix>
|
services.headscale.tls.letsencrypt.challengeTypeType of ACME challenge to use, currently supported types:
HTTP-01 or TLS-ALPN-01.
Type: one of "TLS-ALPN-01", "HTTP-01"
Default: "HTTP-01"
Declared by:
<nixpkgs/nixos/modules/services/networking/headscale.nix>
|
services.headscale.tls.letsencrypt.hostnameDomain name to request a TLS certificate for.
Type: null or string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/headscale.nix>
|
services.headscale.tls.letsencrypt.httpListenWhen HTTP-01 challenge is chosen, letsencrypt must set up a
verification endpoint, and it will be listening on:
:http = port 80.
Type: null or string
Default: ":http"
Declared by:
<nixpkgs/nixos/modules/services/networking/headscale.nix>
|
services.headscale.userUser account under which headscale runs.
If left as the default value this user will automatically be created on system activation, otherwise you are responsible for ensuring the user exists before the headscale service starts.
Type: string
Default: "headscale"
Declared by:
<nixpkgs/nixos/modules/services/networking/headscale.nix>
|
services.healthchecks.enableEnable healthchecks. It is expected to be run behind a HTTP reverse proxy.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/healthchecks.nix>
|
services.healthchecks.packagehealthchecks package to use.
Type: package
Default: pkgs.healthchecks
Declared by:
<nixpkgs/nixos/modules/services/web-apps/healthchecks.nix>
|
services.healthchecks.dataDirThe directory used to store all data for healthchecks.
If left as the default value this directory will automatically be created before the healthchecks server starts, otherwise you are responsible for ensuring the directory exists with appropriate ownership and permissions.
Type: string
Default: "/var/lib/healthchecks"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/healthchecks.nix>
|
services.healthchecks.groupGroup account under which healthchecks runs.
If left as the default value this group will automatically be created on system activation, otherwise you are responsible for ensuring the group exists before the healthchecks service starts.
Type: string
Default: "healthchecks"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/healthchecks.nix>
|
services.healthchecks.listenAddressAddress the server will listen on.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/healthchecks.nix>
|
services.healthchecks.portPort the server will listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8000
Declared by:
<nixpkgs/nixos/modules/services/web-apps/healthchecks.nix>
|
services.healthchecks.settingsEnvironment variables which are read by healthchecks (local)_settings.py.
Settings which are explicitly covered in options bewlow, are type-checked and/or transformed before added to the environment, everything else is passed as a string.
See https://healthchecks.io/docs/self_hosted_configuration/ for a full documentation of settings.
We add two variables to this list inside the packages local_settings.py.
STATIC_ROOT to set a state directory for dynamically generated static files.
SECRET_KEY_FILE to read SECRET_KEY from a file at runtime and keep it out of /nix/store.
Type: attribute set of string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/healthchecks.nix>
|
services.healthchecks.settings.ALLOWED_HOSTSThe host/domain names that this site can serve.
Type: list of string
Default:
[ "*" ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/healthchecks.nix>
|
services.healthchecks.settings.DEBUGEnable debug mode.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/healthchecks.nix>
|
services.healthchecks.settings.REGISTRATION_OPENA boolean that controls whether site visitors can create new accounts. Set it to false if you are setting up a private Healthchecks instance, but it needs to be publicly accessible (so, for example, your cloud services can send pings to it). If you close new user registration, you can still selectively invite users to your team account.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/healthchecks.nix>
|
services.healthchecks.settings.SECRET_KEY_FILEPath to a file containing the secret key.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/web-apps/healthchecks.nix>
|
services.healthchecks.userUser account under which healthchecks runs.
If left as the default value this user will automatically be created on system activation, otherwise you are responsible for ensuring the user exists before the healthchecks service starts.
Type: string
Default: "healthchecks"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/healthchecks.nix>
|
services.heapster.enableWhether to enable Heapster monitoring.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/heapster.nix>
|
services.heapster.packagePackage to use by heapster
Type: package
Default: pkgs.heapster
Declared by:
<nixpkgs/nixos/modules/services/monitoring/heapster.nix>
|
services.heapster.extraOptsHeapster extra options
Type: strings concatenated with " "
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/heapster.nix>
|
services.heapster.sinkHeapster metic sink
Type: string
Example: "influxdb:http://localhost:8086"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/heapster.nix>
|
services.heapster.sourceHeapster metric source
Type: string
Example: "kubernetes:https://kubernetes.default"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/heapster.nix>
|
services.heartbeat.enableWhether to enable heartbeat.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/logging/heartbeat.nix>
|
services.heartbeat.packageThe heartbeat package to use.
Type: package
Default: pkgs.heartbeat
Example: pkgs.heartbeat7
Declared by:
<nixpkgs/nixos/modules/services/logging/heartbeat.nix>
|
services.heartbeat.extraConfigAny other configuration options you want to add
Type: strings concatenated with "\n"
Default:
''
heartbeat.monitors:
- type: http
urls: ["http://localhost:9200"]
schedule: '@every 10s'
''Declared by:
<nixpkgs/nixos/modules/services/logging/heartbeat.nix>
|
services.heartbeat.nameName of the beat
Type: string
Default: "heartbeat"
Declared by:
<nixpkgs/nixos/modules/services/logging/heartbeat.nix>
|
services.heartbeat.stateDirThe state directory. heartbeat's own logs and other data are stored here.
Type: string
Default: "/var/lib/heartbeat"
Declared by:
<nixpkgs/nixos/modules/services/logging/heartbeat.nix>
|
services.heartbeat.tagsTags to place on the shipped log messages
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/logging/heartbeat.nix>
|
services.hedgedoc.enableWhether to enable the HedgeDoc Markdown Editor.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.packagePackage that provides HedgeDoc.
Type: package
Default: pkgs.hedgedoc
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.environmentFileEnvironment file as defined in systemd.exec(5).
Secrets may be passed to the service without adding them to the world-readable Nix store, by specifying placeholder variables as the option value in Nix and setting these variables accordingly in the environment file.
# snippet of HedgeDoc-related config
services.hedgedoc.settings.dbURL = "postgres://hedgedoc:\${DB_PASSWORD}@db-host:5432/hedgedocdb";
services.hedgedoc.settings.minio.secretKey = "$MINIO_SECRET_KEY";
# content of the environment file DB_PASSWORD=verysecretdbpassword MINIO_SECRET_KEY=verysecretminiokey
Note that this file needs to be available on the host on which
HedgeDoc is running.
Type: null or path
Default: null
Example: "/var/lib/hedgedoc/hedgedoc.env"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.groupsGroups to which the service user should be added.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settingsHedgeDoc configuration, see https://docs.hedgedoc.org/configuration/ for documentation.
Type: JSON value
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.allowAnonymousWhether to allow anonymous usage.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.allowAnonymousEditsWhether to allow guests to edit existing notes with the freely permission,
when allowAnonymous is enabled.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.allowEmailRegisterWhether to enable email registration.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.allowFreeURLWhether to allow note creation by accessing a nonexistent note URL.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.allowGravatarWhether to use gravatar as profile picture source.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.allowOriginList of domains to whitelist.
Type: list of string
Default: [ ]
Example:
[ "localhost" "hedgedoc.org" ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.allowPDFExportWhether to enable PDF exports.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.azureConfigure the azure third-party integration.
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.azure.connectionStringAzure Blob Storage connection string.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.azure.containerAzure Blob Storage container name. It will be created if non-existent.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.cspSpecify the Content Security Policy which is passed to Helmet. For configuration details see https://helmetjs.github.io/docs/csp/.
Type: null or (attribute set)
Default: null
Example:
{
enable = true;
directives = {
scriptSrc = "trustworthy.scripts.example.com";
};
upgradeInsecureRequest = "auto";
addDefaults = true;
}
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.dbSpecify the configuration for sequelize.
HedgeDoc supports mysql, postgres, sqlite and mssql.
See
https://sequelize.readthedocs.io/en/v3/ for more information.
Note: This option overrides db.
Type: attribute set
Default: { }
Example:
{
dialect = "sqlite";
storage = "/var/lib/hedgedoc/db.hedgedoc.sqlite";
}
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.dbURLSpecify which database to use.
HedgeDoc supports mysql, postgres, sqlite and mssql.
See
https://sequelize.readthedocs.io/en/v3/ for more information.
Note: This option overrides db.
Type: null or string
Default: null
Example:
'' postgres://user:pass@host:5432/dbname ''
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.debugWhether to enable debug mode.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.defaultNotePathPath to the default Note file. (Non-canonical paths are relative to HedgeDoc's base directory)
Type: null or string
Default: "./public/default.md"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.defaultPermissionDefault permissions for notes. This only applies for signed-in users.
Type: one of "freely", "editable", "limited", "locked", "private"
Default: "editable"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.dhParamPathPath to the SSL dh params. Needed when useSSL is enabled.
Type: null or string
Default: null
Example: "/var/lib/hedgedoc/dhparam.pem"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.docsPathPath to the docs directory. (Non-canonical paths are relative to HedgeDoc's base directory)
Type: null or string
Default: "./public/docs"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.documentMaxLengthSpecify the maximum document length.
Type: signed integer
Default: 100000
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.domainDomain name for the HedgeDoc instance.
Type: null or string
Default: null
Example: "hedgedoc.org"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.dropboxConfigure the Dropbox third-party integration.
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.dropbox.appKeyDropbox app key.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.dropbox.clientIDDropbox API client ID.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.dropbox.clientSecretDropbox API client secret.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.emailWhether to enable email sign-in.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.errorPathPath to the error template file. (Non-canonical paths are relative to HedgeDoc's base directory)
Type: null or string
Default: ./public/views/error.ejs
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.facebookConfigure the facebook third-party integration
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.facebook.clientIDFacebook API client ID.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.facebook.clientSecretFacebook API client secret.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.githubConfigure the GitHub third-party integration.
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.github.clientIDGitHub API client ID.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.github.clientSecretGithub API client secret.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.gitlabConfigure the GitLab third-party integration.
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.gitlab.baseURLGitLab API authentication endpoint. Only needed for other endpoints than gitlab.com.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.gitlab.clientIDGitLab API client ID.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.gitlab.clientSecretGitLab API client secret.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.gitlab.scopeGitLab API requested scope. GitLab snippet import/export requires api scope.
Type: one of "api", "read_user"
Default: "api"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.googleConfigure the Google third-party integration.
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.google.clientIDGoogle API client ID.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.google.clientSecretGoogle API client secret.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.hackmdPathPath to the hackmd template file. (Non-canonical paths are relative to HedgeDoc's base directory)
Type: null or string
Default: "./public/views/hackmd.ejs"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.heartbeatIntervalSpecify the socket.io heartbeat interval.
Type: signed integer
Default: 5000
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.heartbeatTimeoutSpecify the socket.io heartbeat timeout.
Type: signed integer
Default: 10000
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.hostAddress to listen on.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.hsts.enableWhether to enable HSTS if HTTPS is also enabled.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.hsts.includeSubdomainsWhether to include subdomains in HSTS.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.hsts.maxAgeSecondsMax duration for clients to keep the HSTS status.
Type: signed integer
Default: 31536000
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.hsts.preloadWhether to allow preloading of the site's HSTS status.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.imageUploadTypeSpecify where to upload images.
Type: one of "imgur", "s3", "minio", "filesystem"
Default: "filesystem"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.imgur.clientIdImgur API client ID.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.indexPathPath to the index template file. (Non-canonical paths are relative to HedgeDoc's base directory)
Type: null or string
Default: "./public/views/index.ejs"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.ldapConfigure the LDAP integration.
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.ldap.bindCredentialsBind credentials for LDAP access.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.ldap.bindDnBind DN for LDAP access.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.ldap.providerNameOptional name to be displayed at login form, indicating the LDAP provider.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.ldap.searchAttributesLDAP attributes to search with.
Type: null or (list of string)
Default: null
Example:
[ "displayName" "mail" ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.ldap.searchBaseLDAP directory to begin search from.
Type: string
Example: "o=users,dc=example,dc=com"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.ldap.searchFilterLDAP filter to search with.
Type: string
Example: "(uid={{username}})"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.ldap.tlscaRoot CA for LDAP TLS in PEM format.
Type: string
Default: "/etc/ssl/certs/ca-certificates.crt"
Example: "server-cert.pem,root.pem"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.ldap.urlURL of LDAP server.
Type: string
Example: "ldap://localhost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.ldap.userNameFieldLDAP field which is used as the username on HedgeDoc.
By default useridField is used.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.ldap.useridFieldLDAP field which is a unique identifier for users on HedgeDoc.
Type: string
Example: "uid"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.mattermostConfigure the Mattermost third-party integration.
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.mattermost.baseURLMattermost authentication endpoint.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.mattermost.clientIDMattermost API client ID.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.mattermost.clientSecretMattermost API client secret.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.minioConfigure the minio third-party integration.
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.minio.accessKeyMinio access key.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.minio.endPointMinio endpoint.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.minio.portMinio listen port.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9000
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.minio.secretKeyMinio secret key.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.minio.secureWhether to use HTTPS for Minio.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.oauth2Configure the OAuth integration.
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.oauth2.accessRoleSpecify role which should be included in the ID token roles claim to grant access
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.oauth2.authorizationURLSpecify the OAuth authorization URL.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.oauth2.baseURLSpecify the OAuth base URL.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.oauth2.clientIDSpecify the OAuth client ID.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.oauth2.clientSecretSpecify the OAuth client secret.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.oauth2.providerNameSpecify the name to be displayed for this strategy.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.oauth2.rolesClaimSpecify the role claim name.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.oauth2.scopeSpecify the OAuth scope.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.oauth2.tokenURLSpecify the OAuth token URL.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.oauth2.userProfileDisplayNameAttrSpecify the name of the attribute for the display name from the claim.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.oauth2.userProfileEmailAttrSpecify the name of the attribute for the email from the claim.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.oauth2.userProfileURLSpecify the OAuth userprofile URL.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.oauth2.userProfileUsernameAttrSpecify the name of the attribute for the username from the claim.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.pathSpecify where a UNIX domain socket should be placed.
Type: null or string
Default: null
Example: "/run/hedgedoc.sock"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.portPort to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 3000
Example: 80
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.prettyPathPath to the pretty template file. (Non-canonical paths are relative to HedgeDoc's base directory)
Type: null or string
Default: ./public/views/pretty.ejs
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.protocolUseSSLEnable to use TLS for resource paths.
This only applies when domain is set.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.requireFreeURLAuthenticationWhether to require authentication for FreeURL mode style note creation.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.s3Configure the s3 third-party integration.
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.s3.accessKeyIdAWS access key id.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.s3.regionAWS S3 region.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.s3.secretAccessKeyAWS access key.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.s3bucketSpecify the bucket name for upload types s3 and minio.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.samlConfigure the SAML integration.
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.saml.attribute.emailAttribute map for email.
Defaults to NameID of SAML response if
identifierFormat has
the default value.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.saml.attribute.idAttribute map for id'. Defaults toNameID' of SAML response.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.saml.attribute.usernameAttribute map for username'. Defaults toNameID' of SAML response.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.saml.externalGroupsExcluded group names.
Type: list of string
Default: [ ]
Example:
[ "Temporary-staff" "External-users" ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.saml.groupAttributeOptional attribute name for group list.
Type: string
Default: ""
Example: "memberOf"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.saml.identifierFormatOptional name identifier format.
Type: string
Default: "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.saml.idpCertPath to IdP certificate file in PEM format.
Type: path
Example: "/path/to/cert.pem"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.saml.idpSsoUrlIdP authentication endpoint.
Type: string
Example: "https://idp.example.com/sso"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.saml.issuerOptional identity of the service provider. This defaults to the server URL.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.saml.providerNameOptional name to be displayed at login form indicating the SAML provider.
Type: string
Default: ""
Example: "My institution"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.saml.requiredGroupsRequired group names.
Type: list of string
Default: [ ]
Example:
[ "Hedgedoc-Users" ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.sessionLifeSession life time in milliseconds.
Type: signed integer
Default: 1209600000
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.sessionNameSpecify the name of the session cookie.
Type: string
Default: "connect.sid"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.sessionSecretSpecify the secret used to sign the session cookie. If unset, one will be generated on startup.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.slidePathPath to the slide template file. (Non-canonical paths are relative to HedgeDoc's base directory)
Type: null or string
Default: ./public/views/slide.hbs
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.sslCAPathSSL ca chain. Needed when useSSL is enabled.
Type: list of string
Default: [ ]
Example:
[ "/var/lib/hedgedoc/ca.crt" ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.sslCertPathPath to the SSL cert. Needed when useSSL is enabled.
Type: null or string
Default: null
Example: "/var/lib/hedgedoc/hedgedoc.crt"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.sslKeyPathPath to the SSL key. Needed when useSSL is enabled.
Type: null or string
Default: null
Example: "/var/lib/hedgedoc/hedgedoc.key"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.tmpPathPath to the temp directory HedgeDoc should use.
Note that serviceConfig.PrivateTmp is enabled for
the HedgeDoc systemd service by default.
(Non-canonical paths are relative to HedgeDoc's base directory)
Type: string
Default: "/tmp"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.twitterConfigure the Twitter third-party integration.
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.twitter.consumerKeyTwitter API consumer key.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.twitter.consumerSecretTwitter API consumer secret.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.uploadsPathPath under which uploaded files are saved.
Type: string
Default: /var/lib/hedgedoc/uploads
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.urlAddPortEnable to add the port to callback URLs.
This only applies when domain is set
and only for ports other than 80 and 443.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.urlPathPath under which HedgeDoc is accessible.
Type: null or string
Default: null
Example: "/url/path/to/hedgedoc"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.useCDNWhether to use CDN resources or not.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.settings.useSSLEnable to use SSL server. This will also enable
protocolUseSSL.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.hedgedoc.workDirWorking directory for the HedgeDoc service.
Type: path
Default: "/var/lib/hedgedoc"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hedgedoc.nix>
|
services.heisenbridge.enableWhether to enable the Matrix to IRC bridge.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/heisenbridge.nix>
|
services.heisenbridge.packagePackage of the application to run, exposed for overriding purposes.
Type: package
Default: pkgs.heisenbridge
Declared by:
<nixpkgs/nixos/modules/services/misc/heisenbridge.nix>
|
services.heisenbridge.addressAddress to listen on. IPv6 does not seem to be supported.
Type: string
Default: "127.0.0.1"
Example: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/misc/heisenbridge.nix>
|
services.heisenbridge.debugMore verbose logging. Recommended during initial setup.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/heisenbridge.nix>
|
services.heisenbridge.extraArgsHeisenbridge is configured over the command line. Append extra arguments here
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/misc/heisenbridge.nix>
|
services.heisenbridge.homeserverThe URL to the home server for client-server API calls
Type: string
Example: "http://localhost:8008"
Declared by:
<nixpkgs/nixos/modules/services/misc/heisenbridge.nix>
|
services.heisenbridge.identd.enableWhether to enable identd service support.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/heisenbridge.nix>
|
services.heisenbridge.identd.portidentd listen port
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 113
Declared by:
<nixpkgs/nixos/modules/services/misc/heisenbridge.nix>
|
services.heisenbridge.namespacesConfigure the 'namespaces' section of the registration.yml for the bridge and the server
Type: JSON value
Default:
{
aliases = [ ];
rooms = [ ];
users = [
{
exclusive = true;
regex = "@irc_.*";
}
];
}Declared by:
<nixpkgs/nixos/modules/services/misc/heisenbridge.nix>
|
services.heisenbridge.ownerSet owner MXID otherwise first talking local user will claim the bridge
Type: null or string
Default: null
Example: "@admin:example.org"
Declared by:
<nixpkgs/nixos/modules/services/misc/heisenbridge.nix>
|
services.heisenbridge.portThe port to listen on
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9898
Declared by:
<nixpkgs/nixos/modules/services/misc/heisenbridge.nix>
|
services.heisenbridge.registrationUrlThe URL where the application service is listening for HS requests, from the Matrix HS perspective.# The default value assumes the bridge runs on the same host as the home server, in the same network.
Type: string
Default: "http://$\${cfg.address}:$\${toString cfg.port}"
Example: "https://matrix.example.org"
Declared by:
<nixpkgs/nixos/modules/services/misc/heisenbridge.nix>
|
services.hercules-ci-agent.enableEnable to run Hercules CI Agent as a system service.
Hercules CI is a continuous integation service that is centered around Nix.
Support is available at help@hercules-ci.com.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hercules-ci-agent/common.nix>
|
services.hercules-ci-agent.packagePackage containing the bin/hercules-ci-agent executable.
Type: package
Default: pkgs.hercules-ci-agent
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hercules-ci-agent/common.nix>
|
services.hercules-ci-agent.checkNixWhether to make sure that the system's Nix (nix-daemon) is compatible.
If you set this to false, please keep up with the change log.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hercules-ci-agent/common.nix>
|
services.hercules-ci-agent.settingsThese settings are written to the agent.toml file.
Not all settings are listed as options, can be set nonetheless.
For the exhaustive list of settings, see https://docs.hercules-ci.com/hercules-ci/reference/agent-config/.
Type: TOML value
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hercules-ci-agent/common.nix>
|
services.hercules-ci-agent.settings.apiBaseUrlAPI base URL that the agent will connect to.
When using Hercules CI Enterprise, set this to the URL where your Hercules CI server is reachable.
Type: string
Default: "https://hercules-ci.com"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hercules-ci-agent/common.nix>
|
services.hercules-ci-agent.settings.baseDirectoryState directory (secrets, work directory, etc) for agent
Type: path
Default: "/var/lib/hercules-ci-agent"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hercules-ci-agent/common.nix>
|
services.hercules-ci-agent.settings.binaryCachesPathPath to a JSON file containing binary cache secret keys.
As these values are confidential, they should not be in the store, but
copied over using other means, such as agenix, NixOps
deployment.keys, or manual installation.
The format is described on https://docs.hercules-ci.com/hercules-ci-agent/binary-caches-json/.
Type: path
Default: staticSecretsDirectory + "/binary-caches.json"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hercules-ci-agent/common.nix>
|
services.hercules-ci-agent.settings.clusterJoinTokenPathLocation of the cluster-join-token.key file.
You can retrieve the contents of the file when creating a new agent via https://hercules-ci.com/dashboard.
As this value is confidential, it should not be in the store, but
installed using other means, such as agenix, NixOps
deployment.keys, or manual installation.
The contents of the file are used for authentication between the agent and the API.
Type: path
Default: staticSecretsDirectory + "/cluster-join-token.key"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hercules-ci-agent/common.nix>
|
services.hercules-ci-agent.settings.concurrentTasksNumber of tasks to perform simultaneously.
A task is a single derivation build, an evaluation or an effect run.
At minimum, you need 2 concurrent tasks for x86_64-linux
in your cluster, to allow for import from derivation.
concurrentTasks can be around the CPU core count or lower if memory is
the bottleneck.
The optimal value depends on the resource consumption characteristics of your workload, including memory usage and in-task parallelism. This is typically determined empirically.
When scaling, it is generally better to have a double-size machine than two machines, because each split of resources causes inefficiencies; particularly with regards to build latency because of extra downloads.
Type: positive integer, meaning >0 or value "auto" (singular enum)
Default: "auto"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hercules-ci-agent/common.nix>
|
services.hercules-ci-agent.settings.labelsA key-value map of user data.
This data will be available to organization members in the dashboard and API.
The values can be of any TOML type that corresponds to a JSON type, but arrays can not contain tables/objects due to limitations of the TOML library. Values involving arrays of non-primitive types may not be representable currently.
Type: TOML value
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hercules-ci-agent/common.nix>
|
services.hercules-ci-agent.settings.secretsJsonPathPath to a JSON file containing secrets for effects.
As these values are confidential, they should not be in the store, but
copied over using other means, such as agenix, NixOps
deployment.keys, or manual installation.
The format is described on https://docs.hercules-ci.com/hercules-ci-agent/secrets-json/.
Type: path
Default: staticSecretsDirectory + "/secrets.json"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hercules-ci-agent/common.nix>
|
services.hercules-ci-agent.settings.staticSecretsDirectoryThis is the default directory to look for statically configured secrets like cluster-join-token.key.
See also clusterJoinTokenPath and binaryCachesPath for fine-grained configuration.
Type: path
Default: baseDirectory + "/secrets"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hercules-ci-agent/common.nix>
|
services.hercules-ci-agent.settings.workDirectoryThe directory in which temporary subdirectories are created for task state. This includes sources for Nix evaluation.
Type: path
Default: baseDirectory + "/work"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hercules-ci-agent/common.nix>
|
services.hitch.enableWhether to enable Hitch Server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-servers/hitch/default.nix>
|
services.hitch.backendThe host and port Hitch connects to when receiving a connection in the form [HOST]:PORT
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-servers/hitch/default.nix>
|
services.hitch.ciphersThe list of ciphers to use
Type: string
Default: "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/hitch/default.nix>
|
services.hitch.extraConfigAdditional configuration lines
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-servers/hitch/default.nix>
|
services.hitch.frontendThe port and interface of the listen endpoint in the form [HOST]:PORT[+CERT].
Type: string or list of string
Default: "[127.0.0.1]:443"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/hitch/default.nix>
|
services.hitch.groupThe group to run as
Type: string
Default: "hitch"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/hitch/default.nix>
|
services.hitch.ocsp-stapling.enabledWhether to enable OCSP Stapling
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-servers/hitch/default.nix>
|
services.hitch.pem-filesPEM files to use
Type: list of path
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/hitch/default.nix>
|
services.hitch.userThe user to run as
Type: string
Default: "hitch"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/hitch/default.nix>
|
services.hledger-web.enableWhether to enable hledger-web service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hledger-web.nix>
|
services.hledger-web.baseUrlBase URL, when sharing over a network.
Type: null or string
Default: null
Example: "https://example.org"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hledger-web.nix>
|
services.hledger-web.capabilities.addEnable the add capability.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hledger-web.nix>
|
services.hledger-web.capabilities.manageEnable the manage capability.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hledger-web.nix>
|
services.hledger-web.capabilities.viewEnable the view capability.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hledger-web.nix>
|
services.hledger-web.extraOptionsExtra command line arguments to pass to hledger-web.
Type: list of string
Default: [ ]
Example:
[ "--forecast" ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hledger-web.nix>
|
services.hledger-web.hostAddress to listen on.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hledger-web.nix>
|
services.hledger-web.journalFilesPaths to journal files relative to services.hledger-web.stateDir.
Type: list of string
Default:
[ ".hledger.journal" ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hledger-web.nix>
|
services.hledger-web.portPort to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 5000
Example: 80
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hledger-web.nix>
|
services.hledger-web.serveApiWhether to enable Serve only the JSON web API, without the web UI..
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hledger-web.nix>
|
services.hledger-web.stateDirPath the service has access to. If left as the default value this directory will automatically be created before the hledger-web server starts, otherwise the sysadmin is responsible for ensuring the directory exists with appropriate ownership and permissions.
Type: path
Default: "/var/lib/hledger-web"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/hledger-web.nix>
|
services.hockeypuck.enableWhether to enable Hockeypuck OpenPGP Key Server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/security/hockeypuck.nix>
|
services.hockeypuck.portHKP port to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 11371
Declared by:
<nixpkgs/nixos/modules/services/security/hockeypuck.nix>
|
services.hockeypuck.settingsConfiguration file for hockeypuck, here you can override
certain settings (loglevel and
openpgp.db.dsn) by just setting those values.
For other settings you need to use lib.mkForce to override them.
This service doesn't provision or enable postgres on your system, it rather assumes that you enable postgres and create the database yourself.
Example:
services.postgresql = {
enable = true;
ensureDatabases = [ "hockeypuck" ];
ensureUsers = [{
name = "hockeypuck";
ensurePermissions."DATABASE hockeypuck" = "ALL PRIVILEGES";
}];
};
Type: TOML value
Default: { }
Example:
{
hockeypuck = {
loglevel = "INFO";
logfile = "/var/log/hockeypuck/hockeypuck.log";
indexTemplate = "${pkgs.hockeypuck-web}/share/templates/index.html.tmpl";
vindexTemplate = "${pkgs.hockeypuck-web}/share/templates/index.html.tmpl";
statsTemplate = "${pkgs.hockeypuck-web}/share/templates/stats.html.tmpl";
webroot = "${pkgs.hockeypuck-web}/share/webroot";
hkp.bind = ":${toString cfg.port}";
openpgp.db = {
driver = "postgres-jsonb";
dsn = "database=hockeypuck host=/var/run/postgresql sslmode=disable";
};
};
}
Declared by:
<nixpkgs/nixos/modules/services/security/hockeypuck.nix>
|
services.hologram-agent.enableWhether to enable the Hologram agent for AWS instance credentials
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/security/hologram-agent.nix>
|
services.hologram-agent.dialAddressHologram server and port.
Type: string
Default: "localhost:3100"
Declared by:
<nixpkgs/nixos/modules/services/security/hologram-agent.nix>
|
services.hologram-agent.httpPortPort for metadata service to listen on.
Type: string
Default: "80"
Declared by:
<nixpkgs/nixos/modules/services/security/hologram-agent.nix>
|
services.hologram-server.enableWhether to enable the Hologram server for AWS instance credentials
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/security/hologram-server.nix>
|
services.hologram-server.enableLdapRolesWhether to assign user roles based on the user's LDAP group memberships
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/security/hologram-server.nix>
|
services.hologram-server.awsAccountAWS account number
Type: string
Declared by:
<nixpkgs/nixos/modules/services/security/hologram-server.nix>
|
services.hologram-server.awsDefaultRoleAWS default role
Type: string
Declared by:
<nixpkgs/nixos/modules/services/security/hologram-server.nix>
|
services.hologram-server.cacheTimeoutSecondsHow often (in seconds) to refresh the LDAP cache
Type: signed integer
Default: 3600
Declared by:
<nixpkgs/nixos/modules/services/security/hologram-server.nix>
|
services.hologram-server.groupClassAttrThe objectclass attribute to search for groups when enableLdapRoles is true
Type: string
Default: "groupOfNames"
Declared by:
<nixpkgs/nixos/modules/services/security/hologram-server.nix>
|
services.hologram-server.ldapBaseDNThe base DN for your Hologram users
Type: string
Declared by:
<nixpkgs/nixos/modules/services/security/hologram-server.nix>
|
services.hologram-server.ldapBindDNDN of account to use to query the LDAP server
Type: string
Declared by:
<nixpkgs/nixos/modules/services/security/hologram-server.nix>
|
services.hologram-server.ldapBindPasswordPassword of account to use to query the LDAP server
Type: string
Declared by:
<nixpkgs/nixos/modules/services/security/hologram-server.nix>
|
services.hologram-server.ldapHostAddress of the LDAP server to use
Type: string
Declared by:
<nixpkgs/nixos/modules/services/security/hologram-server.nix>
|
services.hologram-server.ldapInsecureWhether to connect to LDAP over SSL or not
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/security/hologram-server.nix>
|
services.hologram-server.ldapUserAttrThe LDAP attribute for usernames
Type: string
Default: "cn"
Declared by:
<nixpkgs/nixos/modules/services/security/hologram-server.nix>
|
services.hologram-server.listenAddressAddress and port to listen on
Type: string
Default: "0.0.0.0:3100"
Declared by:
<nixpkgs/nixos/modules/services/security/hologram-server.nix>
|
services.hologram-server.roleAttrWhich LDAP group attribute to search for authorized role ARNs
Type: string
Default: "businessCategory"
Declared by:
<nixpkgs/nixos/modules/services/security/hologram-server.nix>
|
services.hologram-server.statsAddressAddress of statsd server
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/security/hologram-server.nix>
|
services.home-assistant.enableWhether to enable Home Assistant. Please note that this installation method is unsupported upstream.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/home-automation/home-assistant.nix>
|
services.home-assistant.packageThe Home Assistant package to use.
Type: package
Default:
pkgs.home-assistant.overrideAttrs (oldAttrs: {
doInstallCheck = false;
})
Example:
pkgs.home-assistant.override {
extraPackages = python3Packages: with python3Packages; [
psycopg2
];
extraComponents = [
"default_config"
"esphome"
"met"
];
}
Declared by:
<nixpkgs/nixos/modules/services/home-automation/home-assistant.nix>
|
services.home-assistant.configYour configuration.yaml as a Nix attribute set.
YAML functions like secrets can be passed as a string and will be unquoted automatically.
Unless this option is explicitly set to null
we assume your configuration.yaml is
managed through this module and thereby overwritten on startup.
Type: null or (YAML value)
Example:
{
homeassistant = {
name = "Home";
latitude = "!secret latitude";
longitude = "!secret longitude";
elevation = "!secret elevation";
unit_system = "metric";
time_zone = "UTC";
};
frontend = {
themes = "!include_dir_merge_named themes";
};
http = {};
feedreader.urls = [ "https://nixos.org/blogs.xml" ];
}
Declared by:
<nixpkgs/nixos/modules/services/home-automation/home-assistant.nix>
|
services.home-assistant.config.homeassistant.latitudeLatitude of your location required to calculate the time the sun rises and sets.
Type: null or floating point number or string
Default: null
Example: 52.3
Declared by:
<nixpkgs/nixos/modules/services/home-automation/home-assistant.nix>
|
services.home-assistant.config.homeassistant.longitudeLongitude of your location required to calculate the time the sun rises and sets.
Type: null or floating point number or string
Default: null
Example: 4.9
Declared by:
<nixpkgs/nixos/modules/services/home-automation/home-assistant.nix>
|
services.home-assistant.config.homeassistant.nameName of the location where Home Assistant is running.
Type: null or string
Default: null
Example: "Home"
Declared by:
<nixpkgs/nixos/modules/services/home-automation/home-assistant.nix>
|
services.home-assistant.config.homeassistant.temperature_unitOverride temperature unit set by unit_system. C for Celsius, F for Fahrenheit.
Type: null or one of "C", "F"
Default: null
Example: "C"
Declared by:
<nixpkgs/nixos/modules/services/home-automation/home-assistant.nix>
|
services.home-assistant.config.homeassistant.time_zonePick your time zone from the column TZ of Wikipedia’s list of tz database time zones.
Type: null or string
Default:
config.time.timeZone or null
Example: "Europe/Amsterdam"
Declared by:
<nixpkgs/nixos/modules/services/home-automation/home-assistant.nix>
|
services.home-assistant.config.homeassistant.unit_systemThe unit system to use. This also sets temperature_unit, Celsius for Metric and Fahrenheit for Imperial.
Type: null or one of "metric", "imperial"
Default: null
Example: "metric"
Declared by:
<nixpkgs/nixos/modules/services/home-automation/home-assistant.nix>
|
services.home-assistant.config.http.server_hostOnly listen to incoming requests on specific IP/host. The default listed assumes support for IPv4 and IPv6.
Type: string or list of string
Default:
[ "0.0.0.0" "::" ]
Example: "::1"
Declared by:
<nixpkgs/nixos/modules/services/home-automation/home-assistant.nix>
|
services.home-assistant.config.http.server_portThe port on which to listen.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8123
Declared by:
<nixpkgs/nixos/modules/services/home-automation/home-assistant.nix>
|
services.home-assistant.config.lovelace.modeIn what mode should the main Lovelace panel be, yaml or storage (UI managed).
Type: one of "yaml", "storage"
Default:
if cfg.lovelaceConfig != null then "yaml" else "storage";
Example: "yaml"
Declared by:
<nixpkgs/nixos/modules/services/home-automation/home-assistant.nix>
|
services.home-assistant.configDirThe config directory, where your configuration.yaml is located.
Type: path
Default: "/var/lib/hass"
Declared by:
<nixpkgs/nixos/modules/services/home-automation/home-assistant.nix>
|
services.home-assistant.configWritableWhether to make configuration.yaml writable.
This will allow you to edit it from Home Assistant's web interface.
This only has an effect if config is set.
However, bear in mind that it will be overwritten at every start of the service.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/home-automation/home-assistant.nix>
|
services.home-assistant.extraComponentsList of components that have their dependencies included in the package.
The component name can be found in the URL, for example https://www.home-assistant.io/integrations/ffmpeg/ would map to ffmpeg.
Type: list of (one of "3_day_blinds", "abode", "accuweather", "acer_projector", "acmeda", "actiontec", "adax", "adguard", "ads", "advantage_air", "aemet", "aftership", "agent_dvr", "air_quality", "airly", "airnow", "airq", "airthings", "airthings_ble", "airtouch4", "airvisual", "airzone", "aladdin_connect", "alarm_control_panel", "alarmdecoder", "alert", "alexa", "almond", "alpha_vantage", "amazon_polly", "amberelectric", "ambiclimate", "ambient_station", "amcrest", "amp_motorization", "ampio", "analytics", "android_ip_webcam", "androidtv", "anel_pwrctrl", "anthemav", "apache_kafka", "apcupsd", "api", "apple_tv", "application_credentials", "apprise", "aprs", "aqualogic", "aquostv", "aranet", "arcam_fmj", "arest", "arris_tg2492lg", "aruba", "arwn", "aseko_pool_live", "asterisk_cdr", "asterisk_mbox", "asuswrt", "atag", "aten_pe", "atome", "august", "august_ble", "aurora", "aurora_abb_powerone", "aussie_broadband", "auth", "automation", "avea", "avion", "awair", "aws", "axis", "azure_devops", "azure_event_hub", "azure_service_bus", "backup", "baf", "baidu", "balboa", "bayesian", "bbox", "beewi_smartclim", "binary_sensor", "bitcoin", "bizkaibus", "blackbird", "blebox", "blink", "blinksticklight", "bliss_automation", "bloc_blinds", "blockchain", "bloomsky", "bluemaestro", "blueprint", "bluesound", "bluetooth", "bluetooth_le_tracker", "bluetooth_tracker", "bmw_connected_drive", "bond", "bosch_shc", "brandt", "braviatv", "brel_home", "broadlink", "brother", "brottsplatskartan", "browser", "brunt", "bsblan", "bswitch", "bt_home_hub_5", "bt_smarthub", "bthome", "bticino", "bubendorff", "buienradar", "button", "caldav", "calendar", "camera", "canary", "cast", "cert_expiry", "channels", "circuit", "cisco_ios", "cisco_mobility_express", "cisco_webex_teams", "citybikes", "clementine", "clickatell", "clicksend", "clicksend_tts", "climate", "cloud", "cloudflare", "cmus", "co2signal", "coinbase", "color_extractor", "comed_hourly_pricing", "comfoconnect", "command_line", "compensation", "concord232", "config", "configurator", "control4", "conversation", "coolmaster", "coronavirus", "counter", "cover", "cozytouch", "cppm_tracker", "cpuspeed", "crownstone", "cups", "currencylayer", "dacia", "daikin", "danfoss_air", "darksky", "datadog", "ddwrt", "debugpy", "deconz", "decora", "decora_wifi", "default_config", "delijn", "deluge", "demo", "denon", "denonavr", "derivative", "deutsche_bahn", "device_automation", "device_sun_light_trigger", "device_tracker", "devolo_home_control", "devolo_home_network", "dexcom", "dhcp", "diagnostics", "dialogflow", "diaz", "digital_loggers", "digital_ocean", "directv", "discogs", "discord", "discovery", "dlib_face_detect", "dlib_face_identify", "dlink", "dlna_dmr", "dlna_dms", "dnsip", "dominos", "doods", "doorbird", "dooya", "dovado", "downloader", "dsmr", "dsmr_reader", "dte_energy_bridge", "dublin_bus_transport", "duckdns", "dunehd", "dwd_weather_warnings", "dweet", "dynalite", "eafm", "ebox", "ebusd", "ecoal_boiler", "ecobee", "econet", "ecovacs", "ecowitt", "eddystone_temperature", "edimax", "edl21", "efergy", "egardia", "eight_sleep", "elgato", "eliqonline", "elkm1", "elmax", "elv", "emby", "emoncms", "emoncms_history", "emonitor", "emulated_hue", "emulated_kasa", "emulated_roku", "energy", "enigma2", "enocean", "enphase_envoy", "entur_public_transport", "environment_canada", "envisalink", "ephember", "epson", "epsonworkforce", "eq3btsmart", "escea", "esphome", "etherscan", "eufy", "everlights", "evil_genius_labs", "evohome", "ezviz", "faa_delays", "facebook", "facebox", "fail2ban", "familyhub", "fan", "fastdotcom", "feedreader", "ffmpeg", "ffmpeg_motion", "ffmpeg_noise", "fibaro", "fido", "file", "file_upload", "filesize", "filter", "fints", "fireservicerota", "firmata", "fitbit", "fivem", "fixer", "fjaraskupan", "fleetgo", "flexit", "flexom", "flic", "flick_electric", "flipr", "flo", "flock", "flume", "flux", "flux_led", "folder", "folder_watcher", "foobot", "forecast_solar", "forked_daapd", "fortios", "foscam", "foursquare", "free_mobile", "freebox", "freedns", "freedompro", "fritz", "fritzbox", "fritzbox_callmonitor", "fronius", "frontend", "frontier_silicon", "fully_kiosk", "futurenow", "garadget", "garages_amsterdam", "gaviota", "gc100", "gdacs", "generic", "generic_hygrostat", "generic_thermostat", "geniushub", "geo_json_events", "geo_location", "geo_rss_events", "geocaching", "geofency", "geonetnz_quakes", "geonetnz_volcano", "gios", "github", "gitlab_ci", "gitter", "glances", "goalfeed", "goalzero", "gogogate2", "goodwe", "google", "google_assistant", "google_cloud", "google_domains", "google_maps", "google_pubsub", "google_sheets", "google_translate", "google_travel_time", "google_wifi", "govee_ble", "gpsd", "gpslogger", "graphite", "gree", "greeneye_monitor", "greenwave", "group", "growatt_server", "gstreamer", "gtfs", "guardian", "habitica", "hardkernel", "hardware", "harman_kardon_avr", "harmony", "hassio", "havana_shade", "haveibeenpwned", "hddtemp", "hdmi_cec", "heatmiser", "heiwa", "heos", "here_travel_time", "hexaom", "hi_kumo", "hikvision", "hikvisioncam", "hisense_aehw4a1", "history", "history_stats", "hitron_coda", "hive", "hlk_sw16", "home_connect", "home_plus_control", "homeassistant", "homeassistant_alerts", "homeassistant_hardware", "homeassistant_sky_connect", "homeassistant_yellow", "homekit", "homekit_controller", "homematic", "homematicip_cloud", "homewizard", "homeworks", "honeywell", "horizon", "hp_ilo", "html5", "http", "huawei_lte", "hue", "huisbaasje", "humidifier", "hunterdouglas_powerview", "hurrican_shutters_wholesale", "hvv_departures", "hydrawise", "hyperion", "ialarm", "iammeter", "iaqualink", "ibeacon", "icloud", "idteck_prox", "ifttt", "iglo", "ign_sismologia", "ihc", "image", "image_processing", "imap", "imap_email_content", "incomfort", "influxdb", "inkbird", "input_boolean", "input_button", "input_datetime", "input_number", "input_select", "input_text", "inspired_shades", "insteon", "integration", "intellifire", "intent", "intent_script", "intesishome", "ios", "iotawatt", "iperf3", "ipma", "ipp", "iqvia", "irish_rail_transport", "islamic_prayer_times", "ismartwindow", "iss", "isy994", "itach", "itunes", "izone", "jellyfin", "jewish_calendar", "joaoapps_join", "juicenet", "justnimbus", "kaiterra", "kaleidescape", "kankun", "keba", "keenetic_ndms2", "kef", "kegtron", "keyboard", "keyboard_remote", "keymitt_ble", "kira", "kiwi", "kmtronic", "knx", "kodi", "konnected", "kostal_plenticore", "kraken", "kulersky", "kwb", "lacrosse", "lacrosse_view", "lametric", "landisgyr_heat_meter", "lannouncer", "lastfm", "launch_library", "laundrify", "lcn", "led_ble", "legrand", "lg_netcast", "lg_soundbar", "lidarr", "life360", "lifx", "lifx_cloud", "light", "lightwave", "limitlessled", "linksys_smart", "linode", "linux_battery", "lirc", "litejet", "litterrobot", "livisi", "llamalab_automate", "local_calendar", "local_file", "local_ip", "locative", "lock", "logbook", "logentries", "logger", "logi_circle", "london_air", "london_underground", "lookin", "lovelace", "luci", "luftdaten", "lupusec", "lutron", "lutron_caseta", "luxaflex", "lw12wifi", "lyric", "magicseaweed", "mailbox", "mailgun", "manual", "manual_mqtt", "map", "marantz", "martec", "marytts", "mastodon", "matrix", "matter", "maxcube", "mazda", "meater", "media_extractor", "media_player", "media_source", "mediaroom", "melcloud", "melissa", "melnor", "meraki", "message_bird", "met", "met_eireann", "meteo_france", "meteoalarm", "meteoclimatic", "metoffice", "mfi", "microsoft", "microsoft_face", "microsoft_face_detect", "microsoft_face_identify", "miflora", "mikrotik", "mill", "min_max", "minecraft_server", "minio", "mitemp_bt", "mjpeg", "moat", "mobile_app", "mochad", "modbus", "modem_callerid", "modern_forms", "moehlenhoff_alpha2", "mold_indicator", "monoprice", "moon", "motion_blinds", "motioneye", "mpd", "mqtt", "mqtt_eventstream", "mqtt_json", "mqtt_room", "mqtt_statestream", "msteams", "mullvad", "mutesync", "mvglive", "my", "mycroft", "myq", "mysensors", "mystrom", "mythicbeastsdns", "nad", "nam", "namecheapdns", "nanoleaf", "neato", "nederlandse_spoorwegen", "ness_alarm", "nest", "netatmo", "netdata", "netgear", "netgear_lte", "netio", "network", "neurio_energy", "nexia", "nexity", "nextbus", "nextcloud", "nextdns", "nfandroidtv", "nibe_heatpump", "nightscout", "niko_home_control", "nilu", "nina", "nissan_leaf", "nmap_tracker", "nmbs", "no_ip", "noaa_tides", "nobo_hub", "norway_air", "notify", "notify_events", "notion", "nsw_fuel_station", "nsw_rural_fire_service_feed", "nuheat", "nuki", "numato", "number", "nut", "nutrichef", "nws", "nx584", "nzbget", "oasa_telematics", "obihai", "octoprint", "oem", "ohmconnect", "ombi", "omnilogic", "onboarding", "oncue", "ondilo_ico", "onewire", "onkyo", "onvif", "open_meteo", "openalpr_cloud", "openalpr_local", "opencv", "openerz", "openevse", "openexchangerates", "opengarage", "openhardwaremonitor", "openhome", "opensensemap", "opensky", "opentherm_gw", "openuv", "openweathermap", "opnsense", "opple", "oralb", "oru", "orvibo", "osramlightify", "otp", "overkiz", "ovo_energy", "owntracks", "p1_monitor", "panasonic_bluray", "panasonic_viera", "pandora", "panel_custom", "panel_iframe", "pcs_lighting", "peco", "pencom", "persistent_notification", "person", "philips_js", "pi_hole", "picnic", "picotts", "pilight", "ping", "pioneer", "pjlink", "plaato", "plant", "plex", "plugwise", "plum_lightpad", "pocketcasts", "point", "poolsense", "powerwall", "profiler", "progettihwsw", "proliphix", "prometheus", "prosegur", "prowl", "proximity", "proxmoxve", "proxy", "prusalink", "ps4", "pulseaudio_loopback", "pure_energie", "push", "pushbullet", "pushover", "pushsafer", "pvoutput", "pvpc_hourly_pricing", "pyload", "python_script", "qbittorrent", "qingping", "qld_bushfire", "qnap", "qnap_qsw", "qrcode", "quantum_gateway", "qvr_pro", "qwikswitch", "rachio", "radarr", "radio_browser", "radiotherm", "rainbird", "raincloud", "rainforest_eagle", "rainmachine", "random", "raspberry_pi", "raspyrfm", "raven_rock_mfg", "rdw", "recollect_waste", "recorder", "recswitch", "reddit", "rejseplanen", "remember_the_milk", "remote", "remote_rpi_gpio", "renault", "repairs", "repetier", "rest", "rest_command", "rexel", "rflink", "rfxtrx", "rhasspy", "ridwell", "ring", "ripple", "risco", "rituals_perfume_genie", "rmvtransport", "roborock", "rocketchat", "roku", "roomba", "roon", "route53", "rova", "rpi_camera", "rpi_power", "rss_feed_template", "rtorrent", "rtsp_to_webrtc", "ruckus_unleashed", "russound_rio", "russound_rnet", "ruuvitag_ble", "sabnzbd", "safe_mode", "saj", "samsungtv", "satel_integra", "scene", "schedule", "schluter", "scrape", "screenaway", "screenlogic", "script", "scsgate", "search", "season", "select", "sendgrid", "sense", "senseme", "sensibo", "sensirion_ble", "sensor", "sensorblue", "sensorpro", "sensorpush", "sentry", "senz", "serial", "serial_pm", "sesame", "seven_segments", "seventeentrack", "sharkiq", "shell_command", "shelly", "shiftr", "shodan", "shopping_list", "sia", "sigfox", "sighthound", "signal_messenger", "simplepush", "simplisafe", "simply_automated", "simu", "simulated", "sinch", "siren", "sisyphus", "sky_hub", "skybeacon", "skybell", "slack", "sleepiq", "slide", "slimproto", "sma", "smappee", "smart_blinds", "smart_home", "smart_meter_texas", "smarther", "smartthings", "smarttub", "smarty", "smhi", "sms", "smtp", "snapcast", "snips", "snmp", "snooz", "solaredge", "solaredge_local", "solarlog", "solax", "soma", "somfy", "somfy_mylink", "sonarr", "songpal", "sonos", "sony_projector", "soundtouch", "spaceapi", "spc", "speedtestdotnet", "spider", "splunk", "spotify", "sql", "squeezebox", "srp_energy", "ssdp", "starline", "starlingbank", "startca", "statistics", "statsd", "steam_online", "steamist", "stiebel_eltron", "stookalert", "stream", "streamlabswater", "stt", "subaru", "suez_water", "sun", "supervisord", "supla", "surepetcare", "swiss_hydrological_data", "swiss_public_transport", "swisscom", "switch", "switch_as_x", "switchbee", "switchbot", "switcher_kis", "switchmate", "symfonisk", "syncthing", "syncthru", "synology_chat", "synology_dsm", "synology_srm", "syslog", "system_bridge", "system_health", "system_log", "systemmonitor", "tado", "tag", "tailscale", "tank_utility", "tankerkoenig", "tapsaff", "tasmota", "tautulli", "tcp", "ted5000", "telegram", "telegram_bot", "tellduslive", "tellstick", "telnet", "temper", "template", "tensorflow", "tesla_wall_connector", "text", "tfiac", "thermobeacon", "thermoplus", "thermopro", "thermoworks_smoke", "thethingsnetwork", "thingspeak", "thinkingcleaner", "thomson", "threshold", "tibber", "tikteck", "tile", "tilt_ble", "time_date", "timer", "tmb", "tod", "todoist", "tolo", "tomato", "tomorrowio", "toon", "torque", "totalconnect", "touchline", "tplink", "tplink_lte", "traccar", "trace", "tractive", "tradfri", "trafikverket_ferry", "trafikverket_train", "trafikverket_weatherstation", "transmission", "transport_nsw", "travisci", "trend", "tts", "tuya", "twentemilieu", "twilio", "twilio_call", "twilio_sms", "twinkly", "twitch", "twitter", "ubiwizz", "ubus", "ue_smart_radio", "uk_transport", "ukraine_alarm", "ultraloq", "unifi", "unifi_direct", "unifiled", "unifiprotect", "universal", "upb", "upc_connect", "upcloud", "update", "upnp", "uprise_smart_shades", "uptime", "uptimerobot", "usb", "usgs_earthquakes_feed", "utility_meter", "uvc", "vacuum", "vallox", "vasttrafik", "velbus", "velux", "venstar", "vera", "verisure", "versasense", "version", "vesync", "viaggiatreno", "vicare", "vilfo", "vivotek", "vizio", "vlc", "vlc_telnet", "voicerss", "volkszaehler", "volumio", "volvooncall", "vulcan", "vultr", "w800rf32", "wake_on_lan", "wallbox", "waqi", "water_heater", "waterfurnace", "watson_iot", "watson_tts", "watttime", "waze_travel_time", "weather", "webhook", "webostv", "websocket_api", "wemo", "whirlpool", "whois", "wiffi", "wilight", "wirelesstag", "withings", "wiz", "wled", "wolflink", "workday", "worldclock", "worldtidesinfo", "worxlandroid", "ws66i", "wsdot", "x10", "xbox", "xbox_live", "xeoma", "xiaomi", "xiaomi_aqara", "xiaomi_ble", "xiaomi_miio", "xiaomi_tv", "xmpp", "xs1", "yale_smart_alarm", "yalexs_ble", "yamaha", "yamaha_musiccast", "yandex_transport", "yandextts", "yeelight", "yeelightsunflower", "yi", "yolink", "youless", "zabbix", "zamg", "zengge", "zeroconf", "zerproc", "zestimate", "zha", "zhong_hong", "ziggo_mediabox_xl", "zodiac", "zone", "zoneminder", "zwave_js", "zwave_me")
Default:
[ "default_config" "met" "esphome" ]
Example:
[ "analytics" "default_config" "esphome" "my" "shopping_list" "wled" ]
Declared by:
<nixpkgs/nixos/modules/services/home-automation/home-assistant.nix>
|
services.home-assistant.extraPackagesList of packages to add to propagatedBuildInputs.
A popular example is python3Packages.psycopg2
for PostgreSQL support in the recorder component.
Type: function that evaluates to a(n) list of package
Default:
python3Packages: with python3Packages; [];
Example:
python3Packages: with python3Packages; [ # postgresql support psycopg2 ];
Declared by:
<nixpkgs/nixos/modules/services/home-automation/home-assistant.nix>
|
services.home-assistant.lovelaceConfigYour ui-lovelace.yaml as a Nix attribute set.
Setting this option will automatically set lovelace.mode to yaml.
Beware that setting this option will delete your previous ui-lovelace.yaml
Type: null or YAML value
Default: null
Example:
{
title = "My Awesome Home";
views = [ {
title = "Example";
cards = [ {
type = "markdown";
title = "Lovelace";
content = "Welcome to your **Lovelace UI**.";
} ];
} ];
}
Declared by:
<nixpkgs/nixos/modules/services/home-automation/home-assistant.nix>
|
services.home-assistant.lovelaceConfigWritableWhether to make ui-lovelace.yaml writable.
This will allow you to edit it from Home Assistant's web interface.
This only has an effect if lovelaceConfig is set.
However, bear in mind that it will be overwritten at every start of the service.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/home-automation/home-assistant.nix>
|
services.home-assistant.openFirewallWhether to open the firewall for the specified port.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/home-automation/home-assistant.nix>
|
services.hoogle.enableWhether to enable Haskell documentation server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/development/hoogle.nix>
|
services.hoogle.packagesThe Haskell packages to generate documentation for.
The option value is a function that takes the package set specified in
the haskellPackages option as its sole parameter and
returns a list of packages.
Type: function that evaluates to a(n) list of package
Default: hp: []
Example: hp: with hp; [ text lens ]
Declared by:
<nixpkgs/nixos/modules/services/development/hoogle.nix>
|
services.hoogle.haskellPackagesWhich haskell package set to use.
Type: attribute set
Default: pkgs.haskellPackages
Declared by:
<nixpkgs/nixos/modules/services/development/hoogle.nix>
|
services.hoogle.homeUrl for hoogle logo
Type: string
Default: "https://hoogle.haskell.org"
Declared by:
<nixpkgs/nixos/modules/services/development/hoogle.nix>
|
services.hoogle.hostSet the host to bind on.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/development/hoogle.nix>
|
services.hoogle.portPort number Hoogle will be listening to.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8080
Declared by:
<nixpkgs/nixos/modules/services/development/hoogle.nix>
|
services.hostapd.enableEnable putting a wireless interface into infrastructure mode,
allowing other wireless devices to associate with the wireless
interface and do wireless networking. A simple access point will
enable hostapd.wpa,
hostapd.wpaPassphrase, and
hostapd.ssid, as well as DHCP on the wireless
interface to provide IP addresses to the associated stations, and
NAT (from the wireless interface to an upstream interface).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/hostapd.nix>
|
services.hostapd.channelChannel number (IEEE 802.11) Please note that some drivers do not use this value from hostapd and the channel will need to be configured separately with iwconfig.
Type: signed integer
Default: 7
Example: 11
Declared by:
<nixpkgs/nixos/modules/services/networking/hostapd.nix>
|
services.hostapd.countryCodeCountry code (ISO/IEC 3166-1). Used to set regulatory domain. Set as needed to indicate country in which device is operating. This can limit available channels and transmit power. These two octets are used as the first two octets of the Country String (dot11CountryString). If set this enables IEEE 802.11d. This advertises the countryCode and the set of allowed channels and transmit power levels based on the regulatory limits.
Type: null or string
Default: null
Example: "US"
Declared by:
<nixpkgs/nixos/modules/services/networking/hostapd.nix>
|
services.hostapd.driverWhich driver hostapd will use. Most applications will probably use the default.
Type: string
Default: "nl80211"
Example: "hostapd"
Declared by:
<nixpkgs/nixos/modules/services/networking/hostapd.nix>
|
services.hostapd.extraConfigExtra configuration options to put in hostapd.conf.
Type: strings concatenated with "\n"
Default: ""
Example:
'' auth_algo=0 ieee80211n=1 ht_capab=[HT40-][SHORT-GI-40][DSSS_CCK-40] ''
Declared by:
<nixpkgs/nixos/modules/services/networking/hostapd.nix>
|
services.hostapd.groupMembers of this group can control hostapd.
Type: string
Default: "wheel"
Example: "network"
Declared by:
<nixpkgs/nixos/modules/services/networking/hostapd.nix>
|
services.hostapd.hwModeOperation mode. (a = IEEE 802.11a, b = IEEE 802.11b, g = IEEE 802.11g).
Type: one of "a", "b", "g"
Default: "g"
Declared by:
<nixpkgs/nixos/modules/services/networking/hostapd.nix>
|
services.hostapd.interfaceThe interfaces hostapd will use.
Type: string
Default: ""
Example: "wlp2s0"
Declared by:
<nixpkgs/nixos/modules/services/networking/hostapd.nix>
|
services.hostapd.logLevelLevels (minimum value for logged events): 0 = verbose debugging 1 = debugging 2 = informational messages 3 = notification 4 = warning
Type: signed integer
Default: 2
Declared by:
<nixpkgs/nixos/modules/services/networking/hostapd.nix>
|
services.hostapd.noScanDo not scan for overlapping BSSs in HT40+/- mode. Caution: turning this on will violate regulatory requirements!
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/hostapd.nix>
|
services.hostapd.ssidSSID to be used in IEEE 802.11 management frames.
Type: string
Default: "nixos"
Example: "mySpecialSSID"
Declared by:
<nixpkgs/nixos/modules/services/networking/hostapd.nix>
|
services.hostapd.wpaEnable WPA (IEEE 802.11i/D3.0) to authenticate with the access point.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/hostapd.nix>
|
services.hostapd.wpaPassphraseWPA-PSK (pre-shared-key) passphrase. Clients will need this passphrase to associate with this access point. Warning: This passphrase will get put into a world-readable file in the Nix store!
Type: string
Default: "my_sekret"
Example: "any_64_char_string"
Declared by:
<nixpkgs/nixos/modules/services/networking/hostapd.nix>
|
services.hound.enableWhether to enable the hound code search daemon.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/search/hound.nix>
|
services.hound.packagePackage for running hound.
Type: package
Default: pkgs.hound
Declared by:
<nixpkgs/nixos/modules/services/search/hound.nix>
|
services.hound.configThe full configuration of the Hound daemon. Note the dbpath should be an absolute path to a writable location on disk.
Type: string
Example:
''
{
"max-concurrent-indexers" : 2,
"dbpath" : "${services.hound.home}/data",
"repos" : {
"nixpkgs": {
"url" : "https://www.github.com/NixOS/nixpkgs.git"
}
}
}
''
Declared by:
<nixpkgs/nixos/modules/services/search/hound.nix>
|
services.hound.extraGroupsList of extra groups that the "hound" user should be a part of.
Type: list of string
Default: [ ]
Example:
[ "dialout" ]
Declared by:
<nixpkgs/nixos/modules/services/search/hound.nix>
|
services.hound.groupGroup the hound daemon should execute under.
Type: string
Default: "hound"
Declared by:
<nixpkgs/nixos/modules/services/search/hound.nix>
|
services.hound.homeThe path to use as hound's $HOME. If the default user "hound" is configured then this is the home of the "hound" user.
Type: path
Default: "/var/lib/hound"
Declared by:
<nixpkgs/nixos/modules/services/search/hound.nix>
|
services.hound.listenListen on this IP:port / :port
Type: string
Default: "0.0.0.0:6080"
Example: "127.0.0.1:6080 or just :6080"
Declared by:
<nixpkgs/nixos/modules/services/search/hound.nix>
|
services.hound.userUser the hound daemon should execute under.
Type: string
Default: "hound"
Declared by:
<nixpkgs/nixos/modules/services/search/hound.nix>
|
services.hqplayerd.enableWhether to enable HQPlayer Embedded.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/audio/hqplayerd.nix>
|
services.hqplayerd.auth.passwordPassword used for HQPlayer's WebUI.
Without this you will need to manually create the credentials after first start by going to http://your.ip/8088/auth
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/audio/hqplayerd.nix>
|
services.hqplayerd.auth.usernameUsername used for HQPlayer's WebUI.
Without this you will need to manually create the credentials after first start by going to http://your.ip/8088/auth
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/audio/hqplayerd.nix>
|
services.hqplayerd.configHQplayer daemon configuration, written to /etc/hqplayer/hqplayerd.xml.
Refer to share/doc/hqplayerd/readme.txt in the hqplayerd derivation for possible values.
Type: null or strings concatenated with "\n"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/audio/hqplayerd.nix>
|
services.hqplayerd.licenseFilePath to the HQPlayer license key file.
Without this, the service will run in trial mode and restart every 30 minutes.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/audio/hqplayerd.nix>
|
services.hqplayerd.openFirewallOpens ports needed for the WebUI and controller API.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/audio/hqplayerd.nix>
|
services.htpdate.enableEnable htpdate daemon.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/htpdate.nix>
|
services.htpdate.extraOptionsAdditional command line arguments to pass to htpdate.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/htpdate.nix>
|
services.htpdate.proxyHTTP proxy used for requests.
Type: string
Default: ""
Example: "127.0.0.1:8118"
Declared by:
<nixpkgs/nixos/modules/services/networking/htpdate.nix>
|
services.htpdate.serversHTTP servers to use for time synchronization.
Type: list of string
Default:
[ "www.google.com" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/htpdate.nix>
|
services.httpd.enableWhether to enable the Apache HTTP Server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.enableMellonWhether to enable the mod_auth_mellon module.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.enablePHPWhether to enable the PHP module.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.enablePerlWhether to enable the Perl module (mod_perl).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.packageOverridable attribute of the Apache HTTP Server package to use.
Type: package
Default: pkgs.apacheHttpd
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.adminAddrE-mail address of the server administrator.
Type: null or string
Default: null
Example: "admin@example.org"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.configFileOverride the configuration file used by Apache. By default, NixOS generates one automatically.
Type: path
Default: confFile
Example: pkgs.writeText "httpd.conf" "# my custom config file ..."
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.extraConfigConfiguration lines appended to the generated Apache
configuration file. Note that this mechanism will not work
when configFile is overridden.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.extraModulesAdditional Apache modules to be used. These can be
specified as a string in the case of modules distributed
with Apache, or as an attribute set specifying the
name and path of the
module.
Type: list of unspecified value
Default: [ ]
Example:
[
"proxy_connect"
{ name = "jk"; path = "${pkgs.tomcat_connectors}/modules/mod_jk.so"; }
]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.groupGroup under which httpd children processes run.
Type: string
Default: "wwwrun"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.logDirDirectory for Apache's log files. It is created automatically.
Type: path
Default: "/var/log/httpd"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.logFormatLog format for log files. Possible values are: combined, common, referer, agent, none. See https://httpd.apache.org/docs/2.4/logs.html for more details.
Type: string
Default: "common"
Example: "combined"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.logPerVirtualHostIf enabled, each virtual host gets its own
access.log and
error.log, namely suffixed by the
hostName of the virtual host.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.maxClientsMaximum number of httpd processes (prefork)
Type: signed integer
Default: 150
Example: 8
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.maxRequestsPerChildMaximum number of httpd requests answered per httpd child (prefork), 0 means unlimited.
Type: signed integer
Default: 0
Example: 500
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.mpmMulti-processing module to be used by Apache. Available
modules are prefork (handles each
request in a separate child process), worker
(hybrid approach that starts a number of child processes
each running a number of threads) and event
(the default; a recent variant of worker
that handles persistent connections more efficiently).
Type: one of "event", "prefork", "worker"
Default: "event"
Example: "worker"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.phpOptionsOptions appended to the PHP configuration file php.ini.
Type: strings concatenated with "\n"
Default: ""
Example:
'' date.timezone = "CET" ''
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.phpPackageOverridable attribute of the PHP package to use.
Type: package
Default: pkgs.php
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.sslCiphersCipher Suite available for negotiation in SSL proxy handshake.
Type: string
Default: "HIGH:!aNULL:!MD5:!EXP"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.sslProtocolsAllowed SSL/TLS protocol versions.
Type: string
Default: "All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1"
Example: "All -SSLv2 -SSLv3"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.userUser account under which httpd children processes run.
If you require the main httpd process to run as
root add the following configuration:
systemd.services.httpd.serviceConfig.User = lib.mkForce "root";
Type: string
Default: "wwwrun"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.virtualHostsSpecification of the virtual hosts served by Apache. Each element should be an attribute set specifying the configuration of the virtual host.
Type: attribute set of (submodule)
Default:
{
localhost = {
documentRoot = "${package.out}/htdocs";
};
}
Example:
{
"foo.example.com" = {
forceSSL = true;
documentRoot = "/var/www/foo.example.com"
};
"bar.example.com" = {
addSSL = true;
documentRoot = "/var/www/bar.example.com";
};
}
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.virtualHosts.<name>.enableACMEWhether to ask Let's Encrypt to sign a certificate for this vhost.
Alternately, you can use an existing certificate through useACMEHost.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.virtualHosts.<name>.enableUserDirWhether to enable serving ~/public_html as
/~«username».
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.virtualHosts.<name>.acmeRootDirectory for the acme challenge which is PUBLIC, don't put certs or keys in here. Set to null to inherit from config.security.acme.
Type: null or string
Default: "/var/lib/acme/acme-challenge"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.virtualHosts.<name>.addSSLWhether to enable HTTPS in addition to plain HTTP. This will set defaults for
listen to listen on all interfaces on the respective default
ports (80, 443).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.virtualHosts.<name>.adminAddrE-mail address of the server administrator.
Type: null or string
Default: null
Example: "admin@example.org"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.virtualHosts.<name>.documentRootThe path of Apache's document root directory. If left undefined, an empty directory in the Nix store will be used as root.
Type: null or path
Default: null
Example: "/data/webserver/docs"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.virtualHosts.<name>.extraConfigThese lines go to httpd.conf verbatim. They will go after directories and directory aliases defined by default.
Type: strings concatenated with "\n"
Default: ""
Example:
''
<Directory /home>
Options FollowSymlinks
AllowOverride All
</Directory>
''Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.virtualHosts.<name>.forceSSLWhether to add a separate nginx server block that permanently redirects (301)
all plain HTTP traffic to HTTPS. This will set defaults for
listen to listen on all interfaces on the respective default
ports (80, 443), where the non-SSL listens are used for the redirect vhosts.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.virtualHosts.<name>.globalRedirectIf set, all requests for this host are redirected permanently to the given URL.
Type: null or string
Default: null
Example: "http://newserver.example.org/"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.virtualHosts.<name>.hostNameCanonical hostname for the server.
Type: string
Default: "‹name›"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.virtualHosts.<name>.http2Whether to enable HTTP 2. HTTP/2 is supported in all multi-processing modules that come with httpd. However, if you use the prefork mpm, there will be severe restrictions. Refer to https://httpd.apache.org/docs/2.4/howto/http2.html#mpm-config for details.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.virtualHosts.<name>.listenListen addresses and ports for this virtual host.
This option overrides addSSL, forceSSL and onlySSL.
If you only want to set the addresses manually and not the ports, take a look at listenAddresses.
Type: list of (submodule)
Default: [ ]
Example:
[
{
ip = "195.154.1.1";
port = 443;
ssl = true;
}
{
ip = "192.154.1.1";
port = 80;
}
{
ip = "*";
port = 8080;
}
]Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.virtualHosts.<name>.listen.*.ipIP to listen on. 0.0.0.0 for IPv4 only, * for all.
Type: string
Default: "*"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.virtualHosts.<name>.listen.*.portPort to listen on
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.virtualHosts.<name>.listen.*.sslWhether to enable SSL (https) support.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.virtualHosts.<name>.listenAddressesListen addresses for this virtual host.
Compared to listen this only sets the addresses
and the ports are chosen automatically.
Type: non-empty (list of string)
Default:
[ "*" ]
Example:
[ "127.0.0.1" ]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.virtualHosts.<name>.locationsDeclarative location config. See https://httpd.apache.org/docs/2.4/mod/core.html#location for details.
Type: attribute set of (submodule)
Default: { }
Example:
{
"/" = {
proxyPass = "http://localhost:3000";
};
"/foo/bar.png" = {
alias = "/home/eelco/some-file.png";
};
};
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.virtualHosts.<name>.locations.<name>.aliasAlias directory for requests. See https://httpd.apache.org/docs/2.4/mod/mod_alias.html#alias.
Type: null or path
Default: null
Example: "/your/alias/directory"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.virtualHosts.<name>.locations.<name>.extraConfigThese lines go to the end of the location verbatim.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.virtualHosts.<name>.locations.<name>.indexAdds DirectoryIndex directive. See https://httpd.apache.org/docs/2.4/mod/mod_dir.html#directoryindex.
Type: null or string
Default: null
Example: "index.php index.html"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.virtualHosts.<name>.locations.<name>.priorityOrder of this location block in relation to the others in the vhost.
The semantics are the same as with lib.mkOrder. Smaller values have
a greater priority.
Type: signed integer
Default: 1000
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.virtualHosts.<name>.locations.<name>.proxyPassSets up a simple reverse proxy as described by https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html#simple.
Type: null or string
Default: null
Example: "http://www.example.org/"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.virtualHosts.<name>.logFormatLog format for Apache's log files. Possible values are: combined, common, referer, agent.
Type: string
Default: "common"
Example: "combined"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.virtualHosts.<name>.onlySSLWhether to enable HTTPS and reject plain HTTP connections. This will set
defaults for listen to listen on all interfaces on port 443.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.virtualHosts.<name>.robotsEntriesSpecification of pages to be ignored by web crawlers. See http://www.robotstxt.org/ for details.
Type: strings concatenated with "\n"
Default: ""
Example: "Disallow: /foo/"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.virtualHosts.<name>.servedDirsThis option provides a simple way to serve static directories.
Type: list of (attribute set)
Default: [ ]
Example:
[
{
dir = "/home/eelco/Dev/nix-homepage";
urlPath = "/nix";
}
]Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.virtualHosts.<name>.servedFilesThis option provides a simple way to serve individual, static files.
This option has been deprecated and will be removed in a future
version of NixOS. You can achieve the same result by making use of
the locations.<name>.alias option.
Type: list of (attribute set)
Default: [ ]
Example:
[
{
file = "/home/eelco/some-file.png";
urlPath = "/foo/bar.png";
}
]Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.virtualHosts.<name>.serverAliasesAdditional names of virtual hosts served by this virtual host configuration.
Type: list of string
Default: [ ]
Example:
[ "www.example.org" "www.example.org:8080" "example.org" ]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.virtualHosts.<name>.sslServerCertPath to server SSL certificate.
Type: path
Example: "/var/host.cert"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.virtualHosts.<name>.sslServerChainPath to server SSL chain file.
Type: null or path
Default: null
Example: "/var/ca.pem"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.virtualHosts.<name>.sslServerKeyPath to server SSL certificate key.
Type: path
Example: "/var/host.key"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.httpd.virtualHosts.<name>.useACMEHostA host of an existing Let's Encrypt certificate to use.
This is useful if you have many subdomains and want to avoid hitting the
rate limit.
Alternately, you can generate a certificate through enableACME.
Note that this option does not create any certificates, nor it does add subdomains to existing ones – you will need to create them manually using security.acme.certs.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix>
|
services.https-dns-proxy.enableWhether to enable https-dns-proxy daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/https-dns-proxy.nix>
|
services.https-dns-proxy.addressThe address on which to listen
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/https-dns-proxy.nix>
|
services.https-dns-proxy.extraArgsAdditional arguments to pass to the process.
Type: list of string
Default:
[ "-v" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/https-dns-proxy.nix>
|
services.https-dns-proxy.portThe port on which to listen
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 5053
Declared by:
<nixpkgs/nixos/modules/services/networking/https-dns-proxy.nix>
|
services.https-dns-proxy.preferIPv4https_dns_proxy will by default use IPv6 and fail if it is not available. To play it safe, we choose IPv4.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/https-dns-proxy.nix>
|
services.https-dns-proxy.provider.ipsThe custom provider IPs
Type: list of string
Declared by:
<nixpkgs/nixos/modules/services/networking/https-dns-proxy.nix>
|
services.https-dns-proxy.provider.kindThe upstream provider to use or custom in case you do not trust any of the predefined providers or just want to use your own.
The default is quad9 and there are privacy and security trade-offs when using any upstream provider. Please consider that before using any of them.
Supported providers: cloudflare, custom, google, opendns, quad9
If you pick the custom provider, you will need to provide the bootstrap IP addresses as well as the resolver https URL.
Type: one of "cloudflare", "custom", "google", "opendns", "quad9"
Default: "quad9"
Declared by:
<nixpkgs/nixos/modules/services/networking/https-dns-proxy.nix>
|
services.https-dns-proxy.provider.urlThe custom provider URL
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/https-dns-proxy.nix>
|
services.hydra.enableWhether to run Hydra services.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hydra/default.nix>
|
services.hydra.packageThe Hydra package.
Type: package
Default: pkgs.hydra_unstable
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hydra/default.nix>
|
services.hydra.buildMachinesFilesList of files containing build machines.
Type: list of path
Default: optional (config.nix.buildMachines != []) "/etc/nix/machines"
Example:
[ "/etc/nix/machines" "/var/lib/hydra/provisioner/machines" ]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hydra/default.nix>
|
services.hydra.dbiThe DBI string for Hydra database connection.
NOTE: Attempts to set application_name will be overridden by
hydra-TYPE (where TYPE is e.g. evaluator, queue-runner,
etc.) in all hydra services to more easily distinguish where
queries are coming from.
Type: string
Default: "dbi:Pg:dbname=hydra;user=hydra;"
Example: "dbi:Pg:dbname=hydra;host=postgres.example.org;user=foo;"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hydra/default.nix>
|
services.hydra.debugServerWhether to run the server in debug mode.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hydra/default.nix>
|
services.hydra.extraConfigExtra lines for the Hydra configuration.
Type: strings concatenated with "\n"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hydra/default.nix>
|
services.hydra.extraEnvExtra environment variables for Hydra.
Type: attribute set of string
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hydra/default.nix>
|
services.hydra.gcRootsDirDirectory that holds Hydra garbage collector roots.
Type: path
Default: "/nix/var/nix/gcroots/hydra"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hydra/default.nix>
|
services.hydra.hydraURLThe base URL for the Hydra webserver instance. Used for links in emails.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hydra/default.nix>
|
services.hydra.listenHostThe hostname or address to listen on or * to listen
on all interfaces.
Type: string
Default: "*"
Example: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hydra/default.nix>
|
services.hydra.logoPath to a file containing the logo of your Hydra instance.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hydra/default.nix>
|
services.hydra.minimumDiskFreeThreshold of minimum disk space (GiB) to determine if the queue runner should run or not.
Type: signed integer
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hydra/default.nix>
|
services.hydra.minimumDiskFreeEvaluatorThreshold of minimum disk space (GiB) to determine if the evaluator should run or not.
Type: signed integer
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hydra/default.nix>
|
services.hydra.notificationSenderSender email address used for email notifications.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hydra/default.nix>
|
services.hydra.portTCP port the web server should listen to.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 3000
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hydra/default.nix>
|
services.hydra.smtpHostHostname of the SMTP server to use to send email.
Type: null or string
Default: null
Example: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hydra/default.nix>
|
services.hydra.trackerPiece of HTML that is included on all pages.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hydra/default.nix>
|
services.hydra.useSubstitutesWhether to use binary caches for downloading store paths. Note that binary substitutions trigger (a potentially large number of) additional HTTP requests that slow down the queue monitor thread significantly. Also, this Hydra instance will serve those downloaded store paths to its users with its own signature attached as if it had built them itself, so don't enable this feature unless your active binary caches are absolute trustworthy.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/hydra/default.nix>
|
services.hydron.enableWhether to enable hydron.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-servers/hydron.nix>
|
services.hydron.dataDirLocation where hydron runs and stores data.
Type: path
Default: "/var/lib/hydron"
Example: "/home/okina/hydron"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/hydron.nix>
|
services.hydron.fetchTagsFetch tags for imported images and webm from gelbooru.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-servers/hydron.nix>
|
services.hydron.importPathsPaths that hydron will recursively import.
Type: list of path
Default: [ ]
Example:
[ "/home/okina/Pictures" ]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/hydron.nix>
|
services.hydron.intervalHow often we run hydron import and possibly fetch tags. Runs by default every week.
The format is described in systemd.time(7).
Type: string
Default: "weekly"
Example: "06:00"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/hydron.nix>
|
services.hydron.listenAddressListen on a specific IP address and port.
Type: null or string
Default: null
Example: "127.0.0.1:8010"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/hydron.nix>
|
services.hydron.passwordPassword for the hydron database.
Type: string
Default: "hydron"
Example: "dumbpass"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/hydron.nix>
|
services.hydron.passwordFilePassword file for the hydron database.
Type: path
Default: "/run/keys/hydron-password-file"
Example: "/home/okina/hydron/keys/pass"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/hydron.nix>
|
services.hydron.postgresArgsPostgresql connection arguments.
Type: string
Example:
''
{
"driver": "postgres",
"connection": "user=hydron password=dumbpass dbname=hydron sslmode=disable"
}
''Declared by:
<nixpkgs/nixos/modules/services/web-servers/hydron.nix>
|
services.hydron.postgresArgsFilePostgresql connection arguments file.
Type: path
Default: "/run/keys/hydron-postgres-args"
Example: "/home/okina/hydron/keys/postgres"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/hydron.nix>
|
services.hylafax.enableWhether to enable HylaFAX server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/hylafax/options.nix>
|
services.hylafax.areaCodeArea code for server and all modems.
Type: null or non-empty string
Default: null
Example: "30"
Declared by:
<nixpkgs/nixos/modules/services/networking/hylafax/options.nix>
|
services.hylafax.autostartAutostart the HylaFAX queue manager at system start.
If this is false, the queue manager
will still be started if there are pending
jobs or if a user tries to connect to it.
Type: boolean
Default: true
Example: false
Declared by:
<nixpkgs/nixos/modules/services/networking/hylafax/options.nix>
|
services.hylafax.commonModemConfigAttribute set of default values for
modem config files etc/config.*.
Values can be either strings or integers
(which will be added to the config file verbatimly)
or lists thereof
(which will be translated to multiple
lines with the same configuration key).
Boolean values are translated to "Yes" or "No".
The default contains some reasonable
configuration to yield an operational system.
Think twice before changing paths of fax-processing scripts.
Type: attribute set of ((list of ((string or signed integer convertible to it) or boolean convertible to it)) or ((string or signed integer convertible to it) or boolean convertible to it) convertible to it)
Example:
{
InternationalPrefix = "00";
LongDistancePrefix = "0";
}Declared by:
<nixpkgs/nixos/modules/services/networking/hylafax/options.nix>
|
services.hylafax.countryCodeCountry code for server and all modems.
Type: null or non-empty string
Default: null
Example: "49"
Declared by:
<nixpkgs/nixos/modules/services/networking/hylafax/options.nix>
|
services.hylafax.faxcron.enable.frequencyPurge old files from the spooling area with
faxcron with the given frequency
(see systemd.time(7)).
Type: null or non-empty string
Default: null
Example: "daily"
Declared by:
<nixpkgs/nixos/modules/services/networking/hylafax/options.nix>
|
services.hylafax.faxcron.enable.spoolInitWhether to enable Purge old files from the spooling area with
faxcron
each time the spooling area is initialized.
.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/hylafax/options.nix>
|
services.hylafax.faxcron.infoDaysSet the expiration time for data in the remote machine information directory in days.
Type: positive integer, meaning >0
Default: 30
Declared by:
<nixpkgs/nixos/modules/services/networking/hylafax/options.nix>
|
services.hylafax.faxcron.logDaysSet the expiration time for session trace log files in days.
Type: positive integer, meaning >0
Default: 30
Declared by:
<nixpkgs/nixos/modules/services/networking/hylafax/options.nix>
|
services.hylafax.faxcron.rcvDaysSet the expiration time for files in the received facsimile queue in days.
Type: positive integer, meaning >0
Default: 7
Declared by:
<nixpkgs/nixos/modules/services/networking/hylafax/options.nix>
|
services.hylafax.faxqConfigAttribute set of lines for the global
faxq config file etc/config.
Values can be either strings or integers
(which will be added to the config file verbatimly)
or lists thereof
(which will be translated to multiple
lines with the same configuration key).
Boolean values are translated to "Yes" or "No".
The default contains some reasonable
configuration to yield an operational system.
Type: attribute set of ((list of ((string or signed integer convertible to it) or boolean convertible to it)) or ((string or signed integer convertible to it) or boolean convertible to it) convertible to it)
Example:
{
InternationalPrefix = "00";
LongDistancePrefix = "0";
}Declared by:
<nixpkgs/nixos/modules/services/networking/hylafax/options.nix>
|
services.hylafax.faxqclean.enable.frequencyPurge old files from the spooling area with
faxcron with the given frequency
(see systemd.time(7)).
Type: null or non-empty string
Default: null
Example: "daily"
Declared by:
<nixpkgs/nixos/modules/services/networking/hylafax/options.nix>
|
services.hylafax.faxqclean.enable.spoolInitWhether to enable Purge old files from the spooling area with
faxqclean
each time the spooling area is initialized.
.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/hylafax/options.nix>
|
services.hylafax.faxqclean.archivingEnable or suppress job archiving:
never disables job archiving,
as-flagged archives jobs that
have been flagged for archiving by sendfax,
always forces archiving of all jobs.
See also sendfax(1) and faxqclean(8).
Type: one of "never", "as-flagged", "always"
Default: "as-flagged"
Example: "always"
Declared by:
<nixpkgs/nixos/modules/services/networking/hylafax/options.nix>
|
services.hylafax.faxqclean.docqMinutesSet the document age threshold (in minutes) that controls how long unreferenced files may reside in the docq directory.
Type: positive integer, meaning >0
Default: 60
Example: 24*60
Declared by:
<nixpkgs/nixos/modules/services/networking/hylafax/options.nix>
|
services.hylafax.faxqclean.doneqMinutesSet the job age threshold (in minutes) that controls how long jobs may reside in the doneq directory.
Type: positive integer, meaning >0
Default: 15
Example: 24*60
Declared by:
<nixpkgs/nixos/modules/services/networking/hylafax/options.nix>
|
services.hylafax.hfaxdConfigAttribute set of lines for the global
hfaxd config file etc/hfaxd.conf.
Values can be either strings or integers
(which will be added to the config file verbatimly)
or lists thereof
(which will be translated to multiple
lines with the same configuration key).
Boolean values are translated to "Yes" or "No".
The default contains some reasonable
configuration to yield an operational system.
Type: attribute set of ((list of ((string or signed integer convertible to it) or boolean convertible to it)) or ((string or signed integer convertible to it) or boolean convertible to it) convertible to it)
Example:
{
RecvqProtection = "0400";
}Declared by:
<nixpkgs/nixos/modules/services/networking/hylafax/options.nix>
|
services.hylafax.internationalPrefixInternational prefix for server and all modems.
Type: null or string
Default: null
Example: "00"
Declared by:
<nixpkgs/nixos/modules/services/networking/hylafax/options.nix>
|
services.hylafax.longDistancePrefixLong distance prefix for server and all modems.
Type: null or string
Default: null
Example: "0"
Declared by:
<nixpkgs/nixos/modules/services/networking/hylafax/options.nix>
|
services.hylafax.modemsDescription of installed modems. At least on modem must be defined to enable the HylaFAX server.
Type: attribute set of (submodule)
Default: { }
Example:
{
ttyS1 = {
config = {
FAXNumber = "123456";
LocalIdentifier = "Smith";
};
type = "cirrus";
};
}Declared by:
<nixpkgs/nixos/modules/services/networking/hylafax/options.nix>
|
services.hylafax.modems.<name>.configAttribute set of values for the given modem. Values can be either strings or integers (which will be added to the config file verbatimly) or lists thereof (which will be translated to multiple lines with the same configuration key). Boolean values are translated to "Yes" or "No". The default contains some reasonable configuration to yield an operational system.
Options defined here override options in
commonModemConfig for this modem.
Type: attribute set of ((list of ((string or signed integer convertible to it) or boolean convertible to it)) or ((string or signed integer convertible to it) or boolean convertible to it) convertible to it)
Example:
{
AreaCode = "49";
FAXNumber = "123456";
LocalCode = "30";
LocalIdentifier = "LostInBerlin";
}Declared by:
<nixpkgs/nixos/modules/services/networking/hylafax/options.nix>
|
services.hylafax.modems.<name>.nameName of modem device,
will be searched for in /dev.
Type: non-empty string
Example: "ttyS1"
Declared by:
<nixpkgs/nixos/modules/services/networking/hylafax/options.nix>
|
services.hylafax.modems.<name>.typeName of modem configuration file,
will be searched for in config
in the spooling area directory.
Type: non-empty string
Example: "cirrus"
Declared by:
<nixpkgs/nixos/modules/services/networking/hylafax/options.nix>
|
services.hylafax.sendmailPathPath to sendmail program.
The default uses the local sendmail wrapper
(see config.services.mail.sendmailSetuidWrapper),
otherwise the false
binary to cause an error if used.
Type: path
Example: "${pkgs.postfix}/bin/sendmail"
Declared by:
<nixpkgs/nixos/modules/services/networking/hylafax/options.nix>
|
services.hylafax.spoolAreaPathThe spooling area will be created/maintained at the location given here.
Type: path
Default: "/var/spool/fax"
Declared by:
<nixpkgs/nixos/modules/services/networking/hylafax/options.nix>
|
services.hylafax.spoolExtraInitAdditional shell code that is executed within the spooling area directory right after its setup.
Type: strings concatenated with "\n"
Default: ""
Example: "chmod 0755 . # everyone may read my faxes"
Declared by:
<nixpkgs/nixos/modules/services/networking/hylafax/options.nix>
|
services.hylafax.userAccessFileThe hosts.hfaxd
file entry in the spooling area
will be symlinked to the location given here.
This file must exist and be
readable only by the uucp user.
See hosts.hfaxd(5) for details.
This configuration permits access for all users:
environment.etc."hosts.hfaxd" = {
mode = "0600";
user = "uucp";
text = ".*";
};
Note that host-based access can be controlled with
config.systemd.sockets.hylafax-hfaxd.listenStreams;
by default, only 127.0.0.1 is permitted to connect.
Type: path
Default: "/etc/hosts.hfaxd"
Declared by:
<nixpkgs/nixos/modules/services/networking/hylafax/options.nix>
|
services.i2p.enableWhether to enable I2P router.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/i2p.nix>
|
services.i2pd.enableEnables I2Pd as a running service upon activation. Please read http://i2pd.readthedocs.io/en/latest/ for further configuration help.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.enableIPv4Whether to enable IPv4 connectivity.
Type: boolean
Default: true
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.enableIPv6Whether to enable IPv6 connectivity.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.packagei2pd package to use.
Type: package
Default: pkgs.i2pd
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.addressYour external IP or hostname.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.addressbook.defaulturlAddressBook subscription URL for initial setup
Type: string
Default: "http://joajgazyztfssty4w2on5oaqksz6tqoxbduy553y34mf4byv6gpq.b32.i2p/export/alive-hosts.txt"
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.addressbook.subscriptionsAddressBook subscription URLs
Type: list of string
Default:
[ "http://inr.i2p/export/alive-hosts.txt" "http://i2p-projekt.i2p/hosts.txt" "http://stats.i2p/cgi-bin/newhosts.txt" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.bandwidthSet a router bandwidth limit integer in KBps. If not set, i2pd defaults to 32KBps.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.dataDirAlternative path to storage of i2pd data (RI, keys, peer profiles, ...)
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.exploratory.inbound.lengthGuaranteed minimum hops for exploratory tunnels.
Type: signed integer
Default: 3
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.exploratory.inbound.quantityNumber of simultaneous exploratory tunnels.
Type: signed integer
Default: 5
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.exploratory.outbound.lengthGuaranteed minimum hops for exploratory tunnels.
Type: signed integer
Default: 3
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.exploratory.outbound.quantityNumber of simultaneous exploratory tunnels.
Type: signed integer
Default: 5
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.familySpecify a family the router belongs to.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.floodfillIf the router is declared to be unreachable and needs introduction nodes.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.ifnameNetwork interface to bind to.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.ifname4IPv4 interface to bind to.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.ifname6IPv6 interface to bind to.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.inTunnelsServe something on I2P network at port and delegate requests to address inPort.
Type: attribute set of (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.inTunnels.<name>.enableWhether to enable ‹name›.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.inTunnels.<name>.accessListI2P nodes that are allowed to connect to this service.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.inTunnels.<name>.addressBind address for ‹name› endpoint.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.inTunnels.<name>.crypto.tagsToSendNumber of ElGamal/AES tags to send.
Type: signed integer
Default: 40
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.inTunnels.<name>.destinationRemote endpoint, I2P hostname or b32.i2p address.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.inTunnels.<name>.inPortService port. Default to the tunnel's listen port.
Type: signed integer
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.inTunnels.<name>.inbound.lengthGuaranteed minimum hops for ‹name› tunnels.
Type: signed integer
Default: 3
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.inTunnels.<name>.inbound.quantityNumber of simultaneous ‹name› tunnels.
Type: signed integer
Default: 5
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.inTunnels.<name>.keysKeyset used for tunnel identity.
Type: string
Default: "‹name›-keys.dat"
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.inTunnels.<name>.nameThe endpoint name.
Type: string
Default: "‹name›"
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.inTunnels.<name>.outbound.lengthGuaranteed minimum hops for ‹name› tunnels.
Type: signed integer
Default: 3
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.inTunnels.<name>.outbound.quantityNumber of simultaneous ‹name› tunnels.
Type: signed integer
Default: 5
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.inTunnels.<name>.portBind port for ‹name› endpoint.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.limits.coreSizeMaximum size of corefile in Kb (0 - use system limit).
Type: signed integer
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.limits.ntcpHardMaximum number of active transit sessions.
Type: signed integer
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.limits.ntcpSoftThreshold to start probabalistic backoff with ntcp sessions (default: use system limit).
Type: signed integer
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.limits.ntcpThreadsMaximum number of threads used by NTCP DH worker.
Type: signed integer
Default: 1
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.limits.openFilesMaximum number of open files (0 - use system default).
Type: signed integer
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.limits.transittunnelsMaximum number of active transit sessions.
Type: signed integer
Default: 2500
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.logCLFTimeWhether to enable Full CLF-formatted date and time to log.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.logLevelThe log level. i2pd defaults to "info" but that generates copious amounts of log messages.
We default to "error" which is similar to the default log level of tor.
Type: one of "debug", "info", "warn", "error"
Default: "error"
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.natWhether to enable NAT bypass.
Type: boolean
Default: true
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.netidI2P overlay netid.
Type: signed integer
Default: 2
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.notransitTells the router to not accept transit tunnels during startup.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.ntcpWhether to enable ntcp.
Type: boolean
Default: true
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.ntcp2.enableWhether to enable NTCP2.
Type: boolean
Default: true
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.ntcp2.portPort to listen for incoming NTCP2 connections (0=auto).
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.ntcp2.publishedWhether to enable NTCP2 publication.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.ntcpProxyProxy URL for NTCP transport.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.outTunnelsConnect to someone as a client and establish a local accept endpoint
Type: attribute set of (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.outTunnels.<name>.enableWhether to enable ‹name›.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.outTunnels.<name>.addressBind address for ‹name› endpoint.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.outTunnels.<name>.crypto.tagsToSendNumber of ElGamal/AES tags to send.
Type: signed integer
Default: 40
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.outTunnels.<name>.destinationRemote endpoint, I2P hostname or b32.i2p address.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.outTunnels.<name>.destinationPortConnect to particular port at destination.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.outTunnels.<name>.inbound.lengthGuaranteed minimum hops for ‹name› tunnels.
Type: signed integer
Default: 3
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.outTunnels.<name>.inbound.quantityNumber of simultaneous ‹name› tunnels.
Type: signed integer
Default: 5
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.outTunnels.<name>.keysKeyset used for tunnel identity.
Type: string
Default: "‹name›-keys.dat"
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.outTunnels.<name>.nameThe endpoint name.
Type: string
Default: "‹name›"
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.outTunnels.<name>.outbound.lengthGuaranteed minimum hops for ‹name› tunnels.
Type: signed integer
Default: 3
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.outTunnels.<name>.outbound.quantityNumber of simultaneous ‹name› tunnels.
Type: signed integer
Default: 5
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.outTunnels.<name>.portBind port for ‹name› endpoint.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.portI2P listen port. If no one is given the router will pick between 9111 and 30777.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.precomputation.elgamalWhenever to use precomputated tables for ElGamal.
i2pd defaults to false
to save 64M of memory (and looses some performance).
We default to true as that is what most
users want anyway.
Type: boolean
Default: true
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.bob.enableWhether to enable bob.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.bob.addressBind address for bob endpoint.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.bob.nameThe endpoint name.
Type: string
Default: "bob"
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.bob.portBind port for bob endpoint.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 2827
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.http.enableWhether to enable http.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.http.addressBind address for http endpoint.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.http.authWhether to enable Webconsole authentication.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.http.hostnameExpected hostname for WebUI.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.http.nameThe endpoint name.
Type: string
Default: "http"
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.http.passPassword for webconsole access.
Type: string
Default: "i2pd"
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.http.portBind port for http endpoint.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 7070
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.http.strictHeadersEnable strict host checking on WebUI.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.http.userUsername for webconsole access
Type: string
Default: "i2pd"
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.httpProxy.enableWhether to enable httpproxy.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.httpProxy.addressBind address for httpproxy endpoint.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.httpProxy.inbound.lengthGuaranteed minimum hops for httpproxy tunnels.
Type: signed integer
Default: 3
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.httpProxy.inbound.quantityNumber of simultaneous httpproxy tunnels.
Type: signed integer
Default: 5
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.httpProxy.keysFile to persist HTTPPROXY keys.
Type: null or string
Default: "httpproxy-keys.dat"
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.httpProxy.latency.maxMax latency for tunnels.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.httpProxy.latency.minMin latency for tunnels.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.httpProxy.nameThe endpoint name.
Type: string
Default: "httpproxy"
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.httpProxy.outbound.lengthGuaranteed minimum hops for httpproxy tunnels.
Type: signed integer
Default: 3
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.httpProxy.outbound.quantityNumber of simultaneous httpproxy tunnels.
Type: signed integer
Default: 5
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.httpProxy.outproxyUpstream outproxy bind address.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.httpProxy.portBind port for httpproxy endpoint.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 4444
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.i2cp.enableWhether to enable i2cp.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.i2cp.addressBind address for i2cp endpoint.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.i2cp.nameThe endpoint name.
Type: string
Default: "i2cp"
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.i2cp.portBind port for i2cp endpoint.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 7654
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.i2pControl.enableWhether to enable i2pcontrol.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.i2pControl.addressBind address for i2pcontrol endpoint.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.i2pControl.nameThe endpoint name.
Type: string
Default: "i2pcontrol"
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.i2pControl.portBind port for i2pcontrol endpoint.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 7650
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.sam.enableWhether to enable sam.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.sam.addressBind address for sam endpoint.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.sam.nameThe endpoint name.
Type: string
Default: "sam"
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.sam.portBind port for sam endpoint.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 7656
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.socksProxy.enableWhether to enable socksproxy.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.socksProxy.addressBind address for socksproxy endpoint.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.socksProxy.inbound.lengthGuaranteed minimum hops for socksproxy tunnels.
Type: signed integer
Default: 3
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.socksProxy.inbound.quantityNumber of simultaneous socksproxy tunnels.
Type: signed integer
Default: 5
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.socksProxy.keysFile to persist SOCKSPROXY keys.
Type: null or string
Default: "socksproxy-keys.dat"
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.socksProxy.latency.maxMax latency for tunnels.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.socksProxy.latency.minMin latency for tunnels.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.socksProxy.nameThe endpoint name.
Type: string
Default: "socksproxy"
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.socksProxy.outbound.lengthGuaranteed minimum hops for socksproxy tunnels.
Type: signed integer
Default: 3
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.socksProxy.outbound.quantityNumber of simultaneous socksproxy tunnels.
Type: signed integer
Default: 5
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.socksProxy.outproxyUpstream outproxy bind address.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.socksProxy.outproxyEnableWhether to enable SOCKS outproxy.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.socksProxy.outproxyPortUpstream outproxy bind port.
Type: signed integer
Default: 4444
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.proto.socksProxy.portBind port for socksproxy endpoint.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 4447
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.reseed.fileFull path to SU3 file to reseed from.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.reseed.floodfillPath to router info of floodfill to reseed from.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.reseed.proxyURL for reseed proxy, supports http/socks.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.reseed.urlsReseed URLs.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.reseed.verifyWhether to enable SU3 signature verification.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.reseed.zipfilePath to local .zip file to reseed from.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.shareLimit of transit traffic from max bandwidth in percents.
Type: signed integer
Default: 100
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.ssuWhether to enable ssu.
Type: boolean
Default: true
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.trust.enableWhether to enable Explicit trust options.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.trust.familyRouter Family to trust for first hops.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.trust.hiddenWhether to enable Router concealment.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.trust.routersOnly connect to the listed routers.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.upnp.enableWhether to enable UPnP service discovery.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.upnp.nameName i2pd appears in UPnP forwardings list.
Type: string
Default: "I2Pd"
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.websocket.enableWhether to enable websockets.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.websocket.addressBind address for websockets endpoint.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.websocket.nameThe endpoint name.
Type: string
Default: "websockets"
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.websocket.portBind port for websockets endpoint.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 7666
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.yggdrasil.enableWhether to enable Yggdrasil.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.i2pd.yggdrasil.addressYour local yggdrasil address. Specify it if you want to bind your router to a particular address.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/i2pd.nix>
|
services.icecast.enableWhether to enable Icecast server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/audio/icecast.nix>
|
services.icecast.admin.passwordPassword used for all administration functions.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/audio/icecast.nix>
|
services.icecast.admin.userUsername used for all administration functions.
Type: string
Default: "admin"
Declared by:
<nixpkgs/nixos/modules/services/audio/icecast.nix>
|
services.icecast.extraConficecast.xml content.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/audio/icecast.nix>
|
services.icecast.groupGroup privileges for the server.
Type: string
Default: "nogroup"
Declared by:
<nixpkgs/nixos/modules/services/audio/icecast.nix>
|
services.icecast.hostnameDNS name or IP address that will be used for the stream directory lookups or possibly the playlist generation if a Host header is not provided.
Type: null or string
Default: config.networking.domain
Declared by:
<nixpkgs/nixos/modules/services/audio/icecast.nix>
|
services.icecast.listen.addressAddress Icecast will listen on.
Type: string
Default: "::"
Declared by:
<nixpkgs/nixos/modules/services/audio/icecast.nix>
|
services.icecast.listen.portTCP port that will be used to accept client connections.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8000
Declared by:
<nixpkgs/nixos/modules/services/audio/icecast.nix>
|
services.icecast.logDirBase directory used for logging.
Type: path
Default: "/var/log/icecast"
Declared by:
<nixpkgs/nixos/modules/services/audio/icecast.nix>
|
services.icecast.userUser privileges for the server.
Type: string
Default: "nobody"
Declared by:
<nixpkgs/nixos/modules/services/audio/icecast.nix>
|
services.icecream.daemon.enableWhether to enable Icecream Daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/icecream/daemon.nix>
|
services.icecream.daemon.packageIcecream package to use.
Type: package
Default: pkgs.icecream
Declared by:
<nixpkgs/nixos/modules/services/networking/icecream/daemon.nix>
|
services.icecream.daemon.cacheLimitMaximum size in Megabytes of cache used to store compile environments of compile clients.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 256
Declared by:
<nixpkgs/nixos/modules/services/networking/icecream/daemon.nix>
|
services.icecream.daemon.extraArgsAdditional command line parameters.
Type: list of string
Default: [ ]
Example:
[ "-v" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/icecream/daemon.nix>
|
services.icecream.daemon.hostnameHostname of the daemon in the icecream infrastructure.
Uses the hostname retrieved via uname if set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/icecream/daemon.nix>
|
services.icecream.daemon.maxProcessesMaximum number of compile jobs started in parallel for this daemon.
Uses the number of CPUs if set to null.
Type: null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/icecream/daemon.nix>
|
services.icecream.daemon.netNameNetwork name to connect to. A scheduler with the same name needs to be running.
Type: string
Default: "ICECREAM"
Declared by:
<nixpkgs/nixos/modules/services/networking/icecream/daemon.nix>
|
services.icecream.daemon.niceThe level of niceness to use.
Type: signed integer
Default: 5
Declared by:
<nixpkgs/nixos/modules/services/networking/icecream/daemon.nix>
|
services.icecream.daemon.noRemotePrevent jobs from other nodes being scheduled on this daemon.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/icecream/daemon.nix>
|
services.icecream.daemon.openBroadcastWhether to automatically open the firewall for scheduler discovery.
Type: boolean
Declared by:
<nixpkgs/nixos/modules/services/networking/icecream/daemon.nix>
|
services.icecream.daemon.openFirewallWhether to automatically open receive port in the firewall.
Type: boolean
Declared by:
<nixpkgs/nixos/modules/services/networking/icecream/daemon.nix>
|
services.icecream.daemon.schedulerHostExplicit scheduler hostname, useful in firewalled environments.
Uses scheduler autodiscovery via broadcast if set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/icecream/daemon.nix>
|
services.icecream.daemon.userUser to run the icecream daemon as. Set to root to enable receive of remote compile environments.
Type: string
Default: "icecc"
Declared by:
<nixpkgs/nixos/modules/services/networking/icecream/daemon.nix>
|
services.icecream.scheduler.enableWhether to enable Icecream Scheduler.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/icecream/scheduler.nix>
|
services.icecream.scheduler.packageIcecream package to use.
Type: package
Default: pkgs.icecream
Declared by:
<nixpkgs/nixos/modules/services/networking/icecream/scheduler.nix>
|
services.icecream.scheduler.extraArgsAdditional command line parameters
Type: list of string
Default: [ ]
Example:
[ "-v" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/icecream/scheduler.nix>
|
services.icecream.scheduler.netNameNetwork name for the icecream scheduler.
Uses the default ICECREAM if null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/icecream/scheduler.nix>
|
services.icecream.scheduler.openFirewallWhether to automatically open the daemon port in the firewall.
Type: boolean
Declared by:
<nixpkgs/nixos/modules/services/networking/icecream/scheduler.nix>
|
services.icecream.scheduler.openTelnetWhether to open the telnet TCP port on 8766.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/icecream/scheduler.nix>
|
services.icecream.scheduler.persistentClientConnectionWhether to prevent clients from connecting to a better scheduler.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/icecream/scheduler.nix>
|
services.icecream.scheduler.portServer port to listen for icecream daemon requests.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8765
Declared by:
<nixpkgs/nixos/modules/services/networking/icecream/scheduler.nix>
|
services.icingaweb2.enableWhether to enable the icingaweb2 web interface.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/icingaweb2/icingaweb2.nix>
|
services.icingaweb2.authenticationsauthentication.ini contents. Will automatically be converted to a .ini file.
If the value is null, no authentication.ini is created and you can modify it manually (e.g. via the web interface).
Type: null or (attribute set)
Default: null
Example:
{
icingaweb = {
backend = "db";
resource = "icingaweb_db";
};
}Declared by:
<nixpkgs/nixos/modules/services/web-apps/icingaweb2/icingaweb2.nix>
|
services.icingaweb2.generalConfigconfig.ini contents. Will automatically be converted to a .ini file. If you don't set global.module_path, the module will take care of it.
If the value is null, no config.ini is created and you can modify it manually (e.g. via the web interface). Note that you need to update module_path manually.
Type: null or (attribute set)
Default: null
Example:
{
general = {
config_resource = "icingaweb_db";
showStacktraces = 1;
};
logging = {
level = "CRITICAL";
log = "syslog";
};
}Declared by:
<nixpkgs/nixos/modules/services/web-apps/icingaweb2/icingaweb2.nix>
|
services.icingaweb2.groupBackendsgroups.ini contents. Will automatically be converted to a .ini file.
If the value is null, no groups.ini is created and you can modify it manually (e.g. via the web interface).
Type: null or (attribute set)
Default: null
Example:
{
icingaweb = {
backend = "db";
resource = "icingaweb_db";
};
}Declared by:
<nixpkgs/nixos/modules/services/web-apps/icingaweb2/icingaweb2.nix>
|
services.icingaweb2.libraryPathsLibraries to add to the Icingaweb2 library path. The name of the attribute is the name of the library, the value is the package to add.
Type: attribute set of package
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/web-apps/icingaweb2/icingaweb2.nix>
|
services.icingaweb2.modulePackagesName-package attrset of Icingaweb 2 modules packages to enable.
If you enable modules manually (e.g. via the web ui), they will not be touched.
Type: attribute set of package
Default: { }
Example:
{
"snow" = icingaweb2Modules.theme-snow;
}
Declared by:
<nixpkgs/nixos/modules/services/web-apps/icingaweb2/icingaweb2.nix>
|
services.icingaweb2.modules.doc.enableWhether to enable the icingaweb2 doc module.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/icingaweb2/icingaweb2.nix>
|
services.icingaweb2.modules.migrate.enableWhether to enable the icingaweb2 migrate module.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/icingaweb2/icingaweb2.nix>
|
services.icingaweb2.modules.monitoring.enableWhether to enable the icingaweb2 monitoring module.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/icingaweb2/module-monitoring.nix>
|
services.icingaweb2.modules.monitoring.backendsMonitoring backends to define
Type: attribute set of (submodule)
Default:
{
icinga = {
resource = "icinga_ido";
};
}Declared by:
<nixpkgs/nixos/modules/services/web-apps/icingaweb2/module-monitoring.nix>
|
services.icingaweb2.modules.monitoring.backends.<name>.disabledDisable this backend
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/icingaweb2/module-monitoring.nix>
|
services.icingaweb2.modules.monitoring.backends.<name>.resourceName of the IDO resource
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/icingaweb2/module-monitoring.nix>
|
services.icingaweb2.modules.monitoring.generalConfig.mutableMake config.ini of the monitoring module mutable (e.g. via the web interface).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/icingaweb2/module-monitoring.nix>
|
services.icingaweb2.modules.monitoring.generalConfig.protectedVarsList of string patterns for custom variables which should be excluded from user’s view.
Type: list of string
Default:
[ "*pw*" "*pass*" "community" ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/icingaweb2/module-monitoring.nix>
|
services.icingaweb2.modules.monitoring.mutableBackendsMake backends.ini of the monitoring module mutable (e.g. via the web interface).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/icingaweb2/module-monitoring.nix>
|
services.icingaweb2.modules.monitoring.mutableTransportsMake commandtransports.ini of the monitoring module mutable (e.g. via the web interface).
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/icingaweb2/module-monitoring.nix>
|
services.icingaweb2.modules.monitoring.transportsCommand transports to define
Type: attribute set of (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/web-apps/icingaweb2/module-monitoring.nix>
|
services.icingaweb2.modules.monitoring.transports.<name>.hostHost for the api or remote transport
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/icingaweb2/module-monitoring.nix>
|
services.icingaweb2.modules.monitoring.transports.<name>.instanceAssign a icinga instance to this transport
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/icingaweb2/module-monitoring.nix>
|
services.icingaweb2.modules.monitoring.transports.<name>.passwordPassword for the api transport
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/icingaweb2/module-monitoring.nix>
|
services.icingaweb2.modules.monitoring.transports.<name>.pathPath to the socket for local or remote transports
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/icingaweb2/module-monitoring.nix>
|
services.icingaweb2.modules.monitoring.transports.<name>.portPort to connect to for the api or remote transport
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/icingaweb2/module-monitoring.nix>
|
services.icingaweb2.modules.monitoring.transports.<name>.resourceSSH identity resource for the remote transport
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/icingaweb2/module-monitoring.nix>
|
services.icingaweb2.modules.monitoring.transports.<name>.typeType of this transport
Type: one of "api", "local", "remote"
Default: "api"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/icingaweb2/module-monitoring.nix>
|
services.icingaweb2.modules.monitoring.transports.<name>.usernameUsername for the api or remote transport
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/icingaweb2/module-monitoring.nix>
|
services.icingaweb2.modules.setup.enableWhether to enable the icingaweb2 setup module.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/icingaweb2/icingaweb2.nix>
|
services.icingaweb2.modules.test.enableWhether to enable the icingaweb2 test module.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/icingaweb2/icingaweb2.nix>
|
services.icingaweb2.modules.translation.enableWhether to enable the icingaweb2 translation module.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/icingaweb2/icingaweb2.nix>
|
services.icingaweb2.poolName of existing PHP-FPM pool that is used to run Icingaweb2. If not specified, a pool will automatically created with default values.
Type: string
Default: "icingaweb2"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/icingaweb2/icingaweb2.nix>
|
services.icingaweb2.resourcesresources.ini contents. Will automatically be converted to a .ini file.
If the value is null, no resources.ini is created and you can modify it manually (e.g. via the web interface). Note that if you set passwords here, they will go into the nix store.
Type: null or (attribute set)
Default: null
Example:
{
icingaweb_db = {
db = "mysql";
dbname = "icingaweb2";
host = "localhost";
password = "icingaweb2";
type = "db";
username = "icingaweb2";
};
}Declared by:
<nixpkgs/nixos/modules/services/web-apps/icingaweb2/icingaweb2.nix>
|
services.icingaweb2.rolesroles.ini contents. Will automatically be converted to a .ini file.
If the value is null, no roles.ini is created and you can modify it manually (e.g. via the web interface).
Type: null or (attribute set)
Default: null
Example:
{
Administrators = {
permissions = "*";
users = "admin";
};
}Declared by:
<nixpkgs/nixos/modules/services/web-apps/icingaweb2/icingaweb2.nix>
|
services.icingaweb2.timezonePHP-compliant timezone specification
Type: string
Default: "UTC"
Example: "Europe/Berlin"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/icingaweb2/icingaweb2.nix>
|
services.icingaweb2.virtualHostName of the nginx virtualhost to use and setup. If null, no virtualhost is set up.
Type: null or string
Default: "icingaweb2"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/icingaweb2/icingaweb2.nix>
|
services.ihaskell.enableAutostart an IHaskell notebook service.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/ihaskell.nix>
|
services.ihaskell.extraPackagesExtra packages available to ghc when running ihaskell. The
value must be a function which receives the attrset defined
in haskellPackages as the sole argument.
Type: function that evaluates to a(n) list of package
Default: haskellPackages: []
Example:
haskellPackages: [ haskellPackages.wreq haskellPackages.lens ]
Declared by:
<nixpkgs/nixos/modules/services/misc/ihaskell.nix>
|
services.ihatemoney.enableWhether to enable ihatemoney webapp. Note that this will set uwsgi to emperor mode.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/ihatemoney>
|
services.ihatemoney.enableAdminDashboardWhether to enable ihatemoney admin dashboard.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/ihatemoney>
|
services.ihatemoney.enableCaptchaWhether to enable a simplistic captcha for some forms.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/ihatemoney>
|
services.ihatemoney.enableDemoProjectWhether to enable access to the demo project in ihatemoney.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/ihatemoney>
|
services.ihatemoney.enablePublicProjectCreationWhether to enable permission to create projects in ihatemoney by anyone.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/ihatemoney>
|
services.ihatemoney.adminHashedPasswordThe hashed password of the administrator. To obtain it, run ihatemoney generate_password_hash
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/ihatemoney>
|
services.ihatemoney.backendThe database engine to use for ihatemoney.
If postgresql is selected, then a database called
ihatemoney will be created. If you disable this option,
it will however not be removed.
Type: one of "sqlite", "postgresql"
Default: "sqlite"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/ihatemoney>
|
services.ihatemoney.defaultSender.emailThe email of the sender of ihatemoney emails
Type: string
Default: "ihatemoney@${config.networking.hostName}"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/ihatemoney>
|
services.ihatemoney.defaultSender.nameThe display name of the sender of ihatemoney emails
Type: string
Default: "Budget manager"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/ihatemoney>
|
services.ihatemoney.extraConfigExtra configuration appended to ihatemoney's configuration file. It is a python file, so pay attention to indentation.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/ihatemoney>
|
services.ihatemoney.legalLinkThe URL to a page explaining legal statements about your service, eg. GDPR-related information.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/ihatemoney>
|
services.ihatemoney.secureCookieUse secure cookies. Disable this when ihatemoney is served via http instead of https
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/ihatemoney>
|
services.ihatemoney.uwsgiConfigAdditional configuration of the UWSGI vassal running ihatemoney. It should notably specify on which interfaces and ports the vassal should listen.
Type: attribute set
Example:
{
http = ":8000";
}Declared by:
<nixpkgs/nixos/modules/services/web-apps/ihatemoney>
|
services.illum.enableEnable illum, a daemon for controlling screen brightness with brightness buttons.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/hardware/illum.nix>
|
services.incron.enableWhether to enable the incron daemon.
Note that commands run under incrontab only support common Nix profiles for the PATH provided variable.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/incron.nix>
|
services.incron.allowUsers allowed to use incrontab.
If empty then no user will be allowed to have their own incrontab.
If null then will defer to deny.
If both allow and deny are null
then all users will be allowed to have their own incrontab.
Type: null or (list of string)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/incron.nix>
|
services.incron.denyUsers forbidden from using incrontab.
Type: null or (list of string)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/incron.nix>
|
services.incron.extraPackagesExtra packages available to the system incrontab.
Type: list of package
Default: [ ]
Example: [ pkgs.rsync ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/incron.nix>
|
services.incron.systabThe system incrontab contents.
Type: strings concatenated with "\n"
Default: ""
Example:
'' /var/mail IN_CLOSE_WRITE abc $@/$# /tmp IN_ALL_EVENTS efg $@/$# $& ''
Declared by:
<nixpkgs/nixos/modules/services/monitoring/incron.nix>
|
services.infinoted.enableWhether to enable infinoted.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/editors/infinoted.nix>
|
services.infinoted.packagePackage providing infinoted
Type: package
Default: pkgs.libinfinity
Declared by:
<nixpkgs/nixos/modules/services/editors/infinoted.nix>
|
services.infinoted.certificateChainChain of CA-certificates to which our certificateFile is relative.
Optional for TLS.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/editors/infinoted.nix>
|
services.infinoted.certificateFileServer certificate to use for TLS
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/editors/infinoted.nix>
|
services.infinoted.extraConfigAdditional configuration to append to infinoted.conf
Type: strings concatenated with "\n"
Default:
'' [autosave] interval=10 ''
Declared by:
<nixpkgs/nixos/modules/services/editors/infinoted.nix>
|
services.infinoted.groupWhat to call the primary group of the dedicated user under which infinoted is run
Type: string
Default: "infinoted"
Declared by:
<nixpkgs/nixos/modules/services/editors/infinoted.nix>
|
services.infinoted.keyFilePrivate key to use for TLS
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/editors/infinoted.nix>
|
services.infinoted.passwordFileFile to read server-wide password from
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/editors/infinoted.nix>
|
services.infinoted.pluginsPlugins to enable
Type: list of string
Default:
[ "note-text" "note-chat" "logging" "autosave" ]
Declared by:
<nixpkgs/nixos/modules/services/editors/infinoted.nix>
|
services.infinoted.portPort to listen on
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 6523
Declared by:
<nixpkgs/nixos/modules/services/editors/infinoted.nix>
|
services.infinoted.rootDirectoryRoot of the directory structure to serve
Type: path
Default: "/var/lib/infinoted/documents/"
Declared by:
<nixpkgs/nixos/modules/services/editors/infinoted.nix>
|
services.infinoted.securityPolicyHow strictly to enforce clients connection with TLS.
Type: one of "no-tls", "allow-tls", "require-tls"
Default: "require-tls"
Declared by:
<nixpkgs/nixos/modules/services/editors/infinoted.nix>
|
services.infinoted.userWhat to call the dedicated user under which infinoted is run
Type: string
Default: "infinoted"
Declared by:
<nixpkgs/nixos/modules/services/editors/infinoted.nix>
|
services.influxdb.enableWhether to enable the influxdb server
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/databases/influxdb.nix>
|
services.influxdb.packageWhich influxdb derivation to use
Type: package
Default: pkgs.influxdb
Declared by:
<nixpkgs/nixos/modules/services/databases/influxdb.nix>
|
services.influxdb.dataDirData directory for influxd data files.
Type: path
Default: "/var/db/influxdb"
Declared by:
<nixpkgs/nixos/modules/services/databases/influxdb.nix>
|
services.influxdb.extraConfigExtra configuration options for influxdb
Type: attribute set
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/databases/influxdb.nix>
|
services.influxdb.groupGroup under which influxdb runs
Type: string
Default: "influxdb"
Declared by:
<nixpkgs/nixos/modules/services/databases/influxdb.nix>
|
services.influxdb.userUser account under which influxdb runs
Type: string
Default: "influxdb"
Declared by:
<nixpkgs/nixos/modules/services/databases/influxdb.nix>
|
services.influxdb2.enableWhether to enable the influxdb2 server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/databases/influxdb2.nix>
|
services.influxdb2.packageinfluxdb2 derivation to use.
Type: package
Default: pkgs.influxdb2
Declared by:
<nixpkgs/nixos/modules/services/databases/influxdb2.nix>
|
services.influxdb2.settingsconfiguration options for influxdb2, see https://docs.influxdata.com/influxdb/v2.0/reference/config-options for details.
Type: JSON value
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/databases/influxdb2.nix>
|
services.infnoise.enableWhether to enable the Infinite Noise TRNG driver.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/security/infnoise.nix>
|
services.infnoise.fillDevRandomWhether to run the infnoise driver as a daemon to refill /dev/random.
If disabled, you can use the infnoise command-line tool to
manually obtain randomness.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/security/infnoise.nix>
|
services.input-remapper.enableWhether to enable input-remapper, an easy to use tool to change the mapping of your input device buttons..
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/input-remapper.nix>
|
services.input-remapper.enableUdevRulesWhether to enable udev rules added by input-remapper to handle hotplugged devices. Currently disabled by default due to https://github.com/sezanzeb/input-remapper/issues/140.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/input-remapper.nix>
|
services.input-remapper.packageThe input-remapper package to use.
Type: package
Default: pkgs.input-remapper
Declared by:
<nixpkgs/nixos/modules/services/misc/input-remapper.nix>
|
services.input-remapper.serviceWantedBySpecifies the WantedBy setting for the input-remapper service.
Type: list of string
Default:
[ "graphical.target" ]
Example:
[ "multi-user.target" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/input-remapper.nix>
|
services.inspircd.enableWhether to enable InspIRCd.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/inspircd.nix>
|
services.inspircd.packageThe InspIRCd package to use. This is mainly useful
to specify an overridden version of the
pkgs.inspircd dervivation, for
example if you want to use a more minimal InspIRCd
distribution with less modules enabled or with
modules enabled which can't be distributed in binary
form due to licensing issues.
Type: package
Default: pkgs.inspircd
Example: pkgs.inspircdMinimal
Declared by:
<nixpkgs/nixos/modules/services/networking/inspircd.nix>
|
services.inspircd.configVerbatim inspircd.conf file.
For a list of options, consult the
InspIRCd documentation, the
Module documentation
and the example configuration files distributed
with pkgs.inspircd.doc
Type: strings concatenated with "\n"
Declared by:
<nixpkgs/nixos/modules/services/networking/inspircd.nix>
|
services.interception-tools.enableWhether to enable the interception tools service.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/hardware/interception-tools.nix>
|
services.interception-tools.pluginsA list of interception tools plugins that will be made available to use inside the udevmon configuration.
Type: list of package
Default: [ pkgs.interception-tools-plugins.caps2esc ]
Declared by:
<nixpkgs/nixos/modules/services/hardware/interception-tools.nix>
|
services.interception-tools.udevmonConfigString of udevmon YAML configuration, or path to a udevmon YAML configuration file.
Type: string or path
Default:
''
- JOB: "intercept -g $DEVNODE | caps2esc | uinput -d $DEVNODE"
DEVICE:
EVENTS:
EV_KEY: [KEY_CAPSLOCK, KEY_ESC]
''Example:
''
- JOB: "intercept -g $DEVNODE | y2z | x2y | uinput -d $DEVNODE"
DEVICE:
EVENTS:
EV_KEY: [KEY_X, KEY_Y]
''Declared by:
<nixpkgs/nixos/modules/services/hardware/interception-tools.nix>
|
services.invidious.enableWhether to enable Invidious.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/invidious.nix>
|
services.invidious.packageThe Invidious package to use.
Type: package
Default: pkgs.invidious
Declared by:
<nixpkgs/nixos/modules/services/web-apps/invidious.nix>
|
services.invidious.database.createLocallyWhether to create a local database with PostgreSQL.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/invidious.nix>
|
services.invidious.database.hostThe database host Invidious should use.
If null, the local unix socket is used. Otherwise
TCP is used.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/invidious.nix>
|
services.invidious.database.passwordFilePath to file containing the database password.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/invidious.nix>
|
services.invidious.database.portThe port of the database Invidious should use.
Defaults to the the default postgresql port.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: options.services.postgresql.port.default
Declared by:
<nixpkgs/nixos/modules/services/web-apps/invidious.nix>
|
services.invidious.domainThe FQDN Invidious is reachable on.
This is used to configure nginx and for building absolute URLs.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/invidious.nix>
|
services.invidious.extraSettingsFileA file including Invidious settings.
It gets merged with the settings specified in services.invidious.settings
and can be used to store secrets like hmac_key outside of the nix store.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/invidious.nix>
|
services.invidious.nginx.enableWhether to configure nginx as a reverse proxy for Invidious.
It serves it under the domain specified in services.invidious.settings.domain with enabled TLS and ACME.
Further configuration can be done through services.nginx.virtualHosts.${config.services.invidious.settings.domain}.*,
which can also be used to disable AMCE and TLS.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/invidious.nix>
|
services.invidious.portThe port Invidious should listen on.
To allow access from outside,
you can use either services.invidious.nginx
or add config.services.invidious.port to networking.firewall.allowedTCPPorts.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 3000
Declared by:
<nixpkgs/nixos/modules/services/web-apps/invidious.nix>
|
services.invidious.settingsThe settings Invidious should use.
See config.example.yml for a list of all possible options.
Type: JSON value
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/web-apps/invidious.nix>
|
services.invoiceplaneInvoicePlane configuration.
Type: submodule
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/web-apps/invoiceplane.nix>
|
services.invoiceplane.sitesSpecification of one or more WordPress sites to serve
Type: attribute set of (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/web-apps/invoiceplane.nix>
|
services.invoiceplane.sites.<name>.enableWhether to enable InvoicePlane web application.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/invoiceplane.nix>
|
services.invoiceplane.sites.<name>.cron.enableEnable cron service which periodically runs Invoiceplane tasks. Requires key taken from the administration page. Refer to https://wiki.invoiceplane.com/en/1.0/modules/recurring-invoices on how to configure it.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/invoiceplane.nix>
|
services.invoiceplane.sites.<name>.cron.keyCron key taken from the administration page.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/invoiceplane.nix>
|
services.invoiceplane.sites.<name>.database.createLocallyCreate the database and database user locally.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/invoiceplane.nix>
|
services.invoiceplane.sites.<name>.database.hostDatabase host address.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/invoiceplane.nix>
|
services.invoiceplane.sites.<name>.database.nameDatabase name.
Type: string
Default: "invoiceplane"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/invoiceplane.nix>
|
services.invoiceplane.sites.<name>.database.passwordFileA file containing the password corresponding to
database.user.
Type: null or path
Default: null
Example: "/run/keys/invoiceplane-dbpassword"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/invoiceplane.nix>
|
services.invoiceplane.sites.<name>.database.portDatabase host port.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 3306
Declared by:
<nixpkgs/nixos/modules/services/web-apps/invoiceplane.nix>
|
services.invoiceplane.sites.<name>.database.userDatabase user.
Type: string
Default: "invoiceplane"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/invoiceplane.nix>
|
services.invoiceplane.sites.<name>.extraConfigInvoicePlane configuration. Refer to https://github.com/InvoicePlane/InvoicePlane/blob/master/ipconfig.php.example for details on supported values.
Type: null or strings concatenated with "\n"
Default: null
Example:
'' SETUP_COMPLETED=true DISABLE_SETUP=true IP_URL=https://invoice.example.com ''
Declared by:
<nixpkgs/nixos/modules/services/web-apps/invoiceplane.nix>
|
services.invoiceplane.sites.<name>.invoiceTemplatesList of path(s) to respective template(s) which are copied from the 'invoice_templates/pdf' directory.
These templates need to be packaged before use, see example.
Type: list of path
Default: [ ]
Example:
let
# Let's package an example template
template-vtdirektmarketing = pkgs.stdenv.mkDerivation {
name = "vtdirektmarketing";
# Download the template from a public repository
src = pkgs.fetchgit {
url = "https://git.project-insanity.org/onny/invoiceplane-vtdirektmarketing.git";
sha256 = "1hh0q7wzsh8v8x03i82p6qrgbxr4v5fb05xylyrpp975l8axyg2z";
};
sourceRoot = ".";
# Installing simply means copying template php file to the output directory
installPhase = ""
mkdir -p $out
cp invoiceplane-vtdirektmarketing/vtdirektmarketing.php $out/
"";
};
# And then pass this package to the template list like this:
in [ template-vtdirektmarketing ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/invoiceplane.nix>
|
services.invoiceplane.sites.<name>.poolConfigOptions for the InvoicePlane PHP pool. See the documentation on php-fpm.conf
for details on configuration directives.
Type: attribute set of (string or signed integer or boolean)
Default:
{
pm = "dynamic";
"pm.max_children" = 32;
"pm.max_requests" = 500;
"pm.max_spare_servers" = 4;
"pm.min_spare_servers" = 2;
"pm.start_servers" = 2;
}Declared by:
<nixpkgs/nixos/modules/services/web-apps/invoiceplane.nix>
|
services.invoiceplane.sites.<name>.stateDirThis directory is used for uploads of attachments and cache. The directory passed here is automatically created and permissions adjusted as required.
Type: path
Default: "/var/lib/invoiceplane/‹name›"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/invoiceplane.nix>
|
services.invoiceplane.webserverWhich webserver to use for virtual host management. Currently only caddy is supported.
Type: value "caddy" (singular enum)
Default: "caddy"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/invoiceplane.nix>
|
services.iodine.clientsEach attribute of this option defines a systemd service that
runs iodine. Many or none may be defined.
The name of each service is
iodine-«name»
where «name» is the name of the
corresponding attribute name.
Type: attribute set of (submodule)
Default: { }
Example:
{
foo = {
server = "tunnel.mdomain.com";
relay = "8.8.8.8";
extraConfig = "-v";
}
}
Declared by:
<nixpkgs/nixos/modules/services/networking/iodine.nix>
|
services.iodine.clients.<name>.extraConfigAdditional command line parameters
Type: string
Default: ""
Example: "-l 192.168.1.10 -p 23"
Declared by:
<nixpkgs/nixos/modules/services/networking/iodine.nix>
|
services.iodine.clients.<name>.passwordFilePath to a file containing the password.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/iodine.nix>
|
services.iodine.clients.<name>.relayDNS server to use as an intermediate relay to the iodined server
Type: string
Default: ""
Example: "8.8.8.8"
Declared by:
<nixpkgs/nixos/modules/services/networking/iodine.nix>
|
services.iodine.clients.<name>.serverHostname of server running iodined
Type: string
Default: ""
Example: "tunnel.mydomain.com"
Declared by:
<nixpkgs/nixos/modules/services/networking/iodine.nix>
|
services.iodine.server.enableenable iodined server
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/iodine.nix>
|
services.iodine.server.domainDomain or subdomain of which nameservers point to us
Type: string
Default: ""
Example: "tunnel.mydomain.com"
Declared by:
<nixpkgs/nixos/modules/services/networking/iodine.nix>
|
services.iodine.server.extraConfigAdditional command line parameters
Type: string
Default: ""
Example: "-l 192.168.1.10 -p 23"
Declared by:
<nixpkgs/nixos/modules/services/networking/iodine.nix>
|
services.iodine.server.ipThe assigned ip address or ip range
Type: string
Default: ""
Example: "172.16.10.1/24"
Declared by:
<nixpkgs/nixos/modules/services/networking/iodine.nix>
|
services.iodine.server.passwordFileFile that contains password
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/iodine.nix>
|
services.iperf3.enableWhether to enable iperf3 network throughput testing server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/iperf3.nix>
|
services.iperf3.affinityCPU affinity for the process.
Type: null or unsigned integer, meaning >=0
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/iperf3.nix>
|
services.iperf3.authorizedUsersFilePath to the configuration file containing authorized users credentials to run iperf tests.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/iperf3.nix>
|
services.iperf3.bindBind to the specific interface associated with the given address.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/iperf3.nix>
|
services.iperf3.debugEmit debugging output.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/iperf3.nix>
|
services.iperf3.extraFlagsExtra flags to pass to iperf3(1).
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/iperf3.nix>
|
services.iperf3.forceFlushForce flushing output at every interval.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/iperf3.nix>
|
services.iperf3.openFirewallOpen ports in the firewall for iperf3.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/iperf3.nix>
|
services.iperf3.portServer port to listen on for iperf3 client requests.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 5201
Declared by:
<nixpkgs/nixos/modules/services/networking/iperf3.nix>
|
services.iperf3.rsaPrivateKeyPath to the RSA private key (not password-protected) used to decrypt authentication credentials from the client.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/iperf3.nix>
|
services.iperf3.verboseGive more detailed output.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/iperf3.nix>
|
services.ipp-usb.enableWhether to enable ipp-usb, a daemon to turn an USB printer/scanner supporting IPP everywhere (aka AirPrint, WSD, AirScan) into a locally accessible network printer/scanner.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/printing/ipp-usb.nix>
|
services.ircdHybrid.enableWhether to enable IRCD.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/ircd-hybrid/default.nix>
|
services.ircdHybrid.adminEmailIRCD server administrator e-mail.
Type: string
Default: "<bit-bucket@example.com>"
Example: "<name@domain.tld>"
Declared by:
<nixpkgs/nixos/modules/services/networking/ircd-hybrid/default.nix>
|
services.ircdHybrid.certificateIRCD server SSL certificate. There are some limitations - read manual.
Type: null or path
Default: null
Example: /root/certificates/irc.pem
Declared by:
<nixpkgs/nixos/modules/services/networking/ircd-hybrid/default.nix>
|
services.ircdHybrid.descriptionIRCD server description.
Type: string
Default: "Hybrid-7 IRC server."
Declared by:
<nixpkgs/nixos/modules/services/networking/ircd-hybrid/default.nix>
|
services.ircdHybrid.extraIPsExtra IP's to bind.
Type: list of string
Default: [ ]
Example:
[ "127.0.0.1" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/ircd-hybrid/default.nix>
|
services.ircdHybrid.extraPortExtra port to avoid filtering.
Type: string
Default: "7117"
Declared by:
<nixpkgs/nixos/modules/services/networking/ircd-hybrid/default.nix>
|
services.ircdHybrid.rsaKeyIRCD server RSA key.
Type: null or path
Default: null
Example: /root/certificates/irc.key
Declared by:
<nixpkgs/nixos/modules/services/networking/ircd-hybrid/default.nix>
|
services.ircdHybrid.serverNameIRCD server name.
Type: string
Default: "hades.arpa"
Declared by:
<nixpkgs/nixos/modules/services/networking/ircd-hybrid/default.nix>
|
services.ircdHybrid.sidIRCD server unique ID in a net of servers.
Type: string
Default: "0NL"
Declared by:
<nixpkgs/nixos/modules/services/networking/ircd-hybrid/default.nix>
|
services.irkerd.enableWhether to enable irker, an IRC notification daemon.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/irkerd.nix>
|
services.irkerd.listenAddressSpecifies the bind address on which the irker daemon listens. The default is localhost.
Irker authors strongly warn about the risks of running this on a publicly accessible interface, so change this with caution.
Type: string
Default: "localhost"
Example: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/misc/irkerd.nix>
|
services.irkerd.nickNick to use for irker
Type: string
Default: "irker"
Declared by:
<nixpkgs/nixos/modules/services/misc/irkerd.nix>
|
services.irkerd.openPortsOpen ports in the firewall for irkerd
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/irkerd.nix>
|
services.irqbalance.enableWhether to enable irqbalance daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/hardware/irqbalance.nix>
|
services.isso.enableWhether to enable A commenting server similar to Disqus.
Note: The application's author suppose to run isso behind a reverse proxy. The embedded solution offered by NixOS is also only suitable for small installations below 20 requests per second. .
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/isso.nix>
|
services.isso.settingsConfiguration for isso.
See Isso Server Configuration for supported values.
Type: attribute set of attribute set of (INI atom (null, bool, int, float or string))
Example:
{
general = {
host = "http://localhost";
};
}
Declared by:
<nixpkgs/nixos/modules/services/web-apps/isso.nix>
|
services.jack.alsa.enableRoute audio to/from generic ALSA-using applications using ALSA JACK PCM plugin.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/audio/jack.nix>
|
services.jack.alsa.support32BitWhether to support sound for 32-bit ALSA applications on 64-bit system.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/audio/jack.nix>
|
services.jack.jackd.enableWhether to enable JACK Audio Connection Kit. You need to add yourself to the "jackaudio" group .
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/audio/jack.nix>
|
services.jack.jackd.extraOptionsSpecifies startup command line arguments to pass to JACK server.
Type: list of string
Default:
[ "-dalsa" ]
Example:
[ "-dalsa" "--device" "hw:1" ];
Declared by:
<nixpkgs/nixos/modules/services/audio/jack.nix>
|
services.jack.jackd.sessionCommands to run after JACK is started.
Type: strings concatenated with "\n"
Declared by:
<nixpkgs/nixos/modules/services/audio/jack.nix>
|
services.jack.loopback.enableCreate ALSA loopback device, instead of using PCM plugin. Has broader application support (things like Steam will work), but may need fine-tuning for concrete hardware.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/audio/jack.nix>
|
services.jack.loopback.configALSA config for loopback device.
Type: strings concatenated with "\n"
Declared by:
<nixpkgs/nixos/modules/services/audio/jack.nix>
|
services.jack.loopback.dmixConfigFor music production software that still doesn't support JACK natively you would like to put buffer/period adjustments here to decrease dmix device latency.
Type: strings concatenated with "\n"
Default: ""
Example:
'' period_size 2048 periods 2 ''
Declared by:
<nixpkgs/nixos/modules/services/audio/jack.nix>
|
services.jack.loopback.indexIndex of an ALSA loopback device.
Type: signed integer
Default: 10
Declared by:
<nixpkgs/nixos/modules/services/audio/jack.nix>
|
services.jack.loopback.sessionAdditional commands to run to setup loopback device.
Type: strings concatenated with "\n"
Declared by:
<nixpkgs/nixos/modules/services/audio/jack.nix>
|
services.jackett.enableWhether to enable Jackett.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/jackett.nix>
|
services.jackett.packageJackett package to use.
Type: package
Default: pkgs.jackett
Declared by:
<nixpkgs/nixos/modules/services/misc/jackett.nix>
|
services.jackett.dataDirThe directory where Jackett stores its data files.
Type: string
Default: "/var/lib/jackett/.config/Jackett"
Declared by:
<nixpkgs/nixos/modules/services/misc/jackett.nix>
|
services.jackett.groupGroup under which Jackett runs.
Type: string
Default: "jackett"
Declared by:
<nixpkgs/nixos/modules/services/misc/jackett.nix>
|
services.jackett.openFirewallOpen ports in the firewall for the Jackett web interface.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/jackett.nix>
|
services.jackett.userUser account under which Jackett runs.
Type: string
Default: "jackett"
Declared by:
<nixpkgs/nixos/modules/services/misc/jackett.nix>
|
services.jboss.enableWhether to enable JBoss. WARNING : this package is outdated and is known to have vulnerabilities.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/jboss/default.nix>
|
services.jboss.deployDirLocation of the deployment files
Type: string
Default: "/nix/var/nix/profiles/default/server/default/deploy/"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/jboss/default.nix>
|
services.jboss.libUrlLocation where the shared library JARs are stored
Type: string
Default: "file:///nix/var/nix/profiles/default/server/default/lib"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/jboss/default.nix>
|
services.jboss.logDirLocation of the logfile directory of JBoss
Type: string
Default: "/var/log/jboss"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/jboss/default.nix>
|
services.jboss.serverDirLocation of the server instance files
Type: string
Default: "/var/jboss/server"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/jboss/default.nix>
|
services.jboss.tempDirLocation where JBoss stores its temp files
Type: string
Default: "/tmp"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/jboss/default.nix>
|
services.jboss.useJKWhether to use to connector to the Apache HTTP server
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/jboss/default.nix>
|
services.jboss.userUser account under which jboss runs.
Type: string
Default: "nobody"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/jboss/default.nix>
|
services.jellyfin.enableWhether to enable Jellyfin Media Server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/jellyfin.nix>
|
services.jellyfin.packageJellyfin package to use.
Type: package
Default: pkgs.jellyfin
Declared by:
<nixpkgs/nixos/modules/services/misc/jellyfin.nix>
|
services.jellyfin.groupGroup under which jellyfin runs.
Type: string
Default: "jellyfin"
Declared by:
<nixpkgs/nixos/modules/services/misc/jellyfin.nix>
|
services.jellyfin.openFirewallOpen the default ports in the firewall for the media server. The HTTP/HTTPS ports can be changed in the Web UI, so this option should only be used if they are unchanged.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/jellyfin.nix>
|
services.jellyfin.userUser account under which Jellyfin runs.
Type: string
Default: "jellyfin"
Declared by:
<nixpkgs/nixos/modules/services/misc/jellyfin.nix>
|
services.jenkins.enableWhether to enable the jenkins continuous integration server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/jenkins/default.nix>
|
services.jenkins.packageJenkins package to use.
Type: package
Default: pkgs.jenkins
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/jenkins/default.nix>
|
services.jenkins.packagesPackages to add to PATH for the jenkins process.
Type: list of package
Default: [ pkgs.stdenv pkgs.git pkgs.jdk17 config.programs.ssh.package pkgs.nix ]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/jenkins/default.nix>
|
services.jenkins.environmentAdditional environment variables to be passed to the jenkins process.
As a base environment, jenkins receives NIX_PATH from
environment.sessionVariables, NIX_REMOTE is set to
"daemon" and JENKINS_HOME is set to the value of
services.jenkins.home.
This option has precedence and can be used to override those
mentioned variables.
Type: attribute set of string
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/jenkins/default.nix>
|
services.jenkins.extraGroupsList of extra groups that the "jenkins" user should be a part of.
Type: list of string
Default: [ ]
Example:
[ "wheel" "dialout" ]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/jenkins/default.nix>
|
services.jenkins.extraJavaOptionsAdditional command line arguments to pass to the Java run time (as opposed to Jenkins).
Type: list of string
Default: [ ]
Example:
[ "-Xmx80m" ]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/jenkins/default.nix>
|
services.jenkins.extraOptionsAdditional command line arguments to pass to Jenkins.
Type: list of string
Default: [ ]
Example:
[ "--debug=9" ]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/jenkins/default.nix>
|
services.jenkins.groupIf the default user "jenkins" is configured then this is the primary group of that user.
Type: string
Default: "jenkins"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/jenkins/default.nix>
|
services.jenkins.homeThe path to use as JENKINS_HOME. If the default user "jenkins" is configured then this is the home of the "jenkins" user.
Type: path
Default: "/var/lib/jenkins"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/jenkins/default.nix>
|
services.jenkins.jobBuilder.enableWhether or not to enable the Jenkins Job Builder (JJB) service. It allows defining jobs for Jenkins in a declarative manner.
Jobs managed through the Jenkins WebUI (or by other means) are left unchanged.
Note that it really is declarative configuration; if you remove a previously defined job, the corresponding job directory will be deleted.
Please see the Jenkins Job Builder documentation for more info: http://docs.openstack.org/infra/jenkins-job-builder/
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/jenkins/job-builder.nix>
|
services.jenkins.jobBuilder.accessTokenUser token in Jenkins used to reload config.
WARNING: This token will be world readable in the Nix store. To keep
it secret, use the accessTokenFile option instead.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/jenkins/job-builder.nix>
|
services.jenkins.jobBuilder.accessTokenFileFile containing the API token for the accessUser
user.
Type: string
Default: "${config.services.jenkins.home}/secrets/initialAdminPassword"
Example: "/run/keys/jenkins-job-builder-access-token"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/jenkins/job-builder.nix>
|
services.jenkins.jobBuilder.accessUserUser id in Jenkins used to reload config.
Type: string
Default: "admin"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/jenkins/job-builder.nix>
|
services.jenkins.jobBuilder.jsonJobsJob descriptions for Jenkins Job Builder in JSON format.
Type: list of string
Default: [ ]
Example:
[
''
[ { "job":
{ "name": "jenkins-job-test-2",
"builders": [ "shell": "echo 'Hello world!'" ]
}
}
]
''
]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/jenkins/job-builder.nix>
|
services.jenkins.jobBuilder.nixJobsJob descriptions for Jenkins Job Builder in Nix format.
This is a trivial wrapper around jsonJobs, using builtins.toJSON behind the scene.
Type: list of (attribute set)
Default: [ ]
Example:
[ { job =
{ name = "jenkins-job-test-3";
builders = [
{ shell = "echo 'Hello world!'"; }
];
};
}
]
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/jenkins/job-builder.nix>
|
services.jenkins.jobBuilder.yamlJobsJob descriptions for Jenkins Job Builder in YAML format.
Type: strings concatenated with "\n"
Default: ""
Example:
''
- job:
name: jenkins-job-test-1
builders:
- shell: echo 'Hello world!'
''Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/jenkins/job-builder.nix>
|
services.jenkins.listenAddressSpecifies the bind address on which the jenkins HTTP interface listens. The default is the wildcard address.
Type: string
Default: "0.0.0.0"
Example: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/jenkins/default.nix>
|
services.jenkins.pluginsA set of plugins to activate. Note that this will completely
remove and replace any previously installed plugins. If you
have manually-installed plugins that you want to keep while
using this module, set this option to
null. You can generate this set with a
tool such as jenkinsPlugins2nix.
Type: null or (attribute set of package)
Default: null
Example:
import path/to/jenkinsPlugins2nix-generated-plugins.nix { inherit (pkgs) fetchurl stdenv; }
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/jenkins/default.nix>
|
services.jenkins.portSpecifies port number on which the jenkins HTTP interface listens. The default is 8080.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8080
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/jenkins/default.nix>
|
services.jenkins.prefixSpecifies a urlPrefix to use with jenkins. If the example /jenkins is given, the jenkins server will be accessible using localhost:8080/jenkins.
Type: string
Default: ""
Example: "/jenkins"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/jenkins/default.nix>
|
services.jenkins.userUser the jenkins server should execute under.
Type: string
Default: "jenkins"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/jenkins/default.nix>
|
services.jenkins.withCLIWhether to make the CLI available.
More info about the CLI available at https://www.jenkins.io/doc/book/managing/cli .
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/jenkins/default.nix>
|
services.jenkinsSlave.enableIf true the system will be configured to work as a jenkins slave. If the system is also configured to work as a jenkins master then this has no effect. In progress: Currently only assures the jenkins user is configured.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/jenkins/slave.nix>
|
services.jenkinsSlave.groupIf the default slave agent user "jenkins" is configured then this is the primary group of that user.
Type: string
Default: "jenkins"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/jenkins/slave.nix>
|
services.jenkinsSlave.homeThe path to use as JENKINS_HOME. If the default user "jenkins" is configured then this is the home of the "jenkins" user.
Type: path
Default: "/var/lib/jenkins"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/jenkins/slave.nix>
|
services.jenkinsSlave.javaPackageJava package to install.
Type: package
Default: pkgs.jdk
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/jenkins/slave.nix>
|
services.jenkinsSlave.userUser the jenkins slave agent should execute under.
Type: string
Default: "jenkins"
Declared by:
<nixpkgs/nixos/modules/services/continuous-integration/jenkins/slave.nix>
|
services.jibri.enableWhether to enable Jitsi BRoadcasting Infrastructure. Currently Jibri must be run on a host that is also running services.jitsi-meet.enable, so for most use cases it will be simpler to run services.jitsi-meet.jibri.enable.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/jibri/default.nix>
|
services.jibri.configJibri configuration. See https://github.com/jitsi/jibri/blob/master/src/main/resources/reference.conf for default configuration with comments.
Type: attribute set
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/jibri/default.nix>
|
services.jibri.finalizeScriptThis script runs when jibri finishes recording a video of a conference.
Type: path
Default:
pkgs.writeScript "finalize_recording.sh" '''' #!/bin/sh RECORDINGS_DIR=$1 echo "This is a dummy finalize script" > /tmp/finalize.out echo "The script was invoked with recordings directory $RECORDINGS_DIR." >> /tmp/finalize.out echo "You should put any finalize logic (renaming, uploading to a service" >> /tmp/finalize.out echo "or storage provider, etc.) in this script" >> /tmp/finalize.out exit 0 '''';
Example:
pkgs.writeScript "finalize_recording.sh" ''''
#!/bin/sh
RECORDINGS_DIR=$1
${pkgs.rclone}/bin/rclone copy $RECORDINGS_DIR RCLONE_REMOTE:jibri-recordings/ -v --log-file=/var/log/jitsi/jibri/recording-upload.txt
exit 0
'''';
Declared by:
<nixpkgs/nixos/modules/services/networking/jibri/default.nix>
|
services.jibri.ignoreCertWhether to enable the flag "--ignore-certificate-errors" for the Chromium browser opened by Jibri. Intended for use in automated tests or anywhere else where using a verified cert for Jitsi-Meet is not possible.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/jibri/default.nix>
|
services.jibri.xmppEnvironmentsXMPP servers to connect to.
Type: attribute set of (submodule)
Default: { }
Example:
"jitsi-meet" = {
xmppServerHosts = [ "localhost" ];
xmppDomain = config.services.jitsi-meet.hostName;
control.muc = {
domain = "internal.${config.services.jitsi-meet.hostName}";
roomName = "JibriBrewery";
nickname = "jibri";
};
control.login = {
domain = "auth.${config.services.jitsi-meet.hostName}";
username = "jibri";
passwordFile = "/var/lib/jitsi-meet/jibri-auth-secret";
};
call.login = {
domain = "recorder.${config.services.jitsi-meet.hostName}";
username = "recorder";
passwordFile = "/var/lib/jitsi-meet/jibri-recorder-secret";
};
usageTimeout = "0";
disableCertificateVerification = true;
stripFromRoomDomain = "conference.";
};
Declared by:
<nixpkgs/nixos/modules/services/networking/jibri/default.nix>
|
services.jibri.xmppEnvironments.<name>.call.login.domainThe domain part of the JID for the recorder.
Type: string
Example: "recorder.xmpp.example.org"
Declared by:
<nixpkgs/nixos/modules/services/networking/jibri/default.nix>
|
services.jibri.xmppEnvironments.<name>.call.login.passwordFileFile containing the password for the user.
Type: string
Example: "/run/keys/jibri-recorder-xmpp1"
Declared by:
<nixpkgs/nixos/modules/services/networking/jibri/default.nix>
|
services.jibri.xmppEnvironments.<name>.call.login.usernameUser part of the JID for the recorder.
Type: string
Default: "recorder"
Declared by:
<nixpkgs/nixos/modules/services/networking/jibri/default.nix>
|
services.jibri.xmppEnvironments.<name>.control.login.domainThe domain part of the JID for this Jibri instance.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/jibri/default.nix>
|
services.jibri.xmppEnvironments.<name>.control.login.passwordFileFile containing the password for the user.
Type: string
Example: "/run/keys/jibri-xmpp1"
Declared by:
<nixpkgs/nixos/modules/services/networking/jibri/default.nix>
|
services.jibri.xmppEnvironments.<name>.control.login.usernameUser part of the JID.
Type: string
Default: "jvb"
Declared by:
<nixpkgs/nixos/modules/services/networking/jibri/default.nix>
|
services.jibri.xmppEnvironments.<name>.control.muc.domainThe domain part of the MUC to connect to for control.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/jibri/default.nix>
|
services.jibri.xmppEnvironments.<name>.control.muc.nicknameThe nickname for this Jibri instance in the MUC.
Type: string
Default: "jibri"
Declared by:
<nixpkgs/nixos/modules/services/networking/jibri/default.nix>
|
services.jibri.xmppEnvironments.<name>.control.muc.roomNameThe room name of the MUC to connect to for control.
Type: string
Default: "JibriBrewery"
Declared by:
<nixpkgs/nixos/modules/services/networking/jibri/default.nix>
|
services.jibri.xmppEnvironments.<name>.disableCertificateVerificationWhether to skip validation of the server's certificate.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/jibri/default.nix>
|
services.jibri.xmppEnvironments.<name>.stripFromRoomDomainThe prefix to strip from the room's JID domain to derive the call URL.
Type: string
Default: "0"
Example: "conference."
Declared by:
<nixpkgs/nixos/modules/services/networking/jibri/default.nix>
|
services.jibri.xmppEnvironments.<name>.usageTimeoutThe duration that the Jibri session can be. A value of zero means indefinitely.
Type: string
Default: "0"
Example: "1 hour"
Declared by:
<nixpkgs/nixos/modules/services/networking/jibri/default.nix>
|
services.jibri.xmppEnvironments.<name>.xmppDomainThe base XMPP domain.
Type: string
Example: "xmpp.example.org"
Declared by:
<nixpkgs/nixos/modules/services/networking/jibri/default.nix>
|
services.jibri.xmppEnvironments.<name>.xmppServerHostsHostnames of the XMPP servers to connect to.
Type: list of string
Example:
[ "xmpp.example.org" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/jibri/default.nix>
|
services.jicofo.enableWhether to enable Jitsi Conference Focus - component of Jitsi Meet.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/jicofo.nix>
|
services.jicofo.bridgeMucJID of the internal MUC used to communicate with Videobridges.
Type: string
Example: "jvbbrewery@internal.meet.example.org"
Declared by:
<nixpkgs/nixos/modules/services/networking/jicofo.nix>
|
services.jicofo.componentPasswordFilePath to file containing component secret.
Type: string
Example: "/run/keys/jicofo-component"
Declared by:
<nixpkgs/nixos/modules/services/networking/jicofo.nix>
|
services.jicofo.configContents of the sip-communicator.properties configuration file for jicofo.
Type: attribute set of string
Default: { }
Example:
{
"org.jitsi.jicofo.auth.URL" = "XMPP:jitsi-meet.example.com";
}
Declared by:
<nixpkgs/nixos/modules/services/networking/jicofo.nix>
|
services.jicofo.userDomainDomain part of the JID for XMPP user connection.
Type: string
Example: "auth.meet.example.org"
Declared by:
<nixpkgs/nixos/modules/services/networking/jicofo.nix>
|
services.jicofo.userNameUser part of the JID for XMPP user connection.
Type: string
Default: "focus"
Declared by:
<nixpkgs/nixos/modules/services/networking/jicofo.nix>
|
services.jicofo.userPasswordFilePath to file containing password for XMPP user connection.
Type: string
Example: "/run/keys/jicofo-user"
Declared by:
<nixpkgs/nixos/modules/services/networking/jicofo.nix>
|
services.jicofo.xmppDomainDomain name of the XMMP server to which to connect as a component.
If null, xmppHost is used.
Type: null or string
Example: "meet.example.org"
Declared by:
<nixpkgs/nixos/modules/services/networking/jicofo.nix>
|
services.jicofo.xmppHostHostname of the XMPP server to connect to.
Type: string
Example: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/networking/jicofo.nix>
|
services.jira.enableWhether to enable Atlassian JIRA service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/jira.nix>
|
services.jira.packageAtlassian JIRA package to use.
Type: package
Default: pkgs.atlassian-jira
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/jira.nix>
|
services.jira.catalinaOptionsJava options to pass to catalina/tomcat.
Type: list of string
Default: [ ]
Example:
[ "-Xms1024m" "-Xmx2048m" ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/jira.nix>
|
services.jira.groupGroup which runs JIRA.
Type: string
Default: "jira"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/jira.nix>
|
services.jira.homeHome directory of the JIRA instance.
Type: string
Default: "/var/lib/jira"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/jira.nix>
|
services.jira.jrePackageNote that Atlassian only support the Oracle JRE (JRASERVER-46152).
Type: package
Default: pkgs.oraclejre8
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/jira.nix>
|
services.jira.listenAddressAddress to listen on.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/jira.nix>
|
services.jira.listenPortPort to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8091
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/jira.nix>
|
services.jira.proxy.enableWhether to enable reverse proxy support.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/jira.nix>
|
services.jira.proxy.nameVirtual hostname at the proxy
Type: string
Example: "jira.example.com"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/jira.nix>
|
services.jira.proxy.portPort used at the proxy
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 443
Example: 80
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/jira.nix>
|
services.jira.proxy.schemeProtocol used at the proxy.
Type: string
Default: "https"
Example: "http"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/jira.nix>
|
services.jira.proxy.secureWhether the connections to the proxy should be considered secure.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/jira.nix>
|
services.jira.sso.enableWhether to enable SSO with Atlassian Crowd.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/jira.nix>
|
services.jira.sso.applicationNameExact name of this JIRA instance in Crowd
Type: string
Example: "jira"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/jira.nix>
|
services.jira.sso.applicationPasswordFilePath to the file containing the application password of this JIRA instance in Crowd
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/jira.nix>
|
services.jira.sso.crowdCrowd Base URL without trailing slash
Type: string
Example: "http://localhost:8095/crowd"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/jira.nix>
|
services.jira.sso.validationIntervalSet to 0, if you want authentication checks to occur on each request. Otherwise set to the number of minutes between request to validate if the user is logged in or out of the Crowd SSO server. Setting this value to 1 or higher will increase the performance of Crowd's integration.
Type: signed integer
Default: 2
Example: 0
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/jira.nix>
|
services.jira.userUser which runs JIRA.
Type: string
Default: "jira"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/atlassian/jira.nix>
|
services.jirafeau.enableWhether to enable Jirafeau file upload application..
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
|
services.jirafeau.packageJirafeau package to use
Type: package
Default: pkgs.jirafeau
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
|
services.jirafeau.adminPasswordSha256SHA-256 of the desired administration password. Leave blank/unset for no password.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
|
services.jirafeau.dataDirLocation of Jirafeau storage directory.
Type: path
Default: "/var/lib/jirafeau/data/"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
|
services.jirafeau.extraConfigJirefeau configuration. Refer to https://gitlab.com/mojo42/Jirafeau/-/blob/4.4.0/lib/config.original.php for supported values.
Type: strings concatenated with "\n"
Default: ""
Example:
'' $cfg['style'] = 'courgette'; $cfg['organisation'] = 'ACME'; ''
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
|
services.jirafeau.hostNameURL of instance. Must have trailing slash.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
|
services.jirafeau.maxUploadSizeMegabytesMaximum upload size of accepted files.
Type: signed integer
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
|
services.jirafeau.maxUploadTimeoutTimeout for reading client request bodies and headers. Refer to http://nginx.org/en/docs/http/ngx_http_core_module.html#client_body_timeout and http://nginx.org/en/docs/http/ngx_http_core_module.html#client_header_timeout for accepted values.
Type: string
Default: "30m"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
|
services.jirafeau.nginxConfigExtra configuration for the nginx virtual host of Jirafeau.
Type: submodule
Default: { }
Example:
{
serverAliases = [ "wiki.${config.networking.domain}" ];
}
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
|
services.jirafeau.nginxConfig.enableACMEWhether to ask Let's Encrypt to sign a certificate for this vhost.
Alternately, you can use an existing certificate through useACMEHost.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
|
services.jirafeau.nginxConfig.acmeFallbackHostHost which to proxy requests to if ACME challenge is not found. Useful if you want multiple hosts to be able to verify the same domain name.
With this option, you could request certificates for the present domain with an ACME client that is running on another host, which you would specify here.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
|
services.jirafeau.nginxConfig.acmeRootDirectory for the ACME challenge, which is public. Don't put certs or keys in here. Set to null to inherit from config.security.acme.
Type: null or string
Default: "/var/lib/acme/acme-challenge"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
|
services.jirafeau.nginxConfig.addSSLWhether to enable HTTPS in addition to plain HTTP. This will set defaults for
listen to listen on all interfaces on the respective default
ports (80, 443).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
|
services.jirafeau.nginxConfig.basicAuthBasic Auth protection for a vhost.
WARNING: This is implemented to store the password in plain text in the Nix store.
Type: attribute set of string
Default: { }
Example:
{
user = "password";
};
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
|
services.jirafeau.nginxConfig.basicAuthFileBasic Auth password file for a vhost. Can be created via: htpasswd -c <filename> <username>.
WARNING: The generate file contains the users' passwords in a non-cryptographically-securely hashed way.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
|
services.jirafeau.nginxConfig.defaultMakes this vhost the default.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
|
services.jirafeau.nginxConfig.extraConfigThese lines go to the end of the vhost verbatim.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
|
services.jirafeau.nginxConfig.forceSSLWhether to add a separate nginx server block that permanently redirects (301)
all plain HTTP traffic to HTTPS. This will set defaults for
listen to listen on all interfaces on the respective default
ports (80, 443), where the non-SSL listens are used for the redirect vhosts.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
|
services.jirafeau.nginxConfig.globalRedirectIf set, all requests for this host are redirected permanently to the given hostname.
Type: null or string
Default: null
Example: "newserver.example.org"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
|
services.jirafeau.nginxConfig.http2Whether to enable HTTP 2. Note that (as of writing) due to nginx's implementation, to disable HTTP 2 you have to disable it on all vhosts that use a given IP address / port. If there is one server block configured to enable http2,then it is enabled for all server blocks on this IP. See https://stackoverflow.com/a/39466948/263061.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
|
services.jirafeau.nginxConfig.http3Whether to enable HTTP 3.
This requires using pkgs.nginxQuic package
which can be achieved by setting services.nginx.package = pkgs.nginxQuic;.
Note that HTTP 3 support is experimental and
not yet recommended for production.
Read more at https://quic.nginx.org/
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
|
services.jirafeau.nginxConfig.kTLSWhether to enable kTLS support. Implementing TLS in the kernel (kTLS) improves performance by significantly reducing the need for copying operations between user space and the kernel. Required Nginx version 1.21.4 or later.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
|
services.jirafeau.nginxConfig.listenListen addresses and ports for this virtual host.
IPv6 addresses must be enclosed in square brackets.
Note: this option overrides addSSL
and onlySSL.
If you only want to set the addresses manually and not
the ports, take a look at listenAddresses
Type: list of (submodule)
Default: [ ]
Example:
[
{
addr = "195.154.1.1";
port = 443;
ssl = true;
}
{
addr = "192.154.1.1";
port = 80;
}
]Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
|
services.jirafeau.nginxConfig.listen.*.addrIP address.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
|
services.jirafeau.nginxConfig.listen.*.extraParametersExtra parameters of this listen directive.
Type: list of string
Default: [ ]
Example:
[ "backlog=1024" "deferred" ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
|
services.jirafeau.nginxConfig.listen.*.portPort number.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 80
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
|
services.jirafeau.nginxConfig.listen.*.sslEnable SSL.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
|
services.jirafeau.nginxConfig.listenAddressesListen addresses for this virtual host.
Compared to listen this only sets the addresses
and the ports are chosen automatically.
Note: This option overrides enableIPv6
Type: list of string
Default: [ ]
Example:
[ "127.0.0.1" "[::1]" ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
|
services.jirafeau.nginxConfig.locationsDeclarative location config
Type: attribute set of (submodule)
Default: { }
Example:
{
"/" = {
proxyPass = "http://localhost:3000";
};
};
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
|
services.jirafeau.nginxConfig.locations.<name>.aliasAlias directory for requests.
Type: null or path
Default: null
Example: "/your/alias/directory"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
|
services.jirafeau.nginxConfig.locations.<name>.basicAuthBasic Auth protection for a vhost.
WARNING: This is implemented to store the password in plain text in the Nix store.
Type: attribute set of string
Default: { }
Example:
{
user = "password";
};
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
|
services.jirafeau.nginxConfig.locations.<name>.basicAuthFileBasic Auth password file for a vhost. Can be created via: htpasswd -c <filename> <username>.
WARNING: The generate file contains the users' passwords in a non-cryptographically-securely hashed way.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
|
services.jirafeau.nginxConfig.locations.<name>.extraConfigThese lines go to the end of the location verbatim.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
|
services.jirafeau.nginxConfig.locations.<name>.fastcgiParamsFastCGI parameters to override. Unlike in the Nginx configuration file, overriding only some default parameters won't unset the default values for other parameters.
Type: attribute set of (string or path)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
|
services.jirafeau.nginxConfig.locations.<name>.indexAdds index directive.
Type: null or string
Default: null
Example: "index.php index.html"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
|
services.jirafeau.nginxConfig.locations.<name>.priorityOrder of this location block in relation to the others in the vhost.
The semantics are the same as with lib.mkOrder. Smaller values have
a greater priority.
Type: signed integer
Default: 1000
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
|
services.jirafeau.nginxConfig.locations.<name>.proxyPassAdds proxy_pass directive and sets recommended proxy headers if recommendedProxySettings is enabled.
Type: null or string
Default: null
Example: "http://www.example.org/"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
|
services.jirafeau.nginxConfig.locations.<name>.proxyWebsocketsWhether to support proxying websocket connections with HTTP/1.1.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
|
services.jirafeau.nginxConfig.locations.<name>.recommendedProxySettingsEnable recommended proxy settings.
Type: boolean
Default: config.services.nginx.recommendedProxySettings
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
|
services.jirafeau.nginxConfig.locations.<name>.returnAdds a return directive, for e.g. redirections.
Type: null or string
Default: null
Example: "301 http://example.com$request_uri"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
|
services.jirafeau.nginxConfig.locations.<name>.rootRoot directory for requests.
Type: null or path
Default: null
Example: "/your/root/directory"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
|
services.jirafeau.nginxConfig.locations.<name>.tryFilesAdds try_files directive.
Type: null or string
Default: null
Example: "$uri =404"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
|
services.jirafeau.nginxConfig.onlySSLWhether to enable HTTPS and reject plain HTTP connections. This will set
defaults for listen to listen on all interfaces on port 443.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
|
services.jirafeau.nginxConfig.rejectSSLWhether to listen for and reject all HTTPS connections to this vhost. Useful in
default
server blocks to avoid serving the certificate for another vhost. Uses the
ssl_reject_handshake directive available in nginx versions
1.19.4 and above.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
|
services.jirafeau.nginxConfig.reuseportCreate an individual listening socket . It is required to specify only once on one of the hosts.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
|
services.jirafeau.nginxConfig.rootThe path of the web root directory.
Type: null or path
Default: null
Example: "/data/webserver/docs"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
|
services.jirafeau.nginxConfig.serverAliasesAdditional names of virtual hosts served by this virtual host configuration.
Type: list of string
Default: [ ]
Example:
[ "www.example.org" "example.org" ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
|
services.jirafeau.nginxConfig.serverNameName of this virtual host. Defaults to attribute name in virtualHosts.
Type: null or string
Default: null
Example: "example.org"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
|
services.jirafeau.nginxConfig.sslCertificatePath to server SSL certificate.
Type: path
Example: "/var/host.cert"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
|
services.jirafeau.nginxConfig.sslCertificateKeyPath to server SSL certificate key.
Type: path
Example: "/var/host.key"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
|
services.jirafeau.nginxConfig.sslTrustedCertificatePath to root SSL certificate for stapling and client certificates.
Type: null or path
Default: null
Example: "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
|
services.jirafeau.nginxConfig.useACMEHostA host of an existing Let's Encrypt certificate to use.
This is useful if you have many subdomains and want to avoid hitting the
rate limit.
Alternately, you can generate a certificate through enableACME.
Note that this option does not create any certificates, nor it does add subdomains to existing ones – you will need to create them manually using security.acme.certs.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
|
services.jirafeau.poolConfigOptions for Jirafeau PHP pool. See documentation on php-fpm.conf for
details on configuration directives.
Type: attribute set of (string or signed integer or boolean)
Default:
{
pm = "dynamic";
"pm.max_children" = 32;
"pm.max_requests" = 500;
"pm.max_spare_servers" = 4;
"pm.min_spare_servers" = 2;
"pm.start_servers" = 2;
}Declared by:
<nixpkgs/nixos/modules/services/web-apps/jirafeau.nix>
|
services.jitsi-meet.enableWhether to enable Jitsi Meet - Secure, Simple and Scalable Video Conferences.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jitsi-meet.nix>
|
services.jitsi-meet.caddy.enableWhether to enable Whether to enable caddy reverse proxy to expose jitsi-meet.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jitsi-meet.nix>
|
services.jitsi-meet.configClient-side web application settings that override the defaults in config.js.
See https://github.com/jitsi/jitsi-meet/blob/master/config.js for default configuration with comments.
Type: attribute set
Default: { }
Example:
{
enableWelcomePage = false;
defaultLang = "fi";
}
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jitsi-meet.nix>
|
services.jitsi-meet.extraConfigText to append to config.js web application config file.
Can be used to insert JavaScript logic to determine user's region in cascading bridges setup.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jitsi-meet.nix>
|
services.jitsi-meet.hostNameFQDN of the Jitsi Meet instance.
Type: string
Example: "meet.example.org"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jitsi-meet.nix>
|
services.jitsi-meet.interfaceConfigClient-side web-app interface settings that override the defaults in interface_config.js.
See https://github.com/jitsi/jitsi-meet/blob/master/interface_config.js for default configuration with comments.
Type: attribute set
Default: { }
Example:
{
SHOW_JITSI_WATERMARK = false;
SHOW_WATERMARK_FOR_GUESTS = false;
}
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jitsi-meet.nix>
|
services.jitsi-meet.jibri.enableWhether to enable a Jibri instance and configure it to connect to Prosody.
Additional configuration is possible with services.jibri, and
services.jibri.finalizeScript is especially useful.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jitsi-meet.nix>
|
services.jitsi-meet.jicofo.enableWhether to enable JiCoFo instance and configure it to connect to Prosody.
Additional configuration is possible with services.jicofo.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jitsi-meet.nix>
|
services.jitsi-meet.nginx.enableWhether to enable nginx virtual host that will serve the javascript application and act as
a proxy for the XMPP server. Further nginx configuration can be done by adapting
services.nginx.virtualHosts.<hostName>.
When this is enabled, ACME will be used to retrieve a TLS certificate by default. To disable
this, set the services.nginx.virtualHosts.<hostName>.enableACME to
false and if appropriate do the same for
services.nginx.virtualHosts.<hostName>.forceSSL.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jitsi-meet.nix>
|
services.jitsi-meet.prosody.enableWhether to configure Prosody to relay XMPP messages between Jitsi Meet components. Turn this off if you want to configure it manually.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jitsi-meet.nix>
|
services.jitsi-meet.videobridge.enableWhether to enable Jitsi Videobridge instance and configure it to connect to Prosody.
Additional configuration is possible with services.jitsi-videobridge.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jitsi-meet.nix>
|
services.jitsi-meet.videobridge.passwordFileFile containing password to the Prosody account for videobridge.
If null, a file with password will be generated automatically. Setting
this option is useful if you plan to connect additional videobridges to the XMPP server.
Type: null or string
Default: null
Example: "/run/keys/videobridge"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/jitsi-meet.nix>
|
services.jitsi-videobridge.enableWhether to enable Jitsi Videobridge, a WebRTC compatible video router.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/jitsi-videobridge.nix>
|
services.jitsi-videobridge.apisWhat is passed as --apis= parameter. If this is empty, "none" is passed. Needed for monitoring jitsi.
Type: list of string
Default: [ ]
Example: [ "colibri" "rest" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/jitsi-videobridge.nix>
|
services.jitsi-videobridge.configVideobridge configuration.
See https://github.com/jitsi/jitsi-videobridge/blob/master/jvb/src/main/resources/reference.conf for default configuration with comments.
Type: attribute set
Default: { }
Example:
{
videobridge = {
ice.udp.port = 5000;
websockets = {
enabled = true;
server-id = "jvb1";
};
};
}
Declared by:
<nixpkgs/nixos/modules/services/networking/jitsi-videobridge.nix>
|
services.jitsi-videobridge.extraPropertiesAdditional Java properties passed to jitsi-videobridge.
Type: attribute set of string
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/jitsi-videobridge.nix>
|
services.jitsi-videobridge.nat.localAddressLocal address when running behind NAT.
Type: null or string
Default: null
Example: "192.168.1.42"
Declared by:
<nixpkgs/nixos/modules/services/networking/jitsi-videobridge.nix>
|
services.jitsi-videobridge.nat.publicAddressPublic address when running behind NAT.
Type: null or string
Default: null
Example: "1.2.3.4"
Declared by:
<nixpkgs/nixos/modules/services/networking/jitsi-videobridge.nix>
|
services.jitsi-videobridge.openFirewallWhether to open ports in the firewall for the videobridge.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/jitsi-videobridge.nix>
|
services.jitsi-videobridge.xmppConfigsXMPP servers to connect to.
See https://github.com/jitsi/jitsi-videobridge/blob/master/doc/muc.md for more information.
Type: attribute set of (submodule)
Default: { }
Example:
{
"localhost" = {
hostName = "localhost";
userName = "jvb";
domain = "auth.xmpp.example.org";
passwordFile = "/var/lib/jitsi-meet/videobridge-secret";
mucJids = "jvbbrewery@internal.xmpp.example.org";
};
}
Declared by:
<nixpkgs/nixos/modules/services/networking/jitsi-videobridge.nix>
|
services.jitsi-videobridge.xmppConfigs.<name>.disableCertificateVerificationWhether to skip validation of the server's certificate.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/jitsi-videobridge.nix>
|
services.jitsi-videobridge.xmppConfigs.<name>.domainDomain part of JID of the XMPP user, if it is different from hostName.
Type: null or string
Default: null
Example: "auth.xmpp.example.org"
Declared by:
<nixpkgs/nixos/modules/services/networking/jitsi-videobridge.nix>
|
services.jitsi-videobridge.xmppConfigs.<name>.hostNameHostname of the XMPP server to connect to. Name of the attribute set is used by default.
Type: string
Example: "xmpp.example.org"
Declared by:
<nixpkgs/nixos/modules/services/networking/jitsi-videobridge.nix>
|
services.jitsi-videobridge.xmppConfigs.<name>.mucJidsJID of the MUC to join. JiCoFo needs to be configured to join the same MUC.
Type: string
Example: "jvbbrewery@internal.xmpp.example.org"
Declared by:
<nixpkgs/nixos/modules/services/networking/jitsi-videobridge.nix>
|
services.jitsi-videobridge.xmppConfigs.<name>.mucNicknameVideobridges use the same XMPP account and need to be distinguished by the nickname (aka resource part of the JID). By default, system hostname is used.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/jitsi-videobridge.nix>
|
services.jitsi-videobridge.xmppConfigs.<name>.passwordFileFile containing the password for the user.
Type: string
Example: "/run/keys/jitsi-videobridge-xmpp1"
Declared by:
<nixpkgs/nixos/modules/services/networking/jitsi-videobridge.nix>
|
services.jitsi-videobridge.xmppConfigs.<name>.userNameUser part of the JID.
Type: string
Default: "jvb"
Declared by:
<nixpkgs/nixos/modules/services/networking/jitsi-videobridge.nix>
|
services.jmusicbot.enableWhether to enable jmusicbot, a Discord music bot that's easy to set up and run yourself.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/audio/jmusicbot.nix>
|
services.jmusicbot.packageJMusicBot package to use
Type: package
Default: pkgs.jmusicbot
Declared by:
<nixpkgs/nixos/modules/services/audio/jmusicbot.nix>
|
services.jmusicbot.stateDirThe directory where config.txt and serversettings.json is saved. If left as the default value this directory will automatically be created before JMusicBot starts, otherwise the sysadmin is responsible for ensuring the directory exists with appropriate ownership and permissions. Untouched by the value of this option config.txt needs to be placed manually into this directory.
Type: path
Default: "/var/lib/jmusicbot/"
Declared by:
<nixpkgs/nixos/modules/services/audio/jmusicbot.nix>
|
services.journalbeat.enableWhether to enable journalbeat.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/logging/journalbeat.nix>
|
services.journalbeat.packageThe journalbeat package to use
Type: package
Default: pkgs.journalbeat
Declared by:
<nixpkgs/nixos/modules/services/logging/journalbeat.nix>
|
services.journalbeat.extraConfigAny other configuration options you want to add
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/logging/journalbeat.nix>
|
services.journalbeat.nameName of the beat
Type: string
Default: "journalbeat"
Declared by:
<nixpkgs/nixos/modules/services/logging/journalbeat.nix>
|
services.journalbeat.stateDirDirectory below /var/lib/ to store journalbeat's
own logs and other data. This directory will be created automatically
using systemd's StateDirectory mechanism.
Type: string
Default: "journalbeat"
Declared by:
<nixpkgs/nixos/modules/services/logging/journalbeat.nix>
|
services.journalbeat.tagsTags to place on the shipped log messages
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/logging/journalbeat.nix>
|
services.journald.enableHttpGatewayWhether to enable the HTTP gateway to the journal.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/journald.nix>
|
services.journald.consoleIf non-empty, write log messages to the specified TTY device.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/journald.nix>
|
services.journald.extraConfigExtra config options for systemd-journald. See man journald.conf for available options.
Type: strings concatenated with "\n"
Default: ""
Example: "Storage=volatile"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/journald.nix>
|
services.journald.forwardToSyslogWhether to forward log messages to syslog.
Type: boolean
Default: services.rsyslogd.enable || services.syslog-ng.enable
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/journald.nix>
|
services.journald.rateLimitBurstConfigures the rate limiting burst limit (number of messages per interval) that is applied to all messages generated on the system. This rate limiting is applied per-service, so that two services which log do not interfere with each other's limit.
Note that the effective rate limit is multiplied by a factor derived from the available free disk space for the journal as described on journald.conf(5).
Note that the total amount of logs stored is limited by journald settings
such as SystemMaxUse, which defaults to a 4 GB cap.
It is thus recommended to compute what period of time that you will be able to store logs for when an application logs at full burst rate. With default settings for log lines that are 100 Bytes long, this can amount to just a few hours.
Type: signed integer
Default: 10000
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/journald.nix>
|
services.journald.rateLimitIntervalConfigures the rate limiting interval that is applied to all messages generated on the system. This rate limiting is applied per-service, so that two services which log do not interfere with each other's limit. The value may be specified in the following units: s, min, h, ms, us. To turn off any kind of rate limiting, set either value to 0.
See services.journald.rateLimitBurst for important
considerations when setting this value.
Type: string
Default: "30s"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/journald.nix>
|
services.journaldriver.enableWhether to enable journaldriver to forward journald logs to Stackdriver Logging.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/logging/journaldriver.nix>
|
services.journaldriver.applicationCredentialsPath to the service account private key (in JSON-format) used to forward log entries to Stackdriver Logging on non-GCP instances.
This option is required on non-GCP machines, but should not be set on GCP instances.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/logging/journaldriver.nix>
|
services.journaldriver.googleCloudProjectConfigures the name of the Google Cloud project to which to forward journald logs.
This option is required on non-GCP machines, but should not be set on GCP instances.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/logging/journaldriver.nix>
|
services.journaldriver.logLevelLog level at which journaldriver logs its own output.
Type: string
Default: "info"
Declared by:
<nixpkgs/nixos/modules/services/logging/journaldriver.nix>
|
services.journaldriver.logNameConfigures the name of the target log in Stackdriver Logging. This option can be set to, for example, the hostname of a machine to improve the user experience in the logging overview.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/logging/journaldriver.nix>
|
services.journaldriver.logStreamConfigures the name of the Stackdriver Logging log stream into which to write journald entries.
This option is required on non-GCP machines, but should not be set on GCP instances.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/logging/journaldriver.nix>
|
services.journalwatch.enableIf enabled, periodically check the journal with journalwatch and report the results by mail.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/logging/journalwatch.nix>
|
services.journalwatch.accuracyThe time window around the interval in which the journalwatch run will be scheduled.
The format is described in systemd.time(7).
Type: string
Default: "10min"
Declared by:
<nixpkgs/nixos/modules/services/logging/journalwatch.nix>
|
services.journalwatch.extraConfigExtra lines to be added verbatim to the journalwatch/config configuration file.
You can add any commandline argument to the config, without the '--'.
See journalwatch --help for all arguments and their description.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/logging/journalwatch.nix>
|
services.journalwatch.filterBlocksfilterBlocks can be defined to blacklist journal messages which are not errors. Each block matches on a log entry field, and the filters in that block then are matched against all messages with a matching log entry field.
All messages whose PRIORITY is at least 6 (INFO) are processed by journalwatch. If you don't specify any filterBlocks, PRIORITY is reduced to 5 (NOTICE) by default.
All regular expressions are extended Python regular expressions, for details see: http://doc.pyschools.com/html/regex.html
Type: list of (submodule)
Default:
[
{
filters = ''
(Stopped|Stopping|Starting|Started) .*
(Created slice|Removed slice) user-\d*\.slice\.
Received SIGRTMIN\+24 from PID .*
(Reached target|Stopped target) .*
Startup finished in \d*ms\.
'';
match = "SYSLOG_IDENTIFIER = systemd";
}
]Example:
[
{
filters = ''
New session [a-z]?\d+ of user \w+\.
Removed session [a-z]?\d+\.
'';
match = "_SYSTEMD_UNIT = systemd-logind.service";
}
{
filters = ''
pam_unix\(crond:session\): session (opened|closed) for user \w+
\(\w+\) CMD .*
'';
match = "SYSLOG_IDENTIFIER = /(CROND|crond)/";
}
]Declared by:
<nixpkgs/nixos/modules/services/logging/journalwatch.nix>
|
services.journalwatch.filterBlocks.*.filtersThe filters to apply on all messages which satisfy match.
Any of those messages that match any specified filter will be removed from journalwatch's output.
Each filter is an extended Python regular expression.
You can specify multiple filters and separate them by newlines.
Lines starting with '#' are comments. Inline-comments are not permitted.
Type: string
Example:
'' (Stopped|Stopping|Starting|Started) .* (Reached target|Stopped target) .* ''
Declared by:
<nixpkgs/nixos/modules/services/logging/journalwatch.nix>
|
services.journalwatch.filterBlocks.*.matchSyntax: field = value
Specifies the log entry field this block should apply to.
If the field of a message matches this value,
this patternBlock's filters are applied.
If value starts and ends with a slash, it is interpreted as
an extended python regular expression, if not, it's an exact match.
The journal fields are explained in systemd.journal-fields(7).
Type: string
Example: "SYSLOG_IDENTIFIER = systemd"
Declared by:
<nixpkgs/nixos/modules/services/logging/journalwatch.nix>
|
services.journalwatch.intervalHow often to run journalwatch.
The format is described in systemd.time(7).
Type: string
Default: "hourly"
Declared by:
<nixpkgs/nixos/modules/services/logging/journalwatch.nix>
|
services.journalwatch.mailBinarySendmail-compatible binary to be used to send the messages.
Type: path
Default: "/run/wrappers/bin/sendmail"
Declared by:
<nixpkgs/nixos/modules/services/logging/journalwatch.nix>
|
services.journalwatch.mailFromMail address to send journalwatch reports from.
Type: string
Default: "journalwatch@${config.networking.hostName}"
Declared by:
<nixpkgs/nixos/modules/services/logging/journalwatch.nix>
|
services.journalwatch.mailToMail address to send journalwatch reports to.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/logging/journalwatch.nix>
|
services.journalwatch.priorityLowest priority of message to be considered.
A value between 7 ("debug"), and 0 ("emerg"). Defaults to 6 ("info").
If you don't care about anything with "info" priority, you can reduce
this to e.g. 5 ("notice") to considerably reduce the amount of
messages without needing many filterBlocks.
Type: signed integer
Default: 6
Declared by:
<nixpkgs/nixos/modules/services/logging/journalwatch.nix>
|
services.joycond.enableWhether to enable support for Nintendo Pro Controllers and Joycons.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/hardware/joycond.nix>
|
services.joycond.packageThe joycond package to use.
Type: package
Default: pkgs.joycond
Declared by:
<nixpkgs/nixos/modules/services/hardware/joycond.nix>
|
services.jupyter.enableWhether to enable Jupyter development server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/development/jupyter/default.nix>
|
services.jupyter.packageJupyter package to use.
Type: package
Default: pkgs.python3.pkgs.notebook
Declared by:
<nixpkgs/nixos/modules/services/development/jupyter/default.nix>
|
services.jupyter.commandWhich command the service runs. Note that not all jupyter packages have all commands, e.g. jupyter-lab isn't present in the default package.
Type: string
Default: "jupyter-notebook"
Example: "jupyter-lab"
Declared by:
<nixpkgs/nixos/modules/services/development/jupyter/default.nix>
|
services.jupyter.groupName of the group used to run the jupyter service. Use this if you want to create a group of users that are able to view the notebook directory's content.
Type: string
Default: "jupyter"
Example: "users"
Declared by:
<nixpkgs/nixos/modules/services/development/jupyter/default.nix>
|
services.jupyter.ipIP address Jupyter will be listening on.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/development/jupyter/default.nix>
|
services.jupyter.kernelsDeclarative kernel config.
Kernels can be declared in any language that supports and has the required dependencies to communicate with a jupyter server. In python's case, it means that ipykernel package must always be included in the list of packages of the targeted environment.
Type: null or (attribute set of (JSON value))
Default: null
Example:
{
python3 = let
env = (pkgs.python3.withPackages (pythonPackages: with pythonPackages; [
ipykernel
pandas
scikit-learn
]));
in {
displayName = "Python 3 for machine learning";
argv = [
"${env.interpreter}"
"-m"
"ipykernel_launcher"
"-f"
"{connection_file}"
];
language = "python";
logo32 = "${env.sitePackages}/ipykernel/resources/logo-32x32.png";
logo64 = "${env.sitePackages}/ipykernel/resources/logo-64x64.png";
extraPaths = {
"cool.txt" = pkgs.writeText "cool" "cool content";
};
};
}
Declared by:
<nixpkgs/nixos/modules/services/development/jupyter/default.nix>
|
services.jupyter.kernels.<name>.argvCommand and arguments to start the kernel.
Type: list of string
Example:
[
"{customEnv.interpreter}"
"-m"
"ipykernel_launcher"
"-f"
"{connection_file}"
]Declared by:
<nixpkgs/nixos/modules/services/development/jupyter/default.nix>
|
services.jupyter.kernels.<name>.displayNameName that will be shown to the user.
Type: string
Default: ""
Example:
"Python 3" "Python 3 for Data Science"
Declared by:
<nixpkgs/nixos/modules/services/development/jupyter/default.nix>
|
services.jupyter.kernels.<name>.envEnvironment variables to set for the kernel.
Type: attribute set of string
Default: { }
Example:
{
OMP_NUM_THREADS = "1";
}Declared by:
<nixpkgs/nixos/modules/services/development/jupyter/default.nix>
|
services.jupyter.kernels.<name>.extraPathsExtra paths to link in kernel directory
Type: attribute set of path
Default: { }
Example: "{ examples = ${env.sitePack}/IRkernel/kernelspec/kernel.js"; }
Declared by:
<nixpkgs/nixos/modules/services/development/jupyter/default.nix>
|
services.jupyter.kernels.<name>.languageLanguage of the environment. Typically the name of the binary.
Type: string
Example: "python"
Declared by:
<nixpkgs/nixos/modules/services/development/jupyter/default.nix>
|
services.jupyter.kernels.<name>.logo32Path to 32x32 logo png.
Type: null or path
Default: null
Example: "${env.sitePackages}/ipykernel/resources/logo-32x32.png"
Declared by:
<nixpkgs/nixos/modules/services/development/jupyter/default.nix>
|
services.jupyter.kernels.<name>.logo64Path to 64x64 logo png.
Type: null or path
Default: null
Example: "${env.sitePackages}/ipykernel/resources/logo-64x64.png"
Declared by:
<nixpkgs/nixos/modules/services/development/jupyter/default.nix>
|
services.jupyter.notebookConfigRaw jupyter config.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/development/jupyter/default.nix>
|
services.jupyter.notebookDirRoot directory for notebooks.
Type: string
Default: "~/"
Declared by:
<nixpkgs/nixos/modules/services/development/jupyter/default.nix>
|
services.jupyter.passwordPassword to use with notebook. Can be generated using: In [1]: from notebook.auth import passwd In [2]: passwd('test') Out[2]: 'sha1:1b961dc713fb:88483270a63e57d18d43cf337e629539de1436ba' NOTE: you need to keep the single quote inside the nix string. Or you can use a python oneliner: "open('/path/secret_file', 'r', encoding='utf8').read().strip()" It will be interpreted at the end of the notebookConfig.
Type: string
Example: "'sha1:1b961dc713fb:88483270a63e57d18d43cf337e629539de1436ba'"
Declared by:
<nixpkgs/nixos/modules/services/development/jupyter/default.nix>
|
services.jupyter.portPort number Jupyter will be listening on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8888
Declared by:
<nixpkgs/nixos/modules/services/development/jupyter/default.nix>
|
services.jupyter.userName of the user used to run the jupyter service. For security reason, jupyter should really not be run as root. If not set (jupyter), the service will create a jupyter user with appropriate settings.
Type: string
Default: "jupyter"
Example: "aborsu"
Declared by:
<nixpkgs/nixos/modules/services/development/jupyter/default.nix>
|
services.jupyterhub.enableWhether to enable Jupyterhub development server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/development/jupyterhub/default.nix>
|
services.jupyterhub.authenticationJupyterhub authentication to use
There are many authenticators available including: oauth, pam, ldap, kerberos, etc.
Type: string
Default: "jupyterhub.auth.PAMAuthenticator"
Declared by:
<nixpkgs/nixos/modules/services/development/jupyterhub/default.nix>
|
services.jupyterhub.extraConfigExtra contents appended to the jupyterhub configuration
Jupyterhub configuration is a normal python file using Traitlets. https://jupyterhub.readthedocs.io/en/stable/getting-started/config-basics.html. The base configuration of this module was designed to have sane defaults for configuration but you can override anything since this is a python file.
Type: strings concatenated with "\n"
Default: ""
Example:
'' c.SystemdSpawner.mem_limit = '8G' c.SystemdSpawner.cpu_limit = 2.0 ''
Declared by:
<nixpkgs/nixos/modules/services/development/jupyterhub/default.nix>
|
services.jupyterhub.hostBind IP JupyterHub will be listening on
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/development/jupyterhub/default.nix>
|
services.jupyterhub.jupyterhubEnvPython environment to run jupyterhub
Customizing will affect the packages available in the hub and proxy. This will allow packages to be available for the extraConfig that you may need. This will not normally need to be changed.
Type: package
Default:
pkgs.python3.withPackages (p: with p; [ jupyterhub jupyterhub-systemdspawner ])
Declared by:
<nixpkgs/nixos/modules/services/development/jupyterhub/default.nix>
|
services.jupyterhub.jupyterlabEnvPython environment to run jupyterlab
Customizing will affect the packages available in the jupyterlab server and the default kernel provided. This is the way to customize the jupyterlab extensions and jupyter notebook extensions. This will not normally need to be changed.
Type: package
Default:
pkgs.python3.withPackages (p: with p; [ jupyterhub jupyterlab ])
Declared by:
<nixpkgs/nixos/modules/services/development/jupyterhub/default.nix>
|
services.jupyterhub.kernelsDeclarative kernel config
Kernels can be declared in any language that supports and has the required dependencies to communicate with a jupyter server. In python's case, it means that ipykernel package must always be included in the list of packages of the targeted environment.
Type: null or (attribute set of (JSON value))
Default: null
Example:
{
python3 = let
env = (pkgs.python3.withPackages (pythonPackages: with pythonPackages; [
ipykernel
pandas
scikit-learn
]));
in {
displayName = "Python 3 for machine learning";
argv = [
"${env.interpreter}"
"-m"
"ipykernel_launcher"
"-f"
"{connection_file}"
];
language = "python";
logo32 = "${env}/${env.sitePackages}/ipykernel/resources/logo-32x32.png";
logo64 = "${env}/${env.sitePackages}/ipykernel/resources/logo-64x64.png";
};
}
Declared by:
<nixpkgs/nixos/modules/services/development/jupyterhub/default.nix>
|
services.jupyterhub.kernels.<name>.argvCommand and arguments to start the kernel.
Type: list of string
Example:
[
"{customEnv.interpreter}"
"-m"
"ipykernel_launcher"
"-f"
"{connection_file}"
]Declared by:
<nixpkgs/nixos/modules/services/development/jupyterhub/default.nix>
|
services.jupyterhub.kernels.<name>.displayNameName that will be shown to the user.
Type: string
Default: ""
Example:
"Python 3" "Python 3 for Data Science"
Declared by:
<nixpkgs/nixos/modules/services/development/jupyterhub/default.nix>
|
services.jupyterhub.kernels.<name>.envEnvironment variables to set for the kernel.
Type: attribute set of string
Default: { }
Example:
{
OMP_NUM_THREADS = "1";
}Declared by:
<nixpkgs/nixos/modules/services/development/jupyterhub/default.nix>
|
services.jupyterhub.kernels.<name>.extraPathsExtra paths to link in kernel directory
Type: attribute set of path
Default: { }
Example: "{ examples = ${env.sitePack}/IRkernel/kernelspec/kernel.js"; }
Declared by:
<nixpkgs/nixos/modules/services/development/jupyterhub/default.nix>
|
services.jupyterhub.kernels.<name>.languageLanguage of the environment. Typically the name of the binary.
Type: string
Example: "python"
Declared by:
<nixpkgs/nixos/modules/services/development/jupyterhub/default.nix>
|
services.jupyterhub.kernels.<name>.logo32Path to 32x32 logo png.
Type: null or path
Default: null
Example: "${env.sitePackages}/ipykernel/resources/logo-32x32.png"
Declared by:
<nixpkgs/nixos/modules/services/development/jupyterhub/default.nix>
|
services.jupyterhub.kernels.<name>.logo64Path to 64x64 logo png.
Type: null or path
Default: null
Example: "${env.sitePackages}/ipykernel/resources/logo-64x64.png"
Declared by:
<nixpkgs/nixos/modules/services/development/jupyterhub/default.nix>
|
services.jupyterhub.portPort number Jupyterhub will be listening on
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8000
Declared by:
<nixpkgs/nixos/modules/services/development/jupyterhub/default.nix>
|
services.jupyterhub.spawnerJupyterhub spawner to use
There are many spawners available including: local process, systemd, docker, kubernetes, yarn, batch, etc.
Type: string
Default: "systemdspawner.SystemdSpawner"
Declared by:
<nixpkgs/nixos/modules/services/development/jupyterhub/default.nix>
|
services.jupyterhub.stateDirectoryDirectory for jupyterhub state (token + database)
Type: string
Default: "jupyterhub"
Declared by:
<nixpkgs/nixos/modules/services/development/jupyterhub/default.nix>
|
services.k3s.enableWhether to enable k3s.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/cluster/k3s/default.nix>
|
services.k3s.packagePackage that should be used for k3s
Type: package
Default: pkgs.k3s
Declared by:
<nixpkgs/nixos/modules/services/cluster/k3s/default.nix>
|
services.k3s.clusterInitInitialize HA cluster using an embedded etcd datastore.
If this option is false and role is server
On a server that was using the default embedded sqlite backend, enabling this option will migrate to an embedded etcd DB.
If an HA cluster using the embedded etcd datastore was already initialized, this option has no effect.
This option only makes sense in a server that is not connecting to another server.
If you are configuring an HA cluster with an embedded etcd,
the 1st server must have clusterInit = true
and other servers must connect to it using serverAddr.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/cluster/k3s/default.nix>
|
services.k3s.configPathFile path containing the k3s YAML config. This is useful when the config is generated (for example on boot).
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/cluster/k3s/default.nix>
|
services.k3s.disableAgentOnly run the server. This option only makes sense for a server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/cluster/k3s/default.nix>
|
services.k3s.extraFlagsExtra flags to pass to the k3s command.
Type: string
Default: ""
Example: "--no-deploy traefik --cluster-cidr 10.24.0.0/16"
Declared by:
<nixpkgs/nixos/modules/services/cluster/k3s/default.nix>
|
services.k3s.roleWhether k3s should run as a server or agent.
If it's a server:
By default it also runs workloads as an agent.
Starts by default as a standalone server using an embedded sqlite datastore.
Configure clusterInit = true to switch over to embedded etcd datastore and enable HA mode.
Configure serverAddr to join an already-initialized HA cluster.
If it's an agent:
serverAddr is required.
Type: one of "server", "agent"
Default: "server"
Declared by:
<nixpkgs/nixos/modules/services/cluster/k3s/default.nix>
|
services.k3s.serverAddrThe k3s server to connect to.
Servers and agents need to communicate each other. Read the networking docs to know how to configure the firewall.
Type: string
Default: ""
Example: "https://10.0.0.10:6443"
Declared by:
<nixpkgs/nixos/modules/services/cluster/k3s/default.nix>
|
services.k3s.tokenThe k3s token to use when connecting to a server.
WARNING: This option will expose store your token unencrypted world-readable in the nix store. If this is undesired use the tokenFile option instead.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/cluster/k3s/default.nix>
|
services.k3s.tokenFileFile path containing k3s token to use when connecting to the server.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/cluster/k3s/default.nix>
|
services.kanata.enableWhether to enable kanata.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/hardware/kanata.nix>
|
services.kanata.packageThe kanata package to use.
If danger-enable-cmd is enabled in any of the keyboards, the
kanata-with-cmd package should be used.
Type: package
Default: pkgs.kanata
Example: pkgs.kanata-with-cmd
Declared by:
<nixpkgs/nixos/modules/services/hardware/kanata.nix>
|
services.kanata.keyboardsKeyboard configurations.
Type: attribute set of (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/hardware/kanata.nix>
|
services.kanata.keyboards.<name>.configConfiguration other than defcfg. See example config
files for more information.
Type: strings concatenated with "\n"
Example:
''
(defsrc
grv 1 2 3 4 5 6 7 8 9 0 - = bspc
tab q w e r t y u i o p [ ] \
caps a s d f g h j k l ; ' ret
lsft z x c v b n m , . / rsft
lctl lmet lalt spc ralt rmet rctl)
(deflayer qwerty
grv 1 2 3 4 5 6 7 8 9 0 - = bspc
tab q w e r t y u i o p [ ] \
@cap a s d f g h j k l ; ' ret
lsft z x c v b n m , . / rsft
lctl lmet lalt spc ralt rmet rctl)
(defalias
;; tap within 100ms for capslk, hold more than 100ms for lctl
cap (tap-hold 100 100 caps lctl))
''Declared by:
<nixpkgs/nixos/modules/services/hardware/kanata.nix>
|
services.kanata.keyboards.<name>.devicesPaths to keyboard devices.
To avoid unnecessary triggers of the service unit, unplug devices in the order of the list.
Type: list of string
Example:
[ "/dev/input/by-id/usb-0000_0000-event-kbd" ]
Declared by:
<nixpkgs/nixos/modules/services/hardware/kanata.nix>
|
services.kanata.keyboards.<name>.extraArgsExtra command line arguments passed to kanata.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/hardware/kanata.nix>
|
services.kanata.keyboards.<name>.extraDefCfgConfiguration of defcfg other than linux-dev. See example
config files for more information.
Type: strings concatenated with "\n"
Default: ""
Example: "danger-enable-cmd yes"
Declared by:
<nixpkgs/nixos/modules/services/hardware/kanata.nix>
|
services.kanata.keyboards.<name>.portPort to run the notification server on. null will not run the
server.
Type: null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: null
Example: 6666
Declared by:
<nixpkgs/nixos/modules/services/hardware/kanata.nix>
|
services.kanidm.enableClientWhether to enable the Kanidm client.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/security/kanidm.nix>
|
services.kanidm.enablePamWhether to enable the Kanidm PAM and NSS integration..
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/security/kanidm.nix>
|
services.kanidm.enableServerWhether to enable the Kanidm server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/security/kanidm.nix>
|
services.kanidm.clientSettingsConfigure Kanidm clients, needed for the PAM daemon. See the documentation and example configuration for possible values.
Type: TOML value
Declared by:
<nixpkgs/nixos/modules/services/security/kanidm.nix>
|
services.kanidm.clientSettings.uriAddress of the Kanidm server.
Type: string
Example: "http://127.0.0.1:8080"
Declared by:
<nixpkgs/nixos/modules/services/security/kanidm.nix>
|
services.kanidm.serverSettingsSettings for Kanidm, see the documentation and example configuration for possible values.
Type: TOML value
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/security/kanidm.nix>
|
services.kanidm.serverSettings.bindaddressAddress/port combination the webserver binds to.
Type: string
Example: "[::1]:8443"
Declared by:
<nixpkgs/nixos/modules/services/security/kanidm.nix>
|
services.kanidm.serverSettings.db_pathPath to Kanidm database.
Type: path (read only)
Default: "/var/lib/kanidm/kanidm.db"
Declared by:
<nixpkgs/nixos/modules/services/security/kanidm.nix>
|
services.kanidm.serverSettings.domainThe domain that Kanidm manages. Must be below or equal to the domain
specified in serverSettings.origin.
This can be left at null, only if your instance has the role ReadOnlyReplica.
While it is possible to change the domain later on, it requires extra steps!
Please consider the warnings and execute the steps described
in the documentation.
Type: null or string
Default: null
Example: "example.org"
Declared by:
<nixpkgs/nixos/modules/services/security/kanidm.nix>
|
services.kanidm.serverSettings.ldapbindaddressAddress and port the LDAP server is bound to. Setting this to null disables the LDAP interface.
Type: null or string
Default: null
Example: "[::1]:636"
Declared by:
<nixpkgs/nixos/modules/services/security/kanidm.nix>
|
services.kanidm.serverSettings.log_levelLog level of the server.
Type: one of "default", "verbose", "perfbasic", "perffull"
Default: "default"
Declared by:
<nixpkgs/nixos/modules/services/security/kanidm.nix>
|
services.kanidm.serverSettings.originThe origin of your Kanidm instance. Must have https as protocol.
Type: string matching the pattern ^https://.*
Example: "https://idm.example.org"
Declared by:
<nixpkgs/nixos/modules/services/security/kanidm.nix>
|
services.kanidm.serverSettings.roleThe role of this server. This affects the replication relationship and thereby available features.
Type: one of "WriteReplica", "WriteReplicaNoUI", "ReadOnlyReplica"
Default: "WriteReplica"
Declared by:
<nixpkgs/nixos/modules/services/security/kanidm.nix>
|
services.kanidm.serverSettings.tls_chainTLS chain in pem format.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/security/kanidm.nix>
|
services.kanidm.serverSettings.tls_keyTLS key in pem format.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/security/kanidm.nix>
|
services.kanidm.unixSettingsConfigure Kanidm unix daemon. See the documentation and example configuration for possible values.
Type: TOML value
Declared by:
<nixpkgs/nixos/modules/services/security/kanidm.nix>
|
services.kanidm.unixSettings.pam_allowed_login_groupsKanidm groups that are allowed to login using PAM.
Type: list of string
Example: "my_pam_group"
Declared by:
<nixpkgs/nixos/modules/services/security/kanidm.nix>
|
services.kapacitor.enableWhether to enable kapacitor.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/kapacitor.nix>
|
services.kapacitor.alerta.enableWhether to enable kapacitor alerta integration.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/kapacitor.nix>
|
services.kapacitor.alerta.environmentDefault Alerta environment
Type: string
Default: "Production"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/kapacitor.nix>
|
services.kapacitor.alerta.originDefault origin of alert
Type: string
Default: "kapacitor"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/kapacitor.nix>
|
services.kapacitor.alerta.tokenDefault Alerta authentication token
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/kapacitor.nix>
|
services.kapacitor.alerta.urlThe URL to the Alerta REST API
Type: string
Default: "http://localhost:5000"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/kapacitor.nix>
|
services.kapacitor.bindAddress to bind to. The default is to bind to all addresses
Type: string
Default: ""
Example: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/kapacitor.nix>
|
services.kapacitor.dataDirLocation where Kapacitor stores its state
Type: path
Default: "/var/lib/kapacitor"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/kapacitor.nix>
|
services.kapacitor.defaultDatabase.enableWhether to enable kapacitor.defaultDatabase.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/kapacitor.nix>
|
services.kapacitor.defaultDatabase.passwordThe password to connect to the remote InfluxDB server
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/kapacitor.nix>
|
services.kapacitor.defaultDatabase.urlThe URL to an InfluxDB server that serves as the default database
Type: string
Example: "http://localhost:8086"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/kapacitor.nix>
|
services.kapacitor.defaultDatabase.usernameThe username to connect to the remote InfluxDB server
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/kapacitor.nix>
|
services.kapacitor.extraConfigThese lines go into kapacitord.conf verbatim.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/kapacitor.nix>
|
services.kapacitor.groupGroup under which Kapacitor runs
Type: string
Default: "kapacitor"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/kapacitor.nix>
|
services.kapacitor.loadDirectoryDirectory where to load services from, such as tasks, templates and handlers (or null to disable service loading on startup)
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/kapacitor.nix>
|
services.kapacitor.portPort of Kapacitor
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9092
Declared by:
<nixpkgs/nixos/modules/services/monitoring/kapacitor.nix>
|
services.kapacitor.taskSnapshotIntervalSpecifies how often to snapshot the task state (in InfluxDB time units)
Type: string
Default: "1m0s"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/kapacitor.nix>
|
services.kapacitor.userUser account under which Kapacitor runs
Type: string
Default: "kapacitor"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/kapacitor.nix>
|
services.karma.enableWhether to enable the Karma dashboard service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/karma.nix>
|
services.karma.packageThe Karma package that should be used.
Type: package
Default: pkgs.karma
Declared by:
<nixpkgs/nixos/modules/services/monitoring/karma.nix>
|
services.karma.configFileA YAML config file which can be used to configure karma instead of the nix-generated file.
Type: path
Default: "A configuration file generated from the provided nix attributes settings option."
Example: "/etc/karma/karma.conf"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/karma.nix>
|
services.karma.environmentAdditional environment variables to provide to karma.
Type: attribute set of string
Default: { }
Example:
{
ALERTMANAGER_NAME = "single";
ALERTMANAGER_URI = "https://alertmanager.example.com";
}Declared by:
<nixpkgs/nixos/modules/services/monitoring/karma.nix>
|
services.karma.extraOptionsExtra command line options.
Type: list of string
Default: [ ]
Example:
[ "--alertmanager.timeout 10s" ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/karma.nix>
|
services.karma.openFirewallWhether to open ports in the firewall needed for karma to function.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/karma.nix>
|
services.karma.settingsKarma dashboard configuration as nix attributes.
Reference: https://github.com/prymitive/karma/blob/main/docs/CONFIGURATION.md
Type: YAML value
Default:
{
listen = {
address = "127.0.0.1";
};
}Example:
{
alertmanager = {
interval = "15s";
servers = [
{
name = "prod";
uri = "http://alertmanager.example.com";
}
];
};
listen = {
address = "192.168.1.4";
port = "8000";
prefix = "/dashboard";
};
}Declared by:
<nixpkgs/nixos/modules/services/monitoring/karma.nix>
|
services.karma.settings.listen.addressHostname or IP to listen on.
Type: string
Default: "127.0.0.1"
Example: "[::]"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/karma.nix>
|
services.karma.settings.listen.portHTTP port to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8080
Example: 8182
Declared by:
<nixpkgs/nixos/modules/services/monitoring/karma.nix>
|
services.kbfs.enableWhether to mount the Keybase filesystem.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/kbfs.nix>
|
services.kbfs.enableRedirectorWhether to enable the Keybase root redirector service, allowing
any user to access KBFS files via /keybase,
which will show different contents depending on the requester.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/kbfs.nix>
|
services.kbfs.extraFlagsAdditional flags to pass to the Keybase filesystem on launch.
Type: list of string
Default: [ ]
Example:
[ "-label kbfs" "-mount-type normal" ]
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/kbfs.nix>
|
services.kbfs.mountPointMountpoint for the Keybase filesystem.
Type: string
Default: "%h/keybase"
Example: "/keybase"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/kbfs.nix>
|
services.kea.ctrl-agentKea Control Agent configuration
Type: submodule
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/kea.nix>
|
services.kea.ctrl-agent.enableWhether to enable Kea Control Agent.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/kea.nix>
|
services.kea.ctrl-agent.configFileKea Control Agent configuration as a path, see https://kea.readthedocs.io/en/kea-2.2.0/arm/agent.html.
Takes preference over settings. Most users should prefer using settings instead.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/kea.nix>
|
services.kea.ctrl-agent.extraArgsList of additional arguments to pass to the daemon.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/kea.nix>
|
services.kea.ctrl-agent.settingsKea Control Agent configuration as an attribute set, see https://kea.readthedocs.io/en/kea-2.2.0/arm/agent.html.
Type: JSON value
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/kea.nix>
|
services.kea.dhcp-ddnsKea DHCP-DDNS configuration
Type: submodule
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/kea.nix>
|
services.kea.dhcp-ddns.enableWhether to enable Kea DDNS server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/kea.nix>
|
services.kea.dhcp-ddns.configFileKea DHCP-DDNS configuration as a path, see https://kea.readthedocs.io/en/kea-2.2.0/arm/ddns.html.
Takes preference over settings. Most users should prefer using settings instead.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/kea.nix>
|
services.kea.dhcp-ddns.extraArgsList of additional arguments to pass to the daemon.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/kea.nix>
|
services.kea.dhcp-ddns.settingsKea DHCP-DDNS configuration as an attribute set, see https://kea.readthedocs.io/en/kea-2.2.0/arm/ddns.html.
Type: JSON value
Default: null
Example:
{
dns-server-timeout = 100;
forward-ddns = {
ddns-domains = [ ];
};
ip-address = "127.0.0.1";
ncr-format = "JSON";
ncr-protocol = "UDP";
port = 53001;
reverse-ddns = {
ddns-domains = [ ];
};
tsig-keys = [ ];
}Declared by:
<nixpkgs/nixos/modules/services/networking/kea.nix>
|
services.kea.dhcp4DHCP4 Server configuration
Type: submodule
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/kea.nix>
|
services.kea.dhcp4.enableWhether to enable Kea DHCP4 server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/kea.nix>
|
services.kea.dhcp4.configFileKea DHCP4 configuration as a path, see https://kea.readthedocs.io/en/kea-2.2.0/arm/dhcp4-srv.html.
Takes preference over settings. Most users should prefer using settings instead.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/kea.nix>
|
services.kea.dhcp4.extraArgsList of additional arguments to pass to the daemon.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/kea.nix>
|
services.kea.dhcp4.settingsKea DHCP4 configuration as an attribute set, see https://kea.readthedocs.io/en/kea-2.2.0/arm/dhcp4-srv.html.
Type: JSON value
Default: null
Example:
{
interfaces-config = {
interfaces = [
"eth0"
];
};
lease-database = {
name = "/var/lib/kea/dhcp4.leases";
persist = true;
type = "memfile";
};
rebind-timer = 2000;
renew-timer = 1000;
subnet4 = [
{
pools = [
{
pool = "192.0.2.100 - 192.0.2.240";
}
];
subnet = "192.0.2.0/24";
}
];
valid-lifetime = 4000;
}Declared by:
<nixpkgs/nixos/modules/services/networking/kea.nix>
|
services.kea.dhcp6DHCP6 Server configuration
Type: submodule
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/kea.nix>
|
services.kea.dhcp6.enableWhether to enable Kea DHCP6 server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/kea.nix>
|
services.kea.dhcp6.configFileKea DHCP6 configuration as a path, see https://kea.readthedocs.io/en/kea-2.2.0/arm/dhcp6-srv.html.
Takes preference over settings. Most users should prefer using settings instead.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/kea.nix>
|
services.kea.dhcp6.extraArgsList of additional arguments to pass to the daemon.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/kea.nix>
|
services.kea.dhcp6.settingsKea DHCP6 configuration as an attribute set, see https://kea.readthedocs.io/en/kea-2.2.0/arm/dhcp6-srv.html.
Type: JSON value
Default: null
Example:
{
interfaces-config = {
interfaces = [
"eth0"
];
};
lease-database = {
name = "/var/lib/kea/dhcp6.leases";
persist = true;
type = "memfile";
};
preferred-lifetime = 3000;
rebind-timer = 2000;
renew-timer = 1000;
subnet6 = [
{
pools = [
{
pool = "2001:db8:1::1-2001:db8:1::ffff";
}
];
subnet = "2001:db8:1::/64";
}
];
valid-lifetime = 4000;
}Declared by:
<nixpkgs/nixos/modules/services/networking/kea.nix>
|
services.keepalived.enableWhether to enable Keepalived.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
|
services.keepalived.enableScriptSecurityDon't run scripts configured to be run as root if any part of the path is writable by a non-root user.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
|
services.keepalived.extraConfigExtra lines to be added verbatim to the configuration file.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
|
services.keepalived.extraGlobalDefsExtra lines to be added verbatim to the 'global_defs' block of the configuration file
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
|
services.keepalived.secretFileEnvironment variables from this file will be interpolated into the
final config file using envsubst with this syntax: $ENVIRONMENT
or ${VARIABLE}.
The file should contain lines formatted as SECRET_VAR=SECRET_VALUE.
This is useful to avoid putting secrets into the nix store.
Type: null or path
Default: null
Example: "/run/keys/keepalived.env"
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
|
services.keepalived.snmp.enableWhether to enable the builtin AgentX subagent.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
|
services.keepalived.snmp.enableCheckerEnable SNMP handling of checker element of KEEPALIVED MIB.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
|
services.keepalived.snmp.enableKeepalivedEnable SNMP handling of vrrp element of KEEPALIVED MIB.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
|
services.keepalived.snmp.enableRfcEnable SNMP handling of RFC2787 and RFC6527 VRRP MIBs.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
|
services.keepalived.snmp.enableRfcV2Enable SNMP handling of RFC2787 VRRP MIB.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
|
services.keepalived.snmp.enableRfcV3Enable SNMP handling of RFC6527 VRRP MIB.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
|
services.keepalived.snmp.enableTrapsEnable SNMP traps.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
|
services.keepalived.snmp.socketSocket to use for connecting to SNMP master agent. If this value is set to null, keepalived's default will be used, which is unix:/var/agentx/master, unless using a network namespace, when the default is udp:localhost:705.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
|
services.keepalived.vrrpInstancesDeclarative vhost config
Type: attribute set of (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
|
services.keepalived.vrrpInstances.<name>.extraConfigExtra lines to be added verbatim to the vrrp_instance section.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
|
services.keepalived.vrrpInstances.<name>.interfaceInterface for inside_network, bound by vrrp.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
|
services.keepalived.vrrpInstances.<name>.noPreemptVRRP will normally preempt a lower priority machine when a higher priority machine comes online. "nopreempt" allows the lower priority machine to maintain the master role, even when a higher priority machine comes back online. NOTE: For this to work, the initial state of this entry must be BACKUP.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
|
services.keepalived.vrrpInstances.<name>.priorityFor electing MASTER, highest priority wins. To be MASTER, make 50 more than other machines.
Type: signed integer
Default: 100
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
|
services.keepalived.vrrpInstances.<name>.stateInitial state. As soon as the other machine(s) come up, an election will be held and the machine with the highest "priority" will become MASTER. So the entry here doesn't matter a whole lot.
Type: one of "MASTER", "BACKUP"
Default: "BACKUP"
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
|
services.keepalived.vrrpInstances.<name>.trackInterfacesList of network interfaces to monitor for health tracking.
Type: list of string
Default: [ ]
Example:
[ "eth0" "eth1" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
|
services.keepalived.vrrpInstances.<name>.trackScriptsList of script names to invoke for health tracking.
Type: list of string
Default: [ ]
Example:
[ "chk_cmd1" "chk_cmd2" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
|
services.keepalived.vrrpInstances.<name>.unicastPeersDo not send VRRP adverts over VRRP multicast group. Instead it sends adverts to the following list of ip addresses using unicast design fashion. It can be cool to use VRRP FSM and features in a networking environment where multicast is not supported! IP Addresses specified can IPv4 as well as IPv6.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
|
services.keepalived.vrrpInstances.<name>.unicastSrcIpDefault IP for binding vrrpd is the primary IP on interface. If you want to hide location of vrrpd, use this IP as src_addr for unicast vrrp packets.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
|
services.keepalived.vrrpInstances.<name>.useVmacUse VRRP Virtual MAC.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
|
services.keepalived.vrrpInstances.<name>.virtualIpsDeclarative vhost config
Type: list of (submodule)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
|
services.keepalived.vrrpInstances.<name>.virtualIps.*.addrIP address, optionally with a netmask: IPADDR[/MASK]
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
|
services.keepalived.vrrpInstances.<name>.virtualIps.*.brdThe broadcast address on the interface.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
|
services.keepalived.vrrpInstances.<name>.virtualIps.*.devThe name of the device to add the address to.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
|
services.keepalived.vrrpInstances.<name>.virtualIps.*.labelEach address may be tagged with a label string. In order to preserve compatibility with Linux-2.0 net aliases, this string must coincide with the name of the device or must be prefixed with the device name followed by colon.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
|
services.keepalived.vrrpInstances.<name>.virtualIps.*.scopeThe scope of the area where this address is valid.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
|
services.keepalived.vrrpInstances.<name>.virtualRouterIdArbitrary unique number 0..255. Used to differentiate multiple instances of vrrpd running on the same NIC (and hence same socket).
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
|
services.keepalived.vrrpInstances.<name>.vmacInterfaceName of the vmac interface to use. keepalived will come up with a name if you don't specify one.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
|
services.keepalived.vrrpInstances.<name>.vmacXmitBaseSend/Recv VRRP messages from base interface instead of VMAC interface.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
|
services.keepalived.vrrpScriptsDeclarative vrrp script config
Type: attribute set of (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
|
services.keepalived.vrrpScripts.<name>.extraConfigExtra lines to be added verbatim to the vrrp_script section.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
|
services.keepalived.vrrpScripts.<name>.fallRequired number of failures for KO transition.
Type: signed integer
Default: 3
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
|
services.keepalived.vrrpScripts.<name>.groupName of group to run the script under. Defaults to user group.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
|
services.keepalived.vrrpScripts.<name>.intervalSeconds between script invocations.
Type: signed integer
Default: 1
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
|
services.keepalived.vrrpScripts.<name>.riseRequired number of successes for OK transition.
Type: signed integer
Default: 5
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
|
services.keepalived.vrrpScripts.<name>.script(Path of) Script command to execute followed by args, i.e. cmd [args]...
Type: string
Example: "${pkgs.curl} -f http://localhost:80"
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
|
services.keepalived.vrrpScripts.<name>.timeoutSeconds after which script is considered to have failed.
Type: signed integer
Default: 5
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
|
services.keepalived.vrrpScripts.<name>.userName of user to run the script under.
Type: string
Default: "keepalived_script"
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
|
services.keepalived.vrrpScripts.<name>.weightFollowing a failure, adjust the priority by this weight.
Type: signed integer
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/networking/keepalived/default.nix>
|
services.kerberos_server.enableWhether to enable the kerberos authentication server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/system/kerberos/default.nix>
|
services.kerberos_server.realmsThe realm(s) to serve keys for.
Type: attribute set of (submodule)
Declared by:
<nixpkgs/nixos/modules/services/system/kerberos/default.nix>
|
services.kerberos_server.realms.<name>.aclThe privileges granted to a user.
Type: list of (submodule)
Default:
[
{
access = "all";
principal = "*/admin";
}
{
access = "all";
principal = "admin";
}
]Declared by:
<nixpkgs/nixos/modules/services/system/kerberos/default.nix>
|
services.kerberos_server.realms.<name>.acl.*.accessThe changes the principal is allowed to make.
Type: (list of (one of "add", "cpw", "delete", "get", "list", "modify")) or value "all" (singular enum)
Default: "all"
Declared by:
<nixpkgs/nixos/modules/services/system/kerberos/default.nix>
|
services.kerberos_server.realms.<name>.acl.*.principalWhich principal the rule applies to
Type: string
Declared by:
<nixpkgs/nixos/modules/services/system/kerberos/default.nix>
|
services.kerberos_server.realms.<name>.acl.*.targetThe principals that 'access' applies to.
Type: string
Default: "*"
Declared by:
<nixpkgs/nixos/modules/services/system/kerberos/default.nix>
|
services.keter.enableWhether to enable keter, a web app deployment manager. Note that this module only support loading of webapps: Keep an old app running and swap the ports when the new one is booted. .
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-servers/keter>
|
services.keter.bundle.appNameThe name keter assigns to this bundle
Type: string
Default: "myapp"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/keter>
|
services.keter.bundle.domainThe domain keter will bind to
Type: string
Default: "example.com"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/keter>
|
services.keter.bundle.executableThe executable to be run
Type: path
Declared by:
<nixpkgs/nixos/modules/services/web-servers/keter>
|
services.keter.bundle.publicScriptAllows loading of public environment variables, these are emitted to the log so it shouldn't contain secrets.
Type: string
Default: ""
Example: "ADMIN_EMAIL=hi@example.com"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/keter>
|
services.keter.bundle.secretScriptAllows loading of private environment variables
Type: string
Default: ""
Example: "MY_AWS_KEY=$(cat /run/keys/AWS_ACCESS_KEY_ID)"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/keter>
|
services.keter.globalKeterConfigGlobal config for keter
Type: attribute set
Default:
{
ip-from-header = true;
listeners = [{
host = "*4";
port = 6981;
}];
}
Declared by:
<nixpkgs/nixos/modules/services/web-servers/keter>
|
services.keter.keterPackageThe keter package to be used
Type: package
Default: pkgs.haskellPackages.keter
Declared by:
<nixpkgs/nixos/modules/services/web-servers/keter>
|
services.keter.keterRootMutable state folder for keter
Type: string
Default: "/var/lib/keter"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/keter>
|
services.keybase.enableWhether to start the Keybase service.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/keybase.nix>
|
services.keycloak.enableWhether to enable the Keycloak identity and access management server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/keycloak.nix>
|
services.keycloak.packageKeycloak package to use.
Type: package
Default: pkgs.keycloak
Declared by:
<nixpkgs/nixos/modules/services/web-apps/keycloak.nix>
|
services.keycloak.database.caCertThe SSL / TLS CA certificate that verifies the identity of the database server.
Required when PostgreSQL is used and SSL is turned on.
For MySQL, if left at null, the default
Java keystore is used, which should suffice if the server
certificate is issued by an official CA.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/keycloak.nix>
|
services.keycloak.database.createLocallyWhether a database should be automatically created on the local host. Set this to false if you plan on provisioning a local database yourself. This has no effect if services.keycloak.database.host is customized.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/keycloak.nix>
|
services.keycloak.database.hostHostname of the database to connect to.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/keycloak.nix>
|
services.keycloak.database.nameDatabase name to use when connecting to an external or manually provisioned database; has no effect when a local database is automatically provisioned.
To use this with a local database, set services.keycloak.database.createLocally to
false and create the database and user
manually.
Type: string
Default: "keycloak"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/keycloak.nix>
|
services.keycloak.database.passwordFileThe path to a file containing the database password.
Type: path
Example: "/run/keys/db_password"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/keycloak.nix>
|
services.keycloak.database.portPort of the database to connect to.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: default port of selected database
Declared by:
<nixpkgs/nixos/modules/services/web-apps/keycloak.nix>
|
services.keycloak.database.typeThe type of database Keycloak should connect to.
Type: one of "mysql", "mariadb", "postgresql"
Default: "postgresql"
Example: "mariadb"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/keycloak.nix>
|
services.keycloak.database.useSSLWhether the database connection should be secured by SSL / TLS.
Type: boolean
Default: config.services.keycloak.database.host != "localhost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/keycloak.nix>
|
services.keycloak.database.usernameUsername to use when connecting to an external or manually provisioned database; has no effect when a local database is automatically provisioned.
To use this with a local database, set services.keycloak.database.createLocally to
false and create the database and user
manually.
Type: string
Default: "keycloak"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/keycloak.nix>
|
services.keycloak.initialAdminPasswordInitial password set for the admin
user. The password is not stored safely and should be changed
immediately in the admin panel.
Type: string
Default: "changeme"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/keycloak.nix>
|
services.keycloak.pluginsKeycloak plugin jar, ear files or derivations containing
them. Packaged plugins are available through
pkgs.keycloak.plugins.
Type: list of path
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/keycloak.nix>
|
services.keycloak.settingsConfiguration options corresponding to parameters set in
conf/keycloak.conf.
Most available options are documented at https://www.keycloak.org/server/all-config.
Options containing secret data should be set to an attribute
set containing the attribute _secret - a
string pointing to a file containing the value the option
should be set to. See the example to get a better picture of
this: in the resulting
conf/keycloak.conf file, the
https-key-store-password key will be set
to the contents of the
/run/keys/store_password file.
Type: attribute set of (null or string or signed integer or boolean or attribute set of path)
Example:
{
hostname = "keycloak.example.com";
proxy = "reencrypt";
https-key-store-file = "/path/to/file";
https-key-store-password = { _secret = "/run/keys/store_password"; };
}
Declared by:
<nixpkgs/nixos/modules/services/web-apps/keycloak.nix>
|
services.keycloak.settings.hostnameThe hostname part of the public URL used as base for all frontend requests.
See https://www.keycloak.org/server/hostname for more information about hostname configuration.
Type: string
Example: "keycloak.example.com"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/keycloak.nix>
|
services.keycloak.settings.hostname-strict-backchannelWhether Keycloak should force all requests to go through the frontend URL. By default, Keycloak allows backend requests to instead use its local hostname or IP address and may also advertise it to clients through its OpenID Connect Discovery endpoint.
See https://www.keycloak.org/server/hostname for more information about hostname configuration.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/keycloak.nix>
|
services.keycloak.settings.http-hostOn which address Keycloak should accept new connections.
Type: string
Default: "0.0.0.0"
Example: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/keycloak.nix>
|
services.keycloak.settings.http-portOn which port Keycloak should listen for new HTTP connections.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 80
Example: 8080
Declared by:
<nixpkgs/nixos/modules/services/web-apps/keycloak.nix>
|
services.keycloak.settings.http-relative-pathThe path relative to / for serving
resources.
In versions of Keycloak using Wildfly (<17),
this defaulted to /auth. If
upgrading from the Wildfly version of Keycloak,
i.e. a NixOS version before 22.05, you'll likely
want to set this to /auth to
keep compatibility with your clients.
See https://www.keycloak.org/migration/migrating-to-quarkus
for more information on migrating from Wildfly to Quarkus.
Type: string
Default: "/"
Example: "/auth"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/keycloak.nix>
|
services.keycloak.settings.https-portOn which port Keycloak should listen for new HTTPS connections.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 443
Example: 8443
Declared by:
<nixpkgs/nixos/modules/services/web-apps/keycloak.nix>
|
services.keycloak.settings.proxyThe proxy address forwarding mode if the server is behind a reverse proxy.
edge:
Enables communication through HTTP between the
proxy and Keycloak.
reencrypt:
Requires communication through HTTPS between the
proxy and Keycloak.
passthrough:
Enables communication through HTTP or HTTPS between
the proxy and Keycloak.
See https://www.keycloak.org/server/reverseproxy for more information.
Type: one of "edge", "reencrypt", "passthrough", "none"
Default: "none"
Example: "edge"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/keycloak.nix>
|
services.keycloak.sslCertificateThe path to a PEM formatted certificate to use for TLS/SSL connections.
Type: null or path
Default: null
Example: "/run/keys/ssl_cert"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/keycloak.nix>
|
services.keycloak.sslCertificateKeyThe path to a PEM formatted private key to use for TLS/SSL connections.
Type: null or path
Default: null
Example: "/run/keys/ssl_key"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/keycloak.nix>
|
services.keycloak.themesAdditional theme packages for Keycloak. Each theme is linked into subdirectory with a corresponding attribute name.
Theme packages consist of several subdirectories which provide
different theme types: for example, account,
login etc. After adding a theme to this option you
can select it by its name in Keycloak administration console.
Type: attribute set of package
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/web-apps/keycloak.nix>
|
services.kibana.enableWhether to enable kibana service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/search/kibana.nix>
|
services.kibana.packageKibana package to use
Type: package
Default: pkgs.kibana
Declared by:
<nixpkgs/nixos/modules/services/search/kibana.nix>
|
services.kibana.certKibana ssl certificate.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/search/kibana.nix>
|
services.kibana.dataDirKibana data directory
Type: path
Default: "/var/lib/kibana"
Declared by:
<nixpkgs/nixos/modules/services/search/kibana.nix>
|
services.kibana.defaultAppIdElasticsearch default application id.
Type: string
Default: "discover"
Declared by:
<nixpkgs/nixos/modules/services/search/kibana.nix>
|
services.kibana.elasticsearch.caCA file to auth against elasticsearch.
It's recommended to use the certificateAuthorities option
when using kibana-5.4 or newer.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/search/kibana.nix>
|
services.kibana.elasticsearch.certCertificate file to auth against elasticsearch.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/search/kibana.nix>
|
services.kibana.elasticsearch.certificateAuthoritiesCA files to auth against elasticsearch.
Please use the ca option when using kibana < 5.4
because those old versions don't support setting multiple CA's.
This defaults to the singleton list [ca] when the ca option is defined.
Type: list of path
Default:
if config.services.kibana.elasticsearch.ca == null then [ ] else [ ca ]
Declared by:
<nixpkgs/nixos/modules/services/search/kibana.nix>
|
services.kibana.elasticsearch.hostsThe URLs of the Elasticsearch instances to use for all your queries. All nodes listed here must be on the same cluster.
Defaults to [ "http://localhost:9200" ].
This option is only valid when using kibana >= 6.6.
Type: null or (list of string)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/search/kibana.nix>
|
services.kibana.elasticsearch.keyKey file to auth against elasticsearch.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/search/kibana.nix>
|
services.kibana.elasticsearch.passwordPassword for elasticsearch basic auth.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/search/kibana.nix>
|
services.kibana.elasticsearch.urlElasticsearch url.
Defaults to "http://localhost:9200".
Don't set this when using Kibana >= 7.0.0 because it will result in a
configuration error. Use services.kibana.elasticsearch.hosts
instead.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/search/kibana.nix>
|
services.kibana.elasticsearch.usernameUsername for elasticsearch basic auth.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/search/kibana.nix>
|
services.kibana.extraConfKibana extra configuration
Type: attribute set
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/search/kibana.nix>
|
services.kibana.indexElasticsearch index to use for saving kibana config.
Type: string
Default: ".kibana"
Declared by:
<nixpkgs/nixos/modules/services/search/kibana.nix>
|
services.kibana.keyKibana ssl key.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/search/kibana.nix>
|
services.kibana.listenAddressKibana listening host
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/search/kibana.nix>
|
services.kibana.portKibana listening port
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 5601
Declared by:
<nixpkgs/nixos/modules/services/search/kibana.nix>
|
services.klipper.enableWhether to enable Klipper, the 3D printer firmware.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/klipper.nix>
|
services.klipper.packageThe Klipper package.
Type: package
Default: pkgs.klipper
Declared by:
<nixpkgs/nixos/modules/services/misc/klipper.nix>
|
services.klipper.apiSocketPath of the API socket to create.
Type: null or path
Default: "/run/klipper/api"
Declared by:
<nixpkgs/nixos/modules/services/misc/klipper.nix>
|
services.klipper.configFilePath to default Klipper config.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/klipper.nix>
|
services.klipper.firmwaresFirmwares klipper should manage
Type: attribute set of (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/misc/klipper.nix>
|
services.klipper.firmwares.<name>.enableWhether to enable building of firmware and addition of klipper-flash tools for manual flashing.
This will add klipper-flash-$mcu scripts to your environment which can be called to flash the firmware.
.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/klipper.nix>
|
services.klipper.firmwares.<name>.configFilePath to firmware config which is generated using klipper-genconf
Type: path
Declared by:
<nixpkgs/nixos/modules/services/misc/klipper.nix>
|
services.klipper.firmwares.<name>.serialPath to serial port this printer is connected to. Leave null to derive it from service.klipper.settings.
Type: null or path
Declared by:
<nixpkgs/nixos/modules/services/misc/klipper.nix>
|
services.klipper.groupGroup account under which Klipper runs.
If null is specified (default), a temporary user will be created by systemd.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/klipper.nix>
|
services.klipper.inputTTYPath of the virtual printer symlink to create.
Type: path
Default: "/run/klipper/tty"
Declared by:
<nixpkgs/nixos/modules/services/misc/klipper.nix>
|
services.klipper.mutableConfigWhether to copy the config to a mutable directory instead of using the one directly from the nix store.
This will only copy the config if the file at services.klipper.mutableConfigPath doesn't exist.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/klipper.nix>
|
services.klipper.mutableConfigFolderPath to mutable Klipper config file.
Type: path
Default: "/var/lib/klipper"
Declared by:
<nixpkgs/nixos/modules/services/misc/klipper.nix>
|
services.klipper.octoprintIntegrationAllows Octoprint to control Klipper.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/klipper.nix>
|
services.klipper.settingsConfiguration for Klipper. See the documentation for supported values.
Type: null or (attribute set of attribute set of (INI atom (null, bool, int, float or string) or a non-empty list of them))
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/klipper.nix>
|
services.klipper.userUser account under which Klipper runs.
If null is specified (default), a temporary user will be created by systemd.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/klipper.nix>
|
services.kmscon.enableUse kmscon as the virtual console instead of gettys. kmscon is a kms/dri-based userspace virtual terminal implementation. It supports a richer feature set than the standard linux console VT, including full unicode support, and when the video card supports drm should be much faster.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/ttys/kmscon.nix>
|
services.kmscon.autologinUserUsername of the account that will be automatically logged in at the console. If unspecified, a login prompt is shown as usual.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/ttys/kmscon.nix>
|
services.kmscon.extraConfigExtra contents of the kmscon.conf file.
Type: strings concatenated with "\n"
Default: ""
Example: "font-size=14"
Declared by:
<nixpkgs/nixos/modules/services/ttys/kmscon.nix>
|
services.kmscon.extraOptionsExtra flags to pass to kmscon.
Type: strings concatenated with " "
Default: ""
Example: "--term xterm-256color"
Declared by:
<nixpkgs/nixos/modules/services/ttys/kmscon.nix>
|
services.kmscon.fontsFonts used by kmscon, in order of priority.
Type: null or (list of (submodule))
Default: null
Example: [ { name = "Source Code Pro"; package = pkgs.source-code-pro; } ]
Declared by:
<nixpkgs/nixos/modules/services/ttys/kmscon.nix>
|
services.kmscon.fonts.*.packagePackage providing the font.
Type: package
Declared by:
<nixpkgs/nixos/modules/services/ttys/kmscon.nix>
|
services.kmscon.fonts.*.nameFont name, as used by fontconfig.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/ttys/kmscon.nix>
|
services.kmscon.hwRenderWhether to use 3D hardware acceleration to render the console.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/ttys/kmscon.nix>
|
services.knot.enableWhether to enable Knot authoritative-only DNS server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/knot.nix>
|
services.knot.packageWhich Knot DNS package to use
Type: package
Default: pkgs.knot-dns
Declared by:
<nixpkgs/nixos/modules/services/networking/knot.nix>
|
services.knot.extraArgsList of additional command line parameters for knotd
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/knot.nix>
|
services.knot.extraConfigExtra lines to be added verbatim to knot.conf
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/knot.nix>
|
services.knot.keyFilesA list of files containing additional configuration to be included using the include directive. This option allows to include configuration like TSIG keys without exposing them to the nix store readable to any process. Note that using this option will also disable configuration checks at build time.
Type: list of path
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/knot.nix>
|
services.komga.enableWhether to enable Komga, a free and open source comics/mangas media server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/komga.nix>
|
services.komga.groupGroup under which Komga runs.
Type: string
Default: "komga"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/komga.nix>
|
services.komga.openFirewallWhether to open the firewall for the port in services.komga.port.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/komga.nix>
|
services.komga.portThe port that Komga will listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8080
Declared by:
<nixpkgs/nixos/modules/services/web-apps/komga.nix>
|
services.komga.stateDirState and configuration directory Komga will use.
Type: string
Default: "/var/lib/komga"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/komga.nix>
|
services.komga.userUser account under which Komga runs.
Type: string
Default: "komga"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/komga.nix>
|
services.kresd.enableWhether to enable knot-resolver domain name server.
DNSSEC validation is turned on by default.
You can run sudo nc -U /run/knot-resolver/control/1
and give commands interactively to kresd@1.service.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/kresd.nix>
|
services.kresd.packageknot-resolver package to use.
Type: package
Default: pkgs.knot-resolver
Example: pkgs.knot-resolver.override { extraFeatures = true; }
Declared by:
<nixpkgs/nixos/modules/services/networking/kresd.nix>
|
services.kresd.extraConfigExtra lines to be added verbatim to the generated configuration file.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/kresd.nix>
|
services.kresd.instancesThe number of instances to start. They will be called kresd@{1,2,...}.service. Knot Resolver uses no threads, so this is the way to scale. You can dynamically start/stop them at will, so this is just system default.
Type: unsigned integer, meaning >=0
Default: 1
Declared by:
<nixpkgs/nixos/modules/services/networking/kresd.nix>
|
services.kresd.listenDoHAddresses and ports on which kresd should provide DNS over HTTPS/2 (see RFC 8484). For detailed syntax see ListenStream in man systemd.socket.
Type: list of string
Default: [ ]
Example:
[ "198.51.100.1:443" "[2001:db8::1]:443" "443" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/kresd.nix>
|
services.kresd.listenPlainWhat addresses and ports the server should listen on. For detailed syntax see ListenStream in man systemd.socket.
Type: list of string
Default:
[ "[::1]:53" "127.0.0.1:53" ]
Example:
[ "53" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/kresd.nix>
|
services.kresd.listenTLSAddresses and ports on which kresd should provide DNS over TLS (see RFC 7858). For detailed syntax see ListenStream in man systemd.socket.
Type: list of string
Default: [ ]
Example:
[ "198.51.100.1:853" "[2001:db8::1]:853" "853" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/kresd.nix>
|
services.kthxbye.enableWhether to enable kthxbye alert acknowledgement management daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/kthxbye.nix>
|
services.kthxbye.packageThe kthxbye package that should be used.
Type: package
Default: pkgs.kthxbye
Declared by:
<nixpkgs/nixos/modules/services/monitoring/kthxbye.nix>
|
services.kthxbye.alertmanager.timeoutAlertmanager request timeout duration in the time.Duration format.
Type: string
Default: "1m0s"
Example: "30s"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/kthxbye.nix>
|
services.kthxbye.alertmanager.uriAlertmanager URI to use.
Type: string
Default: "http://localhost:9093"
Example: "https://alertmanager.example.com"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/kthxbye.nix>
|
services.kthxbye.extendByExtend silences by adding DURATION seconds.
DURATION should be provided in the time.Duration format.
Type: string
Default: "15m0s"
Example: "6h0m0s"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/kthxbye.nix>
|
services.kthxbye.extendIfExpiringInExtend silences that are about to expire in the next DURATION seconds.
DURATION should be provided in the time.Duration format.
Type: string
Default: "5m0s"
Example: "1m0s"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/kthxbye.nix>
|
services.kthxbye.extendWithPrefixExtend silences with comment starting with PREFIX string.
Type: string
Default: "ACK!"
Example: "!perma-silence"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/kthxbye.nix>
|
services.kthxbye.extraOptionsExtra command line options.
Documentation can be found here.
Type: list of string
Default: [ ]
Example:
[ "-extend-with-prefix 'ACK!'" ];
Declared by:
<nixpkgs/nixos/modules/services/monitoring/kthxbye.nix>
|
services.kthxbye.intervalSilence check interval duration in the time.Duration format.
Type: string
Default: "45s"
Example: "30s"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/kthxbye.nix>
|
services.kthxbye.listenAddressThe address to listen on for HTTP requests.
Type: string
Default: "0.0.0.0"
Example: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/kthxbye.nix>
|
services.kthxbye.logJSONFormat logged messages as JSON.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/kthxbye.nix>
|
services.kthxbye.maxDurationMaximum duration of a silence, it won't be extended anymore after reaching it.
Duration should be provided in the time.Duration format.
Type: null or string
Default: null
Example: "30d"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/kthxbye.nix>
|
services.kthxbye.openFirewallWhether to open ports in the firewall needed for the daemon to function.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/kthxbye.nix>
|
services.kthxbye.portThe port to listen on for HTTP requests.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8080
Declared by:
<nixpkgs/nixos/modules/services/monitoring/kthxbye.nix>
|
services.kubernetes.packageKubernetes package to use.
Type: package
Default: pkgs.kubernetes
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.addonManager.enableWhether to enable Kubernetes addon manager..
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/addon-manager.nix>
|
services.kubernetes.addonManager.addonsKubernetes addons (any kind of Kubernetes resource can be an addon).
Type: attribute set of ((attribute set) or list of (attribute set))
Default: { }
Example:
{
"my-service" = {
"apiVersion" = "v1";
"kind" = "Service";
"metadata" = {
"name" = "my-service";
"namespace" = "default";
};
"spec" = { ... };
};
}
// import <nixpkgs/nixos/modules/services/cluster/kubernetes/dns.nix> { cfg = config.services.kubernetes; };
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/addon-manager.nix>
|
services.kubernetes.addonManager.bootstrapAddonsBootstrap addons are like regular addons, but they are applied with cluster-admin rights. They are applied at addon-manager startup only.
Type: attribute set of (attribute set)
Default: { }
Example:
{
"my-service" = {
"apiVersion" = "v1";
"kind" = "Service";
"metadata" = {
"name" = "my-service";
"namespace" = "default";
};
"spec" = { ... };
};
}
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/addon-manager.nix>
|
services.kubernetes.addons.dns.enableWhether to enable kubernetes dns addon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/addons/dns.nix>
|
services.kubernetes.addons.dns.clusterDomainDns cluster domain
Type: string
Default: "cluster.local"
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/addons/dns.nix>
|
services.kubernetes.addons.dns.clusterIpDns addon clusterIP
Type: string
Default: The x.y.z.254 IP of
config.services.kubernetes.apiserver.serviceClusterIpRange.
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/addons/dns.nix>
|
services.kubernetes.addons.dns.corednsDocker image to seed for the CoreDNS container.
Type: attribute set
Default:
{
finalImageTag = "1.7.1";
imageDigest = "sha256:4a6e0769130686518325b21b0c1d0688b54e7c79244d48e1b15634e98e40c6ef";
imageName = "coredns/coredns";
sha256 = "02r440xcdsgi137k5lmmvp0z5w5fmk8g9mysq5pnysq1wl8sj6mw";
}Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/addons/dns.nix>
|
services.kubernetes.addons.dns.corefileCustom coredns corefile configuration.
See: https://coredns.io/manual/toc/#configuration.
Type: string
Default:
''
.:10053 {
errors
health :10054
kubernetes ${config.services.kubernetes.addons.dns.clusterDomain} in-addr.arpa ip6.arpa {
pods insecure
fallthrough in-addr.arpa ip6.arpa
}
prometheus :10055
forward . /etc/resolv.conf
cache 30
loop
reload
loadbalance
}
''
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/addons/dns.nix>
|
services.kubernetes.addons.dns.reconcileModeControls the addon manager reconciliation mode for the DNS addon.
Setting reconcile mode to EnsureExists makes it possible to tailor DNS behavior by editing the coredns ConfigMap.
See: https://github.com/kubernetes/kubernetes/blob/master/cluster/addons/addon-manager/README.md.
Type: one of "Reconcile", "EnsureExists"
Default: "Reconcile"
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/addons/dns.nix>
|
services.kubernetes.addons.dns.replicasNumber of DNS pod replicas to deploy in the cluster.
Type: signed integer
Default: 2
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/addons/dns.nix>
|
services.kubernetes.apiserver.enableWhether to enable Kubernetes apiserver.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/apiserver.nix>
|
services.kubernetes.apiserver.enableAdmissionPluginsKubernetes admission control plugins to enable. See https://kubernetes.io/docs/admin/admission-controllers/
Type: list of string
Default:
[ "NamespaceLifecycle" "LimitRanger" "ServiceAccount" "ResourceQuota" "DefaultStorageClass" "DefaultTolerationSeconds" "NodeRestriction" ]
Example:
[ "NamespaceLifecycle" "NamespaceExists" "LimitRanger" "SecurityContextDeny" "ServiceAccount" "ResourceQuota" "PodSecurityPolicy" "NodeRestriction" "DefaultStorageClass" ]
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/apiserver.nix>
|
services.kubernetes.apiserver.advertiseAddressKubernetes apiserver IP address on which to advertise the apiserver to members of the cluster. This address must be reachable by the rest of the cluster.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/apiserver.nix>
|
services.kubernetes.apiserver.allowPrivilegedWhether to allow privileged containers on Kubernetes.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/apiserver.nix>
|
services.kubernetes.apiserver.apiAudiencesKubernetes apiserver ServiceAccount issuer.
Type: string
Default: "api,https://kubernetes.default.svc"
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/apiserver.nix>
|
services.kubernetes.apiserver.authorizationModeKubernetes apiserver authorization mode (AlwaysAllow/AlwaysDeny/ABAC/Webhook/RBAC/Node). See https://kubernetes.io/docs/reference/access-authn-authz/authorization/
Type: list of (one of "AlwaysAllow", "AlwaysDeny", "ABAC", "Webhook", "RBAC", "Node")
Default:
[ "RBAC" "Node" ]
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/apiserver.nix>
|
services.kubernetes.apiserver.authorizationPolicyKubernetes apiserver authorization policy file. See https://kubernetes.io/docs/reference/access-authn-authz/authorization/
Type: list of (attribute set)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/apiserver.nix>
|
services.kubernetes.apiserver.basicAuthFileKubernetes apiserver basic authentication file. See https://kubernetes.io/docs/reference/access-authn-authz/authentication
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/apiserver.nix>
|
services.kubernetes.apiserver.bindAddressThe IP address on which to listen for the --secure-port port. The associated interface(s) must be reachable by the rest of the cluster, and by CLI/web clients.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/apiserver.nix>
|
services.kubernetes.apiserver.clientCaFileKubernetes apiserver CA file for client auth.
Type: null or path
Default: config.services.kubernetes.caFile
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/apiserver.nix>
|
services.kubernetes.apiserver.disableAdmissionPluginsKubernetes admission control plugins to disable. See https://kubernetes.io/docs/admin/admission-controllers/
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/apiserver.nix>
|
services.kubernetes.apiserver.etcd.caFileEtcd ca file.
Type: null or path
Default: config.services.kubernetes.caFile
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/apiserver.nix>
|
services.kubernetes.apiserver.etcd.certFileEtcd cert file.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/apiserver.nix>
|
services.kubernetes.apiserver.etcd.keyFileEtcd key file.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/apiserver.nix>
|
services.kubernetes.apiserver.etcd.serversList of etcd servers.
Type: list of string
Default:
[ "http://127.0.0.1:2379" ]
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/apiserver.nix>
|
services.kubernetes.apiserver.extraOptsKubernetes apiserver extra command line options.
Type: strings concatenated with " "
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/apiserver.nix>
|
services.kubernetes.apiserver.extraSANsExtra x509 Subject Alternative Names to be added to the kubernetes apiserver tls cert.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/apiserver.nix>
|
services.kubernetes.apiserver.featureGatesList set of feature gates
Type: list of string
Default: config.services.kubernetes.featureGates
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/apiserver.nix>
|
services.kubernetes.apiserver.kubeletClientCaFilePath to a cert file for connecting to kubelet.
Type: null or path
Default: config.services.kubernetes.caFile
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/apiserver.nix>
|
services.kubernetes.apiserver.kubeletClientCertFileClient certificate to use for connections to kubelet.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/apiserver.nix>
|
services.kubernetes.apiserver.kubeletClientKeyFileKey to use for connections to kubelet.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/apiserver.nix>
|
services.kubernetes.apiserver.preferredAddressTypesList of the preferred NodeAddressTypes to use for kubelet connections.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/apiserver.nix>
|
services.kubernetes.apiserver.proxyClientCertFileClient certificate to use for connections to proxy.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/apiserver.nix>
|
services.kubernetes.apiserver.proxyClientKeyFileKey to use for connections to proxy.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/apiserver.nix>
|
services.kubernetes.apiserver.runtimeConfigApi runtime configuration. See https://kubernetes.io/docs/tasks/administer-cluster/cluster-management/
Type: string
Default: "authentication.k8s.io/v1beta1=true"
Example: "api/all=false,api/v1=true"
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/apiserver.nix>
|
services.kubernetes.apiserver.securePortKubernetes apiserver secure port.
Type: signed integer
Default: 6443
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/apiserver.nix>
|
services.kubernetes.apiserver.serviceAccountIssuerKubernetes apiserver ServiceAccount issuer.
Type: string
Default: "https://kubernetes.default.svc"
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/apiserver.nix>
|
services.kubernetes.apiserver.serviceAccountKeyFileFile containing PEM-encoded x509 RSA or ECDSA private or public keys, used to verify ServiceAccount tokens. The specified file can contain multiple keys, and the flag can be specified multiple times with different files. If unspecified, --tls-private-key-file is used. Must be specified when --service-account-signing-key is provided
Type: path
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/apiserver.nix>
|
services.kubernetes.apiserver.serviceAccountSigningKeyFilePath to the file that contains the current private key of the service account token issuer. The issuer will sign issued ID tokens with this private key.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/apiserver.nix>
|
services.kubernetes.apiserver.serviceClusterIpRangeA CIDR notation IP range from which to assign service cluster IPs. This must not overlap with any IP ranges assigned to nodes for pods.
Type: string
Default: "10.0.0.0/24"
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/apiserver.nix>
|
services.kubernetes.apiserver.storageBackendKubernetes apiserver storage backend.
Type: one of "etcd2", "etcd3"
Default: "etcd3"
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/apiserver.nix>
|
services.kubernetes.apiserver.tlsCertFileKubernetes apiserver certificate file.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/apiserver.nix>
|
services.kubernetes.apiserver.tlsKeyFileKubernetes apiserver private key file.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/apiserver.nix>
|
services.kubernetes.apiserver.tokenAuthFileKubernetes apiserver token authentication file. See https://kubernetes.io/docs/reference/access-authn-authz/authentication
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/apiserver.nix>
|
services.kubernetes.apiserver.verbosityOptional glog verbosity level for logging statements. See https://github.com/kubernetes/community/blob/master/contributors/devel/logging.md
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/apiserver.nix>
|
services.kubernetes.apiserver.webhookConfigKubernetes apiserver Webhook config file. It uses the kubeconfig file format. See https://kubernetes.io/docs/reference/access-authn-authz/webhook/
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/apiserver.nix>
|
services.kubernetes.apiserverAddressClusterwide accessible address for the kubernetes apiserver, including protocol and optional port.
Type: string
Example: "https://kubernetes-apiserver.example.com:6443"
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.caFileDefault kubernetes certificate authority
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.clusterCidrKubernetes controller manager and proxy CIDR Range for Pods in cluster.
Type: null or string
Default: "10.1.0.0/16"
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.controllerManager.enableWhether to enable Kubernetes controller manager.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/controller-manager.nix>
|
services.kubernetes.controllerManager.allocateNodeCIDRsWhether to automatically allocate CIDR ranges for cluster nodes.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/controller-manager.nix>
|
services.kubernetes.controllerManager.bindAddressKubernetes controller manager listening address.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/controller-manager.nix>
|
services.kubernetes.controllerManager.clusterCidrKubernetes CIDR Range for Pods in cluster.
Type: string
Default: config.services.kubernetes.clusterCidr
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/controller-manager.nix>
|
services.kubernetes.controllerManager.extraOptsKubernetes controller manager extra command line options.
Type: strings concatenated with " "
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/controller-manager.nix>
|
services.kubernetes.controllerManager.featureGatesList set of feature gates
Type: list of string
Default: config.services.kubernetes.featureGates
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/controller-manager.nix>
|
services.kubernetes.controllerManager.kubeconfig.caFileKubernetes controller manager certificate authority file used to connect to kube-apiserver.
Type: null or path
Default: config.services.kubernetes.caFile
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/controller-manager.nix>
|
services.kubernetes.controllerManager.kubeconfig.certFileKubernetes controller manager client certificate file used to connect to kube-apiserver.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/controller-manager.nix>
|
services.kubernetes.controllerManager.kubeconfig.keyFileKubernetes controller manager client key file used to connect to kube-apiserver.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/controller-manager.nix>
|
services.kubernetes.controllerManager.kubeconfig.serverKubernetes controller manager kube-apiserver server address.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/controller-manager.nix>
|
services.kubernetes.controllerManager.leaderElectWhether to start leader election before executing main loop.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/controller-manager.nix>
|
services.kubernetes.controllerManager.rootCaFileKubernetes controller manager certificate authority file included in service account's token secret.
Type: null or path
Default: config.services.kubernetes.caFile
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/controller-manager.nix>
|
services.kubernetes.controllerManager.securePortKubernetes controller manager secure listening port.
Type: signed integer
Default: 10252
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/controller-manager.nix>
|
services.kubernetes.controllerManager.serviceAccountKeyFileKubernetes controller manager PEM-encoded private RSA key file used to sign service account tokens
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/controller-manager.nix>
|
services.kubernetes.controllerManager.tlsCertFileKubernetes controller-manager certificate file.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/controller-manager.nix>
|
services.kubernetes.controllerManager.tlsKeyFileKubernetes controller-manager private key file.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/controller-manager.nix>
|
services.kubernetes.controllerManager.verbosityOptional glog verbosity level for logging statements. See https://github.com/kubernetes/community/blob/master/contributors/devel/logging.md
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/controller-manager.nix>
|
services.kubernetes.dataDirKubernetes root directory for managing kubelet files.
Type: path
Default: "/var/lib/kubernetes"
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.easyCertsAutomatically setup x509 certificates and keys for the entire cluster.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.featureGatesList set of feature gates.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.flannel.enableWhether to enable flannel networking.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/flannel.nix>
|
services.kubernetes.kubeconfig.caFileDefault kubeconfig certificate authority file used to connect to kube-apiserver.
Type: null or path
Default: config.services.kubernetes.caFile
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.kubeconfig.certFileDefault kubeconfig client certificate file used to connect to kube-apiserver.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.kubeconfig.keyFileDefault kubeconfig client key file used to connect to kube-apiserver.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.kubeconfig.serverDefault kubeconfig kube-apiserver server address.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.kubelet.enableWhether to enable Kubernetes kubelet..
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/kubelet.nix>
|
services.kubernetes.kubelet.addressKubernetes kubelet info server listening address.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/kubelet.nix>
|
services.kubernetes.kubelet.clientCaFileKubernetes apiserver CA file for client authentication.
Type: null or path
Default: config.services.kubernetes.caFile
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/kubelet.nix>
|
services.kubernetes.kubelet.clusterDnsUse alternative DNS.
Type: string
Default: "10.1.0.1"
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/kubelet.nix>
|
services.kubernetes.kubelet.clusterDomainUse alternative domain.
Type: string
Default: config.services.kubernetes.addons.dns.clusterDomain
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/kubelet.nix>
|
services.kubernetes.kubelet.cni.packagesList of network plugin packages to install.
Type: list of package
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/kubelet.nix>
|
services.kubernetes.kubelet.cni.configKubernetes CNI configuration.
Type: list of (attribute set)
Default: [ ]
Example:
[{
"cniVersion": "0.3.1",
"name": "mynet",
"type": "bridge",
"bridge": "cni0",
"isGateway": true,
"ipMasq": true,
"ipam": {
"type": "host-local",
"subnet": "10.22.0.0/16",
"routes": [
{ "dst": "0.0.0.0/0" }
]
}
} {
"cniVersion": "0.3.1",
"type": "loopback"
}]
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/kubelet.nix>
|
services.kubernetes.kubelet.cni.configDirPath to Kubernetes CNI configuration directory.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/kubelet.nix>
|
services.kubernetes.kubelet.containerRuntimeWhich container runtime type to use
Type: one of "docker", "remote"
Default: "remote"
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/kubelet.nix>
|
services.kubernetes.kubelet.containerRuntimeEndpointEndpoint at which to find the container runtime api interface/socket
Type: string
Default: "unix:///run/containerd/containerd.sock"
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/kubelet.nix>
|
services.kubernetes.kubelet.extraOptsKubernetes kubelet extra command line options.
Type: strings concatenated with " "
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/kubelet.nix>
|
services.kubernetes.kubelet.featureGatesList set of feature gates
Type: list of string
Default: config.services.kubernetes.featureGates
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/kubelet.nix>
|
services.kubernetes.kubelet.healthz.bindKubernetes kubelet healthz listening address.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/kubelet.nix>
|
services.kubernetes.kubelet.healthz.portKubernetes kubelet healthz port.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 10248
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/kubelet.nix>
|
services.kubernetes.kubelet.hostnameKubernetes kubelet hostname override.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/kubelet.nix>
|
services.kubernetes.kubelet.kubeconfig.caFileKubelet certificate authority file used to connect to kube-apiserver.
Type: null or path
Default: config.services.kubernetes.caFile
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/kubelet.nix>
|
services.kubernetes.kubelet.kubeconfig.certFileKubelet client certificate file used to connect to kube-apiserver.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/kubelet.nix>
|
services.kubernetes.kubelet.kubeconfig.keyFileKubelet client key file used to connect to kube-apiserver.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/kubelet.nix>
|
services.kubernetes.kubelet.kubeconfig.serverKubelet kube-apiserver server address.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/kubelet.nix>
|
services.kubernetes.kubelet.manifestsList of manifests to bootstrap with kubelet (only pods can be created as manifest entry)
Type: attribute set of (attribute set)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/kubelet.nix>
|
services.kubernetes.kubelet.nodeIpIP address of the node. If set, kubelet will use this IP address for the node.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/kubelet.nix>
|
services.kubernetes.kubelet.portKubernetes kubelet info server listening port.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 10250
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/kubelet.nix>
|
services.kubernetes.kubelet.registerNodeWhether to auto register kubelet with API server.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/kubelet.nix>
|
services.kubernetes.kubelet.seedDockerImagesList of docker images to preload on system
Type: list of package
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/kubelet.nix>
|
services.kubernetes.kubelet.taintsNode taints (https://kubernetes.io/docs/concepts/configuration/assign-pod-node/).
Type: attribute set of (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/kubelet.nix>
|
services.kubernetes.kubelet.taints.<name>.effectEffect of taint.
Type: one of "NoSchedule", "PreferNoSchedule", "NoExecute"
Example: "NoSchedule"
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/kubelet.nix>
|
services.kubernetes.kubelet.taints.<name>.keyKey of taint.
Type: string
Default: Name of this submodule.
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/kubelet.nix>
|
services.kubernetes.kubelet.taints.<name>.valueValue of taint.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/kubelet.nix>
|
services.kubernetes.kubelet.tlsCertFileFile containing x509 Certificate for HTTPS.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/kubelet.nix>
|
services.kubernetes.kubelet.tlsKeyFileFile containing x509 private key matching tlsCertFile.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/kubelet.nix>
|
services.kubernetes.kubelet.unschedulableWhether to set node taint to unschedulable=true as it is the case of node that has only master role.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/kubelet.nix>
|
services.kubernetes.kubelet.verbosityOptional glog verbosity level for logging statements. See https://github.com/kubernetes/community/blob/master/contributors/devel/logging.md
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/kubelet.nix>
|
services.kubernetes.libCommon functions for the kubernetes modules.
Type: attribute set
Default:
{
mkCert = <function, args: {CN, action?, fields?, hosts?, name, privateKeyOwner?}>;
mkKubeConfig = <function>;
mkKubeConfigOptions = <function>;
}Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.masterAddressClusterwide available network address or hostname for the kubernetes master server.
Type: string
Example: "master.example.com"
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.pathPackages added to the services' PATH environment variable. Both the bin and sbin subdirectories of each package are added.
Type: list of package
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.pki.enableWhether to enable easyCert issuer service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/pki.nix>
|
services.kubernetes.pki.caCertPathPrefixPath-prefrix for the CA-certificate to be used for cfssl signing. Suffixes ".pem" and "-key.pem" will be automatically appended for the public and private keys respectively.
Type: string
Default: "${config.services.cfssl.dataDir}/ca"
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/pki.nix>
|
services.kubernetes.pki.caSpecCertificate specification for the auto-generated CAcert.
Type: attribute set
Default:
{
CN = "kubernetes-cluster-ca";
L = "auto-generated";
O = "NixOS";
OU = "services.kubernetes.pki.caSpec";
}Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/pki.nix>
|
services.kubernetes.pki.certsList of certificate specs to feed to cert generator.
Type: attribute set
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/pki.nix>
|
services.kubernetes.pki.cfsslAPIExtraSANsExtra x509 Subject Alternative Names to be added to the cfssl API webserver TLS cert.
Type: list of string
Default: [ ]
Example:
[ "subdomain.example.com" ]
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/pki.nix>
|
services.kubernetes.pki.etcClusterAdminKubeconfigSymlink a kubeconfig with cluster-admin privileges to environment path (/etc/<path>).
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/pki.nix>
|
services.kubernetes.pki.genCfsslAPICertsWhether to automatically generate cfssl API webserver TLS cert and key, if they don't exist.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/pki.nix>
|
services.kubernetes.pki.genCfsslAPITokenWhether to automatically generate cfssl API-token secret, if they doesn't exist.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/pki.nix>
|
services.kubernetes.pki.genCfsslCACertWhether to automatically generate cfssl CA certificate and key, if they don't exist.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/pki.nix>
|
services.kubernetes.pki.pkiTrustOnBootstrapWhether to always trust remote cfssl server upon initial PKI bootstrap.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/pki.nix>
|
services.kubernetes.proxy.enableWhether to enable Kubernetes proxy.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/proxy.nix>
|
services.kubernetes.proxy.bindAddressKubernetes proxy listening address.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/proxy.nix>
|
services.kubernetes.proxy.extraOptsKubernetes proxy extra command line options.
Type: strings concatenated with " "
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/proxy.nix>
|
services.kubernetes.proxy.featureGatesList set of feature gates
Type: list of string
Default: config.services.kubernetes.featureGates
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/proxy.nix>
|
services.kubernetes.proxy.hostnameKubernetes proxy hostname override.
Type: string
Default: config.networking.hostName
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/proxy.nix>
|
services.kubernetes.proxy.kubeconfig.caFileKubernetes proxy certificate authority file used to connect to kube-apiserver.
Type: null or path
Default: config.services.kubernetes.caFile
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/proxy.nix>
|
services.kubernetes.proxy.kubeconfig.certFileKubernetes proxy client certificate file used to connect to kube-apiserver.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/proxy.nix>
|
services.kubernetes.proxy.kubeconfig.keyFileKubernetes proxy client key file used to connect to kube-apiserver.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/proxy.nix>
|
services.kubernetes.proxy.kubeconfig.serverKubernetes proxy kube-apiserver server address.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/proxy.nix>
|
services.kubernetes.proxy.verbosityOptional glog verbosity level for logging statements. See https://github.com/kubernetes/community/blob/master/contributors/devel/logging.md
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/proxy.nix>
|
services.kubernetes.rolesKubernetes role that this machine should take.
Master role will enable etcd, apiserver, scheduler, controller manager addon manager, flannel and proxy services. Node role will enable flannel, docker, kubelet and proxy services.
Type: list of (one of "master", "node")
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubernetes.scheduler.enableWhether to enable Kubernetes scheduler.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/scheduler.nix>
|
services.kubernetes.scheduler.addressKubernetes scheduler listening address.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/scheduler.nix>
|
services.kubernetes.scheduler.extraOptsKubernetes scheduler extra command line options.
Type: strings concatenated with " "
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/scheduler.nix>
|
services.kubernetes.scheduler.featureGatesList set of feature gates
Type: list of string
Default: config.services.kubernetes.featureGates
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/scheduler.nix>
|
services.kubernetes.scheduler.kubeconfig.caFileKubernetes scheduler certificate authority file used to connect to kube-apiserver.
Type: null or path
Default: config.services.kubernetes.caFile
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/scheduler.nix>
|
services.kubernetes.scheduler.kubeconfig.certFileKubernetes scheduler client certificate file used to connect to kube-apiserver.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/scheduler.nix>
|
services.kubernetes.scheduler.kubeconfig.keyFileKubernetes scheduler client key file used to connect to kube-apiserver.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/scheduler.nix>
|
services.kubernetes.scheduler.kubeconfig.serverKubernetes scheduler kube-apiserver server address.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/scheduler.nix>
|
services.kubernetes.scheduler.leaderElectWhether to start leader election before executing main loop.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/scheduler.nix>
|
services.kubernetes.scheduler.portKubernetes scheduler listening port.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 10251
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/scheduler.nix>
|
services.kubernetes.scheduler.verbosityOptional glog verbosity level for logging statements. See https://github.com/kubernetes/community/blob/master/contributors/devel/logging.md
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/scheduler.nix>
|
services.kubernetes.secretsPathDefault location for kubernetes secrets. Not a store location.
Type: path
Default:
config.services.kubernetes.dataDir + "/secrets"
Declared by:
<nixpkgs/nixos/modules/services/cluster/kubernetes/default.nix>
|
services.kubo.enableWhether to enable Interplanetary File System (WARNING: may cause severe network degradation).
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/kubo.nix>
|
services.kubo.enableGCWhether to enable automatic garbage collection
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/kubo.nix>
|
services.kubo.packageWhich Kubo package to use.
Type: package
Default: pkgs.kubo
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/kubo.nix>
|
services.kubo.autoMigrateWhether Kubo should try to run the fs-repo-migration at startup.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/kubo.nix>
|
services.kubo.autoMountWhether Kubo should try to mount /ipfs and /ipns at startup.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/kubo.nix>
|
services.kubo.dataDirThe data dir for Kubo
Type: string
Default:
if versionAtLeast config.system.stateVersion "17.09" then "/var/lib/ipfs" else "/var/lib/ipfs/.ipfs"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/kubo.nix>
|
services.kubo.defaultModesystemd service that is enabled by default
Type: one of "online", "offline", "norouting"
Default: "online"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/kubo.nix>
|
services.kubo.emptyRepoIf set to true, the repo won't be initialized with help files
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/kubo.nix>
|
services.kubo.extraFlagsExtra flags passed to the Kubo daemon
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/kubo.nix>
|
services.kubo.groupGroup under which the Kubo daemon runs
Type: string
Default: "ipfs"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/kubo.nix>
|
services.kubo.ipfsMountDirWhere to mount the IPFS namespace to
Type: string
Default: "/ipfs"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/kubo.nix>
|
services.kubo.ipnsMountDirWhere to mount the IPNS namespace to
Type: string
Default: "/ipns"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/kubo.nix>
|
services.kubo.localDiscoveryWhether to enable local discovery for the Kubo daemon. This will allow Kubo to scan ports on your local network. Some hosting services will ban you if you do this.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/kubo.nix>
|
services.kubo.serviceFdlimitThe fdlimit for the Kubo systemd unit or null to have the daemon attempt to manage it
Type: null or signed integer
Default: null
Example: 65536
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/kubo.nix>
|
services.kubo.settingsAttrset of daemon configuration to set using ipfs config, every time the daemon starts. See https://github.com/ipfs/kubo/blob/master/docs/config.md for reference. Keep in mind that this configuration is stateful; i.e., unsetting anything in here does not reset the value to the default!
Type: JSON value
Default: { }
Example:
{
Bootstrap = [
"/ip4/128.199.219.111/tcp/4001/ipfs/QmSoLSafTMBsPKadTEgaXctDQVcqN88CNLHXMkTNwMKPnu"
"/ip4/162.243.248.213/tcp/4001/ipfs/QmSoLueR4xBeUbY9WZ9xGUUxunbKWcrNFTDAadQJmocnWm"
];
Datastore = {
StorageMax = "100GB";
};
Discovery = {
MDNS = {
Enabled = false;
};
};
Swarm = {
AddrFilters = null;
};
}Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/kubo.nix>
|
services.kubo.settings.Addresses.APIWhere Kubo exposes its API to
Type: string
Default: "/ip4/127.0.0.1/tcp/5001"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/kubo.nix>
|
services.kubo.settings.Addresses.GatewayWhere the IPFS Gateway can be reached
Type: string
Default: "/ip4/127.0.0.1/tcp/8080"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/kubo.nix>
|
services.kubo.settings.Addresses.SwarmWhere Kubo listens for incoming p2p connections
Type: list of string
Default:
[ "/ip4/0.0.0.0/tcp/4001" "/ip6/::/tcp/4001" "/ip4/0.0.0.0/udp/4001/quic" "/ip6/::/udp/4001/quic" ]
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/kubo.nix>
|
services.kubo.startWhenNeededWhether to use socket activation to start Kubo when needed.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/kubo.nix>
|
services.kubo.userUser under which the Kubo daemon runs
Type: string
Default: "ipfs"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/kubo.nix>
|
services.lambdabot.enableEnable the Lambdabot IRC bot
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/lambdabot.nix>
|
services.lambdabot.packageUsed lambdabot package
Type: package
Default: pkgs.lambdabot
Declared by:
<nixpkgs/nixos/modules/services/networking/lambdabot.nix>
|
services.lambdabot.scriptLambdabot script
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/lambdabot.nix>
|
services.languagetool.enableWhether to enable the LanguageTool server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/languagetool.nix>
|
services.languagetool.allowOriginSet the Access-Control-Allow-Origin header in the HTTP response,
used for direct (non-proxy) JavaScript-based access from browsers.
null to allow access from all sites.
Type: null or string
Default: null
Example: "https://my-website.org"
Declared by:
<nixpkgs/nixos/modules/services/misc/languagetool.nix>
|
services.languagetool.portPort on which LanguageTool listens.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8081
Example: 8081
Declared by:
<nixpkgs/nixos/modules/services/misc/languagetool.nix>
|
services.languagetool.publicWhether to enable access from anywhere (rather than just localhost).
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/languagetool.nix>
|
services.languagetool.settingsConfiguration file options for LanguageTool, see 'languagetool-http-server --help' for supported settings.
Type: attribute set of (string, package, bool, int or float)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/misc/languagetool.nix>
|
services.languagetool.settings.cacheSizeNumber of sentences cached.
Type: unsigned integer, meaning >=0
Default: 1000
Declared by:
<nixpkgs/nixos/modules/services/misc/languagetool.nix>
|
services.leaps.enableWhether to enable leaps.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/leaps.nix>
|
services.leaps.addressHostname or IP-address to listen to. By default it will listen on all interfaces.
Type: string
Default: ""
Example: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/misc/leaps.nix>
|
services.leaps.pathSubdirectory used for reverse proxy setups
Type: path
Default: "/"
Declared by:
<nixpkgs/nixos/modules/services/misc/leaps.nix>
|
services.leaps.portA port where leaps listens for incoming http requests
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8080
Declared by:
<nixpkgs/nixos/modules/services/misc/leaps.nix>
|
services.lemmy.enableWhether to enable lemmy a federated alternative to reddit in rust.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/lemmy.nix>
|
services.lemmy.caddy.enableWhether to enable exposing lemmy with the caddy reverse proxy.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/lemmy.nix>
|
services.lemmy.database.createLocallyWhether to enable creation of database on the instance.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/lemmy.nix>
|
services.lemmy.settingsLemmy configuration
Type: JSON value
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/web-apps/lemmy.nix>
|
services.lemmy.settings.captcha.enabledEnable Captcha.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/lemmy.nix>
|
services.lemmy.settings.captcha.difficultyThe difficultly of the captcha to solve.
Type: one of "easy", "medium", "hard"
Default: "medium"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/lemmy.nix>
|
services.lemmy.settings.federation.enabledWhether to enable activitypub federation.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/lemmy.nix>
|
services.lemmy.settings.hostnameThe domain name of your instance (eg 'lemmy.ml').
Type: string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/lemmy.nix>
|
services.lemmy.settings.portPort where lemmy should listen for incoming requests.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8536
Declared by:
<nixpkgs/nixos/modules/services/web-apps/lemmy.nix>
|
services.lemmy.ui.portPort where lemmy-ui should listen for incoming requests.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 1234
Declared by:
<nixpkgs/nixos/modules/services/web-apps/lemmy.nix>
|
services.libreddit.enableWhether to enable Private front-end for Reddit.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/libreddit.nix>
|
services.libreddit.packageLibreddit package to use.
Type: package
Default: pkgs.libreddit
Declared by:
<nixpkgs/nixos/modules/services/misc/libreddit.nix>
|
services.libreddit.addressThe address to listen on
Type: string
Default: "0.0.0.0"
Example: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/misc/libreddit.nix>
|
services.libreddit.openFirewallOpen ports in the firewall for the libreddit web interface
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/libreddit.nix>
|
services.libreddit.portThe port to listen on
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8080
Example: 8000
Declared by:
<nixpkgs/nixos/modules/services/misc/libreddit.nix>
|
services.libreswan.enableWhether to enable Libreswan IPsec service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/libreswan.nix>
|
services.libreswan.configSetupOptions to go in the 'config setup' section of the Libreswan IPsec configuration
Type: strings concatenated with "\n"
Default:
'' protostack=netkey virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v4:100.64.0.0/10,%v6:fd00::/8,%v6:fe80::/10 ''
Example:
'' secretsfile=/root/ipsec.secrets protostack=netkey virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v4:100.64.0.0/10,%v6:fd00::/8,%v6:fe80::/10 ''
Declared by:
<nixpkgs/nixos/modules/services/networking/libreswan.nix>
|
services.libreswan.connectionsA set of connections to define for the Libreswan IPsec service
Type: attribute set of strings concatenated with "\n"
Default: { }
Example:
{ myconnection = ''
auto=add
left=%defaultroute
leftid=@user
right=my.vpn.com
ikev2=no
ikelifetime=8h
'';
}
Declared by:
<nixpkgs/nixos/modules/services/networking/libreswan.nix>
|
services.libreswan.disableRedirectsWhether to disable send and accept redirects for all network interfaces. See the Libreswan FAQ page for why this is recommended.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/libreswan.nix>
|
services.libreswan.policiesA set of policies to apply to the IPsec connections.
The policy name must match the one of connection it needs to apply to.
Type: attribute set of strings concatenated with "\n"
Default: { }
Example:
{ private-or-clear = ''
# Attempt opportunistic IPsec for the entire Internet
0.0.0.0/0
::/0
'';
}
Declared by:
<nixpkgs/nixos/modules/services/networking/libreswan.nix>
|
services.lidarr.enableWhether to enable Lidarr.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/lidarr.nix>
|
services.lidarr.packageThe Lidarr package to use
Type: package
Default: pkgs.lidarr
Declared by:
<nixpkgs/nixos/modules/services/misc/lidarr.nix>
|
services.lidarr.dataDirThe directory where Lidarr stores its data files.
Type: string
Default: "/var/lib/lidarr/.config/Lidarr"
Declared by:
<nixpkgs/nixos/modules/services/misc/lidarr.nix>
|
services.lidarr.groupGroup under which Lidarr runs.
Type: string
Default: "lidarr"
Declared by:
<nixpkgs/nixos/modules/services/misc/lidarr.nix>
|
services.lidarr.openFirewallOpen ports in the firewall for Lidarr
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/lidarr.nix>
|
services.lidarr.userUser account under which Lidarr runs.
Type: string
Default: "lidarr"
Declared by:
<nixpkgs/nixos/modules/services/misc/lidarr.nix>
|
services.lifecycled.enableWhether to enable lifecycled.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/lifecycled.nix>
|
services.lifecycled.awsRegionThe region used for accessing AWS services.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/lifecycled.nix>
|
services.lifecycled.cloudwatchGroupWrite logs to a specific Cloudwatch Logs group.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/lifecycled.nix>
|
services.lifecycled.cloudwatchStreamWrite logs to a specific Cloudwatch Logs stream. Defaults to the instance ID.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/lifecycled.nix>
|
services.lifecycled.debugEnable debugging information.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/lifecycled.nix>
|
services.lifecycled.handlerThe script to invoke to handle events.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/misc/lifecycled.nix>
|
services.lifecycled.instanceIdThe instance ID to listen for events for.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/lifecycled.nix>
|
services.lifecycled.jsonEnable JSON logging.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/lifecycled.nix>
|
services.lifecycled.noSpotDisable the spot termination listener.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/lifecycled.nix>
|
services.lifecycled.queueCleaner.enableWhether to enable lifecycled-queue-cleaner.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/lifecycled.nix>
|
services.lifecycled.queueCleaner.frequencyHow often to trigger the queue cleaner.
NOTE: This string should be a valid value for a systemd
timer's OnCalendar configuration. See
systemd.timer(5)
for more information.
Type: string
Default: "hourly"
Declared by:
<nixpkgs/nixos/modules/services/misc/lifecycled.nix>
|
services.lifecycled.queueCleaner.parallelThe number of parallel deletes to run.
Type: unsigned integer, meaning >=0
Default: 20
Declared by:
<nixpkgs/nixos/modules/services/misc/lifecycled.nix>
|
services.lifecycled.snsTopicThe SNS topic that receives events.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/lifecycled.nix>
|
services.lighthouse.beaconBeacon node
Type: submodule
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/blockchain/ethereum/lighthouse.nix>
|
services.lighthouse.beacon.enableWhether to enable Lightouse Beacon node.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/blockchain/ethereum/lighthouse.nix>
|
services.lighthouse.beacon.addressListen address of Beacon node.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/blockchain/ethereum/lighthouse.nix>
|
services.lighthouse.beacon.dataDirDirectory where data will be stored. Each chain will be stored under it's own specific subdirectory.
Type: string
Default: "/var/lib/lighthouse-beacon"
Declared by:
<nixpkgs/nixos/modules/services/blockchain/ethereum/lighthouse.nix>
|
services.lighthouse.beacon.disableDepositContractSyncExplicitly disables syncing of deposit logs from the execution node. This overrides any previous option that depends on it. Useful if you intend to run a non-validating beacon node.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/blockchain/ethereum/lighthouse.nix>
|
services.lighthouse.beacon.execution.addressListen address for the execution layer.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/blockchain/ethereum/lighthouse.nix>
|
services.lighthouse.beacon.execution.jwtPathPath for the jwt secret required to connect to the execution layer.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/blockchain/ethereum/lighthouse.nix>
|
services.lighthouse.beacon.execution.portPort number the Beacon node will be listening on for the execution layer.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8551
Declared by:
<nixpkgs/nixos/modules/services/blockchain/ethereum/lighthouse.nix>
|
services.lighthouse.beacon.extraArgsAdditional arguments passed to the lighthouse beacon command.
Type: string
Default: ""
Example: ""
Declared by:
<nixpkgs/nixos/modules/services/blockchain/ethereum/lighthouse.nix>
|
services.lighthouse.beacon.http.enableWhether to enable Beacon node http api.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/blockchain/ethereum/lighthouse.nix>
|
services.lighthouse.beacon.http.addressListen address of Beacon node RPC service.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/blockchain/ethereum/lighthouse.nix>
|
services.lighthouse.beacon.http.portPort number of Beacon node RPC service.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 5052
Declared by:
<nixpkgs/nixos/modules/services/blockchain/ethereum/lighthouse.nix>
|
services.lighthouse.beacon.metrics.enableWhether to enable Beacon node prometheus metrics.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/blockchain/ethereum/lighthouse.nix>
|
services.lighthouse.beacon.metrics.addressListen address of Beacon node metrics service.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/blockchain/ethereum/lighthouse.nix>
|
services.lighthouse.beacon.metrics.portPort number of Beacon node metrics service.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 5054
Declared by:
<nixpkgs/nixos/modules/services/blockchain/ethereum/lighthouse.nix>
|
services.lighthouse.beacon.openFirewallOpen the port in the firewall
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/blockchain/ethereum/lighthouse.nix>
|
services.lighthouse.beacon.portPort number the Beacon node will be listening on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9000
Declared by:
<nixpkgs/nixos/modules/services/blockchain/ethereum/lighthouse.nix>
|
services.lighthouse.extraArgsAdditional arguments passed to every lighthouse command.
Type: string
Default: ""
Example: ""
Declared by:
<nixpkgs/nixos/modules/services/blockchain/ethereum/lighthouse.nix>
|
services.lighthouse.networkThe network to connect to. Mainnet is the default ethereum network.
Type: one of "mainnet", "prater", "goerli", "gnosis", "kiln", "ropsten", "sepolia"
Default: "mainnet"
Declared by:
<nixpkgs/nixos/modules/services/blockchain/ethereum/lighthouse.nix>
|
services.lighthouse.validatorValidator node
Type: submodule
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/blockchain/ethereum/lighthouse.nix>
|
services.lighthouse.validator.enableEnable Lightouse Validator node.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/blockchain/ethereum/lighthouse.nix>
|
services.lighthouse.validator.beaconNodesBeacon nodes to connect to.
Type: list of string
Default:
[ "http://localhost:5052" ]
Declared by:
<nixpkgs/nixos/modules/services/blockchain/ethereum/lighthouse.nix>
|
services.lighthouse.validator.dataDirDirectory where data will be stored. Each chain will be stored under it's own specific subdirectory.
Type: string
Default: "/var/lib/lighthouse-validator"
Declared by:
<nixpkgs/nixos/modules/services/blockchain/ethereum/lighthouse.nix>
|
services.lighthouse.validator.extraArgsAdditional arguments passed to the lighthouse validator command.
Type: string
Default: ""
Example: ""
Declared by:
<nixpkgs/nixos/modules/services/blockchain/ethereum/lighthouse.nix>
|
services.lighthouse.validator.metrics.enableWhether to enable Validator node prometheus metrics.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/blockchain/ethereum/lighthouse.nix>
|
services.lighthouse.validator.metrics.addressListen address of Validator node metrics service.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/blockchain/ethereum/lighthouse.nix>
|
services.lighthouse.validator.metrics.portPort number of Validator node metrics service.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 5056
Declared by:
<nixpkgs/nixos/modules/services/blockchain/ethereum/lighthouse.nix>
|
services.lighttpd.enableEnable the lighttpd web server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/lighttpd/default.nix>
|
services.lighttpd.enableModulesList of lighttpd modules to enable. Sub-services take care of
enabling modules as needed, so this option is mainly for when you
want to add custom stuff to
services.lighttpd.extraConfig that depends on a
certain module.
Type: list of string
Default: [ ]
Example:
[ "mod_cgi" "mod_status" ]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/lighttpd/default.nix>
|
services.lighttpd.enableUpstreamMimeTypesWhether to include the list of mime types bundled with lighttpd
(upstream). If you disable this, no mime types will be added by
NixOS and you will have to add your own mime types in
services.lighttpd.extraConfig.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-servers/lighttpd/default.nix>
|
services.lighttpd.packagelighttpd package to use.
Type: package
Default: pkgs.lighttpd
Declared by:
<nixpkgs/nixos/modules/services/web-servers/lighttpd/default.nix>
|
services.lighttpd.cgit.enableIf true, enable cgit (fast web interface for git repositories) as a sub-service in lighttpd.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/lighttpd/cgit.nix>
|
services.lighttpd.cgit.configTextVerbatim contents of the cgit runtime configuration file. Documentation (with cgitrc example file) is available in "man cgitrc". Or online: http://git.zx2c4.com/cgit/tree/cgitrc.5.txt
Type: strings concatenated with "\n"
Default: ""
Example:
''
source-filter=${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py
about-filter=${pkgs.cgit}/lib/cgit/filters/about-formatting.sh
cache-size=1000
scan-path=/srv/git
''
Declared by:
<nixpkgs/nixos/modules/services/web-servers/lighttpd/cgit.nix>
|
services.lighttpd.cgit.subdirThe subdirectory in which to serve cgit. The web application will be accessible at http://yourserver/${subdir}
Type: string
Default: "cgit"
Example: ""
Declared by:
<nixpkgs/nixos/modules/services/web-servers/lighttpd/cgit.nix>
|
services.lighttpd.collectd.enableWhether to enable collectd subservice accessible at http://yourserver/collectd.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-servers/lighttpd/collectd.nix>
|
services.lighttpd.collectd.collectionCgiPath to collection.cgi script from (collectd sources)/contrib/collection.cgi This option allows to use a customized version
Type: path
Default: config.services.collectd.package configured for lighttpd
Declared by:
<nixpkgs/nixos/modules/services/web-servers/lighttpd/collectd.nix>
|
services.lighttpd.configTextOverridable config file contents to use for lighttpd. By default, use the contents automatically generated by NixOS.
Type: strings concatenated with "\n"
Default: ""
Example: "...verbatim config file contents..."
Declared by:
<nixpkgs/nixos/modules/services/web-servers/lighttpd/default.nix>
|
services.lighttpd.document-rootDocument-root of the web server. Must be readable by the "lighttpd" user.
Type: path
Default: "/srv/www"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/lighttpd/default.nix>
|
services.lighttpd.extraConfigThese configuration lines will be appended to the generated lighttpd
config file. Note that this mechanism does not work when the manual
configText option is used.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-servers/lighttpd/default.nix>
|
services.lighttpd.gitweb.enableIf true, enable gitweb in lighttpd. Access it at http://yourserver/gitweb
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/lighttpd/gitweb.nix>
|
services.lighttpd.mod_statusShow server status overview at /server-status, statistics at /server-statistics and list of loaded modules at /server-config.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/lighttpd/default.nix>
|
services.lighttpd.mod_userdirIf true, requests in the form /~user/page.html are rewritten to take the file public_html/page.html from the home directory of the user.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/lighttpd/default.nix>
|
services.lighttpd.portTCP port number for lighttpd to bind to.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 80
Declared by:
<nixpkgs/nixos/modules/services/web-servers/lighttpd/default.nix>
|
services.limesurvey.enableWhether to enable Limesurvey web application..
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/limesurvey.nix>
|
services.limesurvey.configLimeSurvey configuration. Refer to https://manual.limesurvey.org/Optional_settings for details on supported values.
Type: limesurvey config type (str, int, bool or attribute set thereof)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/web-apps/limesurvey.nix>
|
services.limesurvey.database.createLocallyCreate the database and database user locally. This currently only applies if database type "mysql" is selected.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/limesurvey.nix>
|
services.limesurvey.database.hostDatabase host address.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/limesurvey.nix>
|
services.limesurvey.database.nameDatabase name.
Type: string
Default: "limesurvey"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/limesurvey.nix>
|
services.limesurvey.database.passwordFileA file containing the password corresponding to
database.user.
Type: null or path
Default: null
Example: "/run/keys/limesurvey-dbpassword"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/limesurvey.nix>
|
services.limesurvey.database.portDatabase host port.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 3306
Declared by:
<nixpkgs/nixos/modules/services/web-apps/limesurvey.nix>
|
services.limesurvey.database.socketPath to the unix socket file to use for authentication.
Type: null or path
Default: /run/mysqld/mysqld.sock
Declared by:
<nixpkgs/nixos/modules/services/web-apps/limesurvey.nix>
|
services.limesurvey.database.typeDatabase engine to use.
Type: one of "mysql", "pgsql", "odbc", "mssql"
Default: "mysql"
Example: "pgsql"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/limesurvey.nix>
|
services.limesurvey.database.userDatabase user.
Type: string
Default: "limesurvey"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/limesurvey.nix>
|
services.limesurvey.poolConfigOptions for the LimeSurvey PHP pool. See the documentation on php-fpm.conf
for details on configuration directives.
Type: attribute set of (string or signed integer or boolean)
Default:
{
pm = "dynamic";
"pm.max_children" = 32;
"pm.max_requests" = 500;
"pm.max_spare_servers" = 4;
"pm.min_spare_servers" = 2;
"pm.start_servers" = 2;
}Declared by:
<nixpkgs/nixos/modules/services/web-apps/limesurvey.nix>
|
services.limesurvey.virtualHostApache configuration can be done by adapting services.httpd.virtualHosts.<name>.
See services.httpd.virtualHosts for further information.
Type: submodule
Example:
{
hostName = "survey.example.org";
adminAddr = "webmaster@example.org";
forceSSL = true;
enableACME = true;
}
Declared by:
<nixpkgs/nixos/modules/services/web-apps/limesurvey.nix>
|
services.limesurvey.virtualHost.enableACMEWhether to ask Let's Encrypt to sign a certificate for this vhost.
Alternately, you can use an existing certificate through useACMEHost.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/limesurvey.nix>
|
services.limesurvey.virtualHost.enableUserDirWhether to enable serving ~/public_html as
/~«username».
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/limesurvey.nix>
|
services.limesurvey.virtualHost.acmeRootDirectory for the acme challenge which is PUBLIC, don't put certs or keys in here. Set to null to inherit from config.security.acme.
Type: null or string
Default: "/var/lib/acme/acme-challenge"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/limesurvey.nix>
|
services.limesurvey.virtualHost.addSSLWhether to enable HTTPS in addition to plain HTTP. This will set defaults for
listen to listen on all interfaces on the respective default
ports (80, 443).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/limesurvey.nix>
|
services.limesurvey.virtualHost.adminAddrE-mail address of the server administrator.
Type: null or string
Default: null
Example: "admin@example.org"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/limesurvey.nix>
|
services.limesurvey.virtualHost.documentRootThe path of Apache's document root directory. If left undefined, an empty directory in the Nix store will be used as root.
Type: null or path
Default: null
Example: "/data/webserver/docs"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/limesurvey.nix>
|
services.limesurvey.virtualHost.extraConfigThese lines go to httpd.conf verbatim. They will go after directories and directory aliases defined by default.
Type: strings concatenated with "\n"
Default: ""
Example:
''
<Directory /home>
Options FollowSymlinks
AllowOverride All
</Directory>
''Declared by:
<nixpkgs/nixos/modules/services/web-apps/limesurvey.nix>
|
services.limesurvey.virtualHost.forceSSLWhether to add a separate nginx server block that permanently redirects (301)
all plain HTTP traffic to HTTPS. This will set defaults for
listen to listen on all interfaces on the respective default
ports (80, 443), where the non-SSL listens are used for the redirect vhosts.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/limesurvey.nix>
|
services.limesurvey.virtualHost.globalRedirectIf set, all requests for this host are redirected permanently to the given URL.
Type: null or string
Default: null
Example: "http://newserver.example.org/"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/limesurvey.nix>
|
services.limesurvey.virtualHost.hostNameCanonical hostname for the server.
Type: string
Default: "‹name›"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/limesurvey.nix>
|
services.limesurvey.virtualHost.http2Whether to enable HTTP 2. HTTP/2 is supported in all multi-processing modules that come with httpd. However, if you use the prefork mpm, there will be severe restrictions. Refer to https://httpd.apache.org/docs/2.4/howto/http2.html#mpm-config for details.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/limesurvey.nix>
|
services.limesurvey.virtualHost.listenListen addresses and ports for this virtual host.
This option overrides addSSL, forceSSL and onlySSL.
If you only want to set the addresses manually and not the ports, take a look at listenAddresses.
Type: list of (submodule)
Default: [ ]
Example:
[
{
ip = "195.154.1.1";
port = 443;
ssl = true;
}
{
ip = "192.154.1.1";
port = 80;
}
{
ip = "*";
port = 8080;
}
]Declared by:
<nixpkgs/nixos/modules/services/web-apps/limesurvey.nix>
|
services.limesurvey.virtualHost.listen.*.ipIP to listen on. 0.0.0.0 for IPv4 only, * for all.
Type: string
Default: "*"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/limesurvey.nix>
|
services.limesurvey.virtualHost.listen.*.portPort to listen on
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Declared by:
<nixpkgs/nixos/modules/services/web-apps/limesurvey.nix>
|
services.limesurvey.virtualHost.listen.*.sslWhether to enable SSL (https) support.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/limesurvey.nix>
|
services.limesurvey.virtualHost.listenAddressesListen addresses for this virtual host.
Compared to listen this only sets the addresses
and the ports are chosen automatically.
Type: non-empty (list of string)
Default:
[ "*" ]
Example:
[ "127.0.0.1" ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/limesurvey.nix>
|
services.limesurvey.virtualHost.locationsDeclarative location config. See https://httpd.apache.org/docs/2.4/mod/core.html#location for details.
Type: attribute set of (submodule)
Default: { }
Example:
{
"/" = {
proxyPass = "http://localhost:3000";
};
"/foo/bar.png" = {
alias = "/home/eelco/some-file.png";
};
};
Declared by:
<nixpkgs/nixos/modules/services/web-apps/limesurvey.nix>
|
services.limesurvey.virtualHost.locations.<name>.aliasAlias directory for requests. See https://httpd.apache.org/docs/2.4/mod/mod_alias.html#alias.
Type: null or path
Default: null
Example: "/your/alias/directory"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/limesurvey.nix>
|
services.limesurvey.virtualHost.locations.<name>.extraConfigThese lines go to the end of the location verbatim.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/limesurvey.nix>
|
services.limesurvey.virtualHost.locations.<name>.indexAdds DirectoryIndex directive. See https://httpd.apache.org/docs/2.4/mod/mod_dir.html#directoryindex.
Type: null or string
Default: null
Example: "index.php index.html"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/limesurvey.nix>
|
services.limesurvey.virtualHost.locations.<name>.priorityOrder of this location block in relation to the others in the vhost.
The semantics are the same as with lib.mkOrder. Smaller values have
a greater priority.
Type: signed integer
Default: 1000
Declared by:
<nixpkgs/nixos/modules/services/web-apps/limesurvey.nix>
|
services.limesurvey.virtualHost.locations.<name>.proxyPassSets up a simple reverse proxy as described by https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html#simple.
Type: null or string
Default: null
Example: "http://www.example.org/"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/limesurvey.nix>
|
services.limesurvey.virtualHost.logFormatLog format for Apache's log files. Possible values are: combined, common, referer, agent.
Type: string
Default: "common"
Example: "combined"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/limesurvey.nix>
|
services.limesurvey.virtualHost.onlySSLWhether to enable HTTPS and reject plain HTTP connections. This will set
defaults for listen to listen on all interfaces on port 443.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/limesurvey.nix>
|
services.limesurvey.virtualHost.robotsEntriesSpecification of pages to be ignored by web crawlers. See http://www.robotstxt.org/ for details.
Type: strings concatenated with "\n"
Default: ""
Example: "Disallow: /foo/"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/limesurvey.nix>
|
services.limesurvey.virtualHost.servedDirsThis option provides a simple way to serve static directories.
Type: list of (attribute set)
Default: [ ]
Example:
[
{
dir = "/home/eelco/Dev/nix-homepage";
urlPath = "/nix";
}
]Declared by:
<nixpkgs/nixos/modules/services/web-apps/limesurvey.nix>
|
services.limesurvey.virtualHost.servedFilesThis option provides a simple way to serve individual, static files.
This option has been deprecated and will be removed in a future
version of NixOS. You can achieve the same result by making use of
the locations.<name>.alias option.
Type: list of (attribute set)
Default: [ ]
Example:
[
{
file = "/home/eelco/some-file.png";
urlPath = "/foo/bar.png";
}
]Declared by:
<nixpkgs/nixos/modules/services/web-apps/limesurvey.nix>
|
services.limesurvey.virtualHost.serverAliasesAdditional names of virtual hosts served by this virtual host configuration.
Type: list of string
Default: [ ]
Example:
[ "www.example.org" "www.example.org:8080" "example.org" ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/limesurvey.nix>
|
services.limesurvey.virtualHost.sslServerCertPath to server SSL certificate.
Type: path
Example: "/var/host.cert"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/limesurvey.nix>
|
services.limesurvey.virtualHost.sslServerChainPath to server SSL chain file.
Type: null or path
Default: null
Example: "/var/ca.pem"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/limesurvey.nix>
|
services.limesurvey.virtualHost.sslServerKeyPath to server SSL certificate key.
Type: path
Example: "/var/host.key"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/limesurvey.nix>
|
services.limesurvey.virtualHost.useACMEHostA host of an existing Let's Encrypt certificate to use.
This is useful if you have many subdomains and want to avoid hitting the
rate limit.
Alternately, you can generate a certificate through enableACME.
Note that this option does not create any certificates, nor it does add subdomains to existing ones – you will need to create them manually using security.acme.certs.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/limesurvey.nix>
|
services.liquidsoap.streamsSet of Liquidsoap streams to start, one systemd service per stream.
Type: attribute set of (path or string)
Default: { }
Example:
{
myStream1 = "/etc/liquidsoap/myStream1.liq";
myStream2 = ./myStream2.liq;
myStream3 = "out(playlist(\"/srv/music/\"))";
}
Declared by:
<nixpkgs/nixos/modules/services/audio/liquidsoap.nix>
|
services.lirc.enableWhether to enable LIRC daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/hardware/lirc.nix>
|
services.lirc.configsConfigurations for lircd to load, see man:lircd.conf(5) for details (lircd.conf)
Type: list of strings concatenated with "\n"
Declared by:
<nixpkgs/nixos/modules/services/hardware/lirc.nix>
|
services.lirc.extraArgumentsExtra arguments to lircd.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/hardware/lirc.nix>
|
services.lirc.optionsLIRC default options described in man:lircd(8) (lirc_options.conf)
Type: strings concatenated with "\n"
Example:
'' [lircd] nodaemon = False ''
Declared by:
<nixpkgs/nixos/modules/services/hardware/lirc.nix>
|
services.listmonk.enableWhether to enable Listmonk, this module assumes a reverse proxy to be set.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/mail/listmonk.nix>
|
services.listmonk.packageThe listmonk package to use.
Type: package
Default: pkgs.listmonk
Declared by:
<nixpkgs/nixos/modules/services/mail/listmonk.nix>
|
services.listmonk.database.createLocallyCreate the PostgreSQL database and database user locally.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/mail/listmonk.nix>
|
services.listmonk.database.mutableSettingsDatabase settings will be reset to the value set in this module if this is not enabled. Enable this if you want to persist changes you have done in the application.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/mail/listmonk.nix>
|
services.listmonk.database.settingsDynamic settings in the PostgreSQL database, set by a SQL script, see https://github.com/knadh/listmonk/blob/master/schema.sql#L177-L230 for details.
Type: null or ((list of string) or list of attribute set of anything or string or signed integer or boolean)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/mail/listmonk.nix>
|
services.listmonk.database.settings."app.notify_emails"Administrator emails for system notifications
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/mail/listmonk.nix>
|
services.listmonk.database.settings."bounce.mailboxes"List of bounce mailboxes
Type: list of (string or signed integer or boolean)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/mail/listmonk.nix>
|
services.listmonk.database.settings.messengersList of messengers, see: https://github.com/knadh/listmonk/blob/master/models/settings.go#L64-L74 for options.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/mail/listmonk.nix>
|
services.listmonk.database.settings."privacy.domain_blocklist"E-mail addresses with these domains are disallowed from subscribing.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/mail/listmonk.nix>
|
services.listmonk.database.settings."privacy.exportable"List of fields which can be exported through an automatic export request
Type: list of string
Default:
[ "profile" "subscriptions" "campaign_views" "link_clicks" ]
Declared by:
<nixpkgs/nixos/modules/services/mail/listmonk.nix>
|
services.listmonk.database.settings.smtpList of outgoing SMTP servers
Type: list of (attribute set of (string or signed integer or boolean))
Declared by:
<nixpkgs/nixos/modules/services/mail/listmonk.nix>
|
services.listmonk.database.settings.smtp.*.enabledWhether to enable this SMTP server for listmonk.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/mail/listmonk.nix>
|
services.listmonk.database.settings.smtp.*.hostHostname for the SMTP server
Type: string
Declared by:
<nixpkgs/nixos/modules/services/mail/listmonk.nix>
|
services.listmonk.database.settings.smtp.*.max_connsMaximum number of simultaneous connections, defaults to 1
Type: signed integer
Default: 1
Declared by:
<nixpkgs/nixos/modules/services/mail/listmonk.nix>
|
services.listmonk.database.settings.smtp.*.portPort for the SMTP server
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Declared by:
<nixpkgs/nixos/modules/services/mail/listmonk.nix>
|
services.listmonk.database.settings.smtp.*.tls_typeType of TLS authentication with the SMTP server
Type: one of "none", "STARTTLS", "TLS"
Declared by:
<nixpkgs/nixos/modules/services/mail/listmonk.nix>
|
services.listmonk.secretFileA file containing secrets as environment variables. See https://listmonk.app/docs/configuration/#environment-variables for details on supported values.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/mail/listmonk.nix>
|
services.listmonk.settingsStatic settings set in the config.toml, see https://github.com/knadh/listmonk/blob/master/config.toml.sample for details. You can set secrets using the secretFile option with environment variables following https://listmonk.app/docs/configuration/#environment-variables.
Type: TOML value
Declared by:
<nixpkgs/nixos/modules/services/mail/listmonk.nix>
|
services.litestream.enableWhether to enable litestream.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/litestream/default.nix>
|
services.litestream.packagePackage to use.
Type: package
Default: pkgs.litestream
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/litestream/default.nix>
|
services.litestream.environmentFileEnvironment file as defined in systemd.exec(5).
Secrets may be passed to the service without adding them to the world-readable Nix store, by specifying placeholder variables as the option value in Nix and setting these variables accordingly in the environment file.
By default, Litestream will perform environment variable expansion within the config file before reading it. Any references to $VAR or ${VAR} formatted variables will be replaced with their environment variable values. If no value is set then it will be replaced with an empty string.
# Content of the environment file LITESTREAM_ACCESS_KEY_ID=AKIAxxxxxxxxxxxxxxxx LITESTREAM_SECRET_ACCESS_KEY=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxxx
Note that this file needs to be available on the host on which this exporter is running.
Type: null or path
Default: null
Example: "/run/secrets/litestream"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/litestream/default.nix>
|
services.litestream.settingsSee the documentation.
Type: YAML value
Example:
{
dbs = [
{
path = "/var/lib/db1";
replicas = [
{
url = "s3://mybkt.litestream.io/db1";
}
];
}
];
}Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/litestream/default.nix>
|
services.lldpd.enableWhether to enable Link Layer Discovery Protocol Daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/lldpd.nix>
|
services.lldpd.extraArgsList of command line parameters for lldpd
Type: list of string
Default: [ ]
Example:
[ "-c" "-k" "-I eth0" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/lldpd.nix>
|
services.localtimed.enableEnable localtimed, a simple daemon for keeping the
system timezone up-to-date based on the current location. It uses
geoclue2 to determine the current location.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/system/localtimed.nix>
|
services.locate.enableIf enabled, NixOS will periodically update the database of files used by the locate command.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/misc/locate.nix>
|
services.locate.extraFlagsExtra flags to pass to updatedb.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/misc/locate.nix>
|
services.locate.intervalUpdate the locate database at this interval. Updates by default at 2:15 AM every day.
The format is described in systemd.time(7).
To disable automatic updates, set to "never"
and run updatedb manually.
Type: string
Default: "02:15"
Example: "hourly"
Declared by:
<nixpkgs/nixos/modules/misc/locate.nix>
|
services.locate.localuserThe user to search non-network directories as, using su.
Type: null or string
Default: "nobody"
Declared by:
<nixpkgs/nixos/modules/misc/locate.nix>
|
services.locate.locateThe locate implementation to use
Type: package
Default: pkgs.findutils
Example: pkgs.mlocate
Declared by:
<nixpkgs/nixos/modules/misc/locate.nix>
|
services.locate.outputThe database file to build.
Type: path
Default: "/var/cache/locatedb"
Declared by:
<nixpkgs/nixos/modules/misc/locate.nix>
|
services.locate.pruneBindMountsWhether not to index bind mounts
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/misc/locate.nix>
|
services.locate.pruneFSWhich filesystem types to exclude from indexing
Type: list of string
Default:
[ "afs" "anon_inodefs" "auto" "autofs" "bdev" "binfmt" "binfmt_misc" "ceph" "cgroup" "cgroup2" "cifs" "coda" "configfs" "cramfs" "cpuset" "curlftpfs" "debugfs" "devfs" "devpts" "devtmpfs" "ecryptfs" "eventpollfs" "exofs" "futexfs" "ftpfs" "fuse" "fusectl" "fusesmb" "fuse.ceph" "fuse.glusterfs" "fuse.gvfsd-fuse" "fuse.mfs" "fuse.rclone" "fuse.rozofs" "fuse.sshfs" "gfs" "gfs2" "hostfs" "hugetlbfs" "inotifyfs" "iso9660" "jffs2" "lustre" "lustre_lite" "misc" "mfs" "mqueue" "ncpfs" "nfs" "NFS" "nfs4" "nfsd" "nnpfs" "ocfs" "ocfs2" "pipefs" "proc" "ramfs" "rpc_pipefs" "securityfs" "selinuxfs" "sfs" "shfs" "smbfs" "sockfs" "spufs" "sshfs" "subfs" "supermount" "sysfs" "tmpfs" "tracefs" "ubifs" "udev" "udf" "usbfs" "vboxsf" "vperfctrfs" ]
Declared by:
<nixpkgs/nixos/modules/misc/locate.nix>
|
services.locate.pruneNamesDirectory components which should exclude paths containing them from indexing
Type: list of string
Default: [ ".bzr" ".cache" ".git" ".hg" ".svn" ], if
supported by the locate implementation (i.e. mlocate or plocate).
Declared by:
<nixpkgs/nixos/modules/misc/locate.nix>
|
services.locate.prunePathsWhich paths to exclude from indexing
Type: list of path
Default:
[ "/tmp" "/var/tmp" "/var/cache" "/var/lock" "/var/run" "/var/spool" "/nix/store" "/nix/var/log/nix" ]
Declared by:
<nixpkgs/nixos/modules/misc/locate.nix>
|
services.logcheck.enableWhether to enable logcheck cron job.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/logging/logcheck.nix>
|
services.logcheck.configConfig options that you would like in logcheck.conf.
Type: strings concatenated with "\n"
Default: "FQDN=1"
Declared by:
<nixpkgs/nixos/modules/services/logging/logcheck.nix>
|
services.logcheck.extraGroupsExtra groups for the logcheck user, for example to be able to use sendmail, or to access certain log files.
Type: list of string
Default: [ ]
Example:
[ "postdrop" "mongodb" ]
Declared by:
<nixpkgs/nixos/modules/services/logging/logcheck.nix>
|
services.logcheck.extraRulesDirsDirectories with extra rules.
Type: list of path
Default: [ ]
Example:
[ "/etc/logcheck" ]
Declared by:
<nixpkgs/nixos/modules/services/logging/logcheck.nix>
|
services.logcheck.filesWhich log files to check.
Type: list of path
Default:
[ "/var/log/messages" ]
Example:
[ "/var/log/messages" "/var/log/mail" ]
Declared by:
<nixpkgs/nixos/modules/services/logging/logcheck.nix>
|
services.logcheck.ignoreThis option defines extra ignore rules.
Type: attribute set of (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/logging/logcheck.nix>
|
services.logcheck.ignore.<name>.levelSet the logcheck level.
Type: one of "workstation", "server", "paranoid"
Default: "server"
Declared by:
<nixpkgs/nixos/modules/services/logging/logcheck.nix>
|
services.logcheck.ignore.<name>.regexRegex specifying which log lines to ignore.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/logging/logcheck.nix>
|
services.logcheck.ignoreCronThis option defines extra ignore rules for cronjobs.
Type: attribute set of (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/logging/logcheck.nix>
|
services.logcheck.ignoreCron.<name>.cmdlineCommand line for the cron job. Will be turned into a regex for the logcheck ignore rule.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/logging/logcheck.nix>
|
services.logcheck.ignoreCron.<name>.timeArgs"min hr dom mon dow" crontab time args, to auto-create a cronjob too. Leave at null to not do this and just add a logcheck ignore rule.
Type: null or string
Default: null
Example: "02 06 * * *"
Declared by:
<nixpkgs/nixos/modules/services/logging/logcheck.nix>
|
services.logcheck.ignoreCron.<name>.userUser that runs the cronjob.
Type: string
Default: "root"
Declared by:
<nixpkgs/nixos/modules/services/logging/logcheck.nix>
|
services.logcheck.levelSet the logcheck level. Either "workstation", "server", or "paranoid".
Type: string
Default: "server"
Declared by:
<nixpkgs/nixos/modules/services/logging/logcheck.nix>
|
services.logcheck.mailToEmail address to send reports to.
Type: string
Default: "root"
Example: "you@domain.com"
Declared by:
<nixpkgs/nixos/modules/services/logging/logcheck.nix>
|
services.logcheck.timeOfDayTime of day to run logcheck. A logcheck will be scheduled at xx:02 each day. Leave default (*) to run every hour. Of course when nothing special was logged, logcheck will be silent.
Type: string
Default: "*"
Example: "6"
Declared by:
<nixpkgs/nixos/modules/services/logging/logcheck.nix>
|
services.logcheck.userUsername for the logcheck user.
Type: string
Default: "logcheck"
Declared by:
<nixpkgs/nixos/modules/services/logging/logcheck.nix>
|
services.logind.extraConfigExtra config options for systemd-logind. See logind.conf(5) for available options.
Type: strings concatenated with "\n"
Default: ""
Example: "IdleAction=lock"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/logind.nix>
|
services.logind.killUserProcessesSpecifies whether the processes of a user should be killed when the user logs out. If true, the scope unit corresponding to the session and all processes inside that scope will be terminated. If false, the scope is "abandoned" (see systemd.scope(5)), and processes are not killed.
See logind.conf(5) for more details.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/logind.nix>
|
services.logind.lidSwitchSpecifies what to be done when the laptop lid is closed.
Type: one of "ignore", "poweroff", "reboot", "halt", "kexec", "suspend", "hibernate", "hybrid-sleep", "suspend-then-hibernate", "lock"
Default: "suspend"
Example: "ignore"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/logind.nix>
|
services.logind.lidSwitchDockedSpecifies what to be done when the laptop lid is closed and another screen is added.
Type: one of "ignore", "poweroff", "reboot", "halt", "kexec", "suspend", "hibernate", "hybrid-sleep", "suspend-then-hibernate", "lock"
Default: "ignore"
Example: "suspend"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/logind.nix>
|
services.logind.lidSwitchExternalPowerSpecifies what to do when the laptop lid is closed and the system is on external power. By default use the same action as specified in services.logind.lidSwitch.
Type: one of "ignore", "poweroff", "reboot", "halt", "kexec", "suspend", "hibernate", "hybrid-sleep", "suspend-then-hibernate", "lock"
Default: services.logind.lidSwitch
Example: "ignore"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/logind.nix>
|
services.logkeys.enableWhether to enable logkeys service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/logkeys.nix>
|
services.logkeys.deviceUse the given device as keyboard input event device instead of /dev/input/eventX default.
Type: null or string
Default: null
Example: "/dev/input/event15"
Declared by:
<nixpkgs/nixos/modules/services/misc/logkeys.nix>
|
services.logmein-hamachi.enableWhether to enable LogMeIn Hamachi, a proprietary (closed source) commercial VPN software.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/logmein-hamachi.nix>
|
services.logrotate.enableWhether to enable the logrotate systemd service.
Type: boolean
Default: cfg.settings != {}
Example: true
Declared by:
<nixpkgs/nixos/modules/services/logging/logrotate.nix>
|
services.logrotate.checkConfigWhether the config should be checked at build time.
Some options are not checkable at build time because of the build sandbox:
for example, the test does not know about existing files and system users are
not known.
These limitations mean we must adjust the file for tests (missingok is forced
and users are replaced by dummy users), so tests are complemented by a
logrotate-checkconf service that is enabled by default.
This extra check can be disabled by disabling it at the systemd level with the
services.systemd.services.logrotate-checkconf.enable option.
Conversely there are still things that might make this check fail incorrectly (e.g. a file path where we don't have access to intermediate directories): in this case you can disable the failing check with this option.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/logging/logrotate.nix>
|
services.logrotate.configFileOverride the configuration file used by MySQL. By default,
NixOS generates one automatically from services.logrotate.settings.
Type: path
Default:
'' A configuration file automatically generated by NixOS. ''
Example:
pkgs.writeText "logrotate.conf" ''
missingok
"/var/log/*.log" {
rotate 4
weekly
}
'';
Declared by:
<nixpkgs/nixos/modules/services/logging/logrotate.nix>
|
services.logrotate.settingslogrotate freeform settings: each attribute here will define its own section, ordered by priority, which can either define files to rotate with their settings or settings common to all further files settings. Refer to https://linux.die.net/man/8/logrotate for details.
Type: attribute set of (attribute set of (null or signed integer or boolean or string))
Default: { }
Example:
{
# global options
header = {
dateext = true;
};
# example custom files
"/var/log/mylog.log" = {
frequency = "daily";
rotate = 3;
};
"multiple paths" = {
files = [
"/var/log/first*.log"
"/var/log/second.log"
];
};
};
Declared by:
<nixpkgs/nixos/modules/services/logging/logrotate.nix>
|
services.logrotate.settings.<name>.enableWhether to enable setting individual kill switch.
Type: boolean
Default: true
Example: true
Declared by:
<nixpkgs/nixos/modules/services/logging/logrotate.nix>
|
services.logrotate.settings.<name>.filesSingle or list of files for which rules are defined. The files are quoted with double-quotes in logrotate configuration, so globs and spaces are supported. Note this setting is ignored if globals is true.
Type: string or list of string
Default:
'' The attrset name if not specified ''
Declared by:
<nixpkgs/nixos/modules/services/logging/logrotate.nix>
|
services.logrotate.settings.<name>.frequencyHow often to rotate the logs. Defaults to previously set global setting, which itself defaults to weekly.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/logging/logrotate.nix>
|
services.logrotate.settings.<name>.globalWhether this setting is a global option or not: set to have these settings apply to all files settings with a higher priority.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/logging/logrotate.nix>
|
services.logrotate.settings.<name>.priorityOrder of this logrotate block in relation to the others. The semantics are
the same as with lib.mkOrder. Smaller values are inserted first.
Type: signed integer
Default: 1000
Declared by:
<nixpkgs/nixos/modules/services/logging/logrotate.nix>
|
services.logstash.enableEnable logstash.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/logging/logstash.nix>
|
services.logstash.packageLogstash package to use.
Type: package
Default: pkgs.logstash
Declared by:
<nixpkgs/nixos/modules/services/logging/logstash.nix>
|
services.logstash.dataDirA path to directory writable by logstash that it uses to store data. Plugins will also have access to this path.
Type: string
Default: "/var/lib/logstash"
Declared by:
<nixpkgs/nixos/modules/services/logging/logstash.nix>
|
services.logstash.extraJvmOptionsExtra JVM options, one per line (jvm.options format).
Type: strings concatenated with "\n"
Default: ""
Example:
'' -Xms2g -Xmx2g ''
Declared by:
<nixpkgs/nixos/modules/services/logging/logstash.nix>
|
services.logstash.extraSettingsExtra Logstash settings in YAML format.
Type: strings concatenated with "\n"
Default: ""
Example:
''
pipeline:
batch:
size: 125
delay: 5
''Declared by:
<nixpkgs/nixos/modules/services/logging/logstash.nix>
|
services.logstash.filterConfiglogstash filter configuration.
Type: strings concatenated with "\n"
Default: ""
Example:
''
if [type] == "syslog" {
# Keep only relevant systemd fields
# http://www.freedesktop.org/software/systemd/man/systemd.journal-fields.html
prune {
whitelist_names => [
"type", "@timestamp", "@version",
"MESSAGE", "PRIORITY", "SYSLOG_FACILITY"
]
}
}
''Declared by:
<nixpkgs/nixos/modules/services/logging/logstash.nix>
|
services.logstash.filterWorkersThe quantity of filter workers to run.
Type: signed integer
Default: 1
Declared by:
<nixpkgs/nixos/modules/services/logging/logstash.nix>
|
services.logstash.inputConfigLogstash input configuration.
Type: strings concatenated with "\n"
Default: "generator { }"
Example:
''
# Read from journal
pipe {
command => "${config.systemd.package}/bin/journalctl -f -o json"
type => "syslog" codec => json {}
}
''
Declared by:
<nixpkgs/nixos/modules/services/logging/logstash.nix>
|
services.logstash.listenAddressAddress on which to start webserver.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/logging/logstash.nix>
|
services.logstash.logLevelLogging verbosity level.
Type: one of "debug", "info", "warn", "error", "fatal"
Default: "warn"
Declared by:
<nixpkgs/nixos/modules/services/logging/logstash.nix>
|
services.logstash.outputConfigLogstash output configuration.
Type: strings concatenated with "\n"
Default: "stdout { codec => rubydebug }"
Example:
''
redis { host => ["localhost"] data_type => "list" key => "logstash" codec => json }
elasticsearch { }
''Declared by:
<nixpkgs/nixos/modules/services/logging/logstash.nix>
|
services.logstash.pluginsThe paths to find other logstash plugins in.
Type: list of path
Default: [ ]
Example: [ pkgs.logstash-contrib ]
Declared by:
<nixpkgs/nixos/modules/services/logging/logstash.nix>
|
services.logstash.portPort on which to start webserver.
Type: string
Default: "9292"
Declared by:
<nixpkgs/nixos/modules/services/logging/logstash.nix>
|
services.loki.enableWhether to enable loki.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/loki.nix>
|
services.loki.configFileSpecify a configuration file that Loki should use.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/loki.nix>
|
services.loki.configurationSpecify the configuration for Loki in Nix.
Type: JSON value
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/monitoring/loki.nix>
|
services.loki.dataDirSpecify the directory for Loki.
Type: path
Default: "/var/lib/loki"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/loki.nix>
|
services.loki.extraFlagsSpecify a list of additional command line flags, which get escaped and are then passed to Loki.
Type: list of string
Default: [ ]
Example:
[ "--server.http-listen-port=3101" ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/loki.nix>
|
services.loki.groupGroup under which the Loki service runs.
Type: string
Default: "loki"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/loki.nix>
|
services.loki.userUser under which the Loki service runs.
Type: string
Default: "loki"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/loki.nix>
|
services.lokinet.enableWhether to enable Lokinet daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/lokinet.nix>
|
services.lokinet.packageLokinet package to use.
Type: package
Default: pkgs.lokinet
Declared by:
<nixpkgs/nixos/modules/services/networking/lokinet.nix>
|
services.lokinet.settingsConfiguration for Lokinet.
Currently, the best way to view the available settings is by
generating a config file using lokinet -g.
Type: attribute set of attribute set of (INI atom (null, bool, int, float or string) or a list of them for duplicate keys)
Default: { }
Example:
{
dns = {
bind = "127.3.2.1";
upstream = [ "1.1.1.1" "8.8.8.8" ];
};
network.exit-node = [ "example.loki" "example2.loki" ];
}
Declared by:
<nixpkgs/nixos/modules/services/networking/lokinet.nix>
|
services.lokinet.settings.dns.bindAddress to bind to for handling DNS requests.
Type: string
Default: "127.3.2.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/lokinet.nix>
|
services.lokinet.settings.dns.upstreamUpstream resolver(s) to use as fallback for non-loki addresses. Multiple values accepted.
Type: list of string
Default:
[ "9.9.9.10" ]
Example:
[ "1.1.1.1" "8.8.8.8" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/lokinet.nix>
|
services.lokinet.settings.network.exitWhether to act as an exit node. Beware that this increases demand on the server and may pose liability concerns. Enable at your own risk.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/lokinet.nix>
|
services.lokinet.settings.network.exit-nodeSpecify a .loki address and an optional ip range to use as an exit broker.
See http://probably.loki/wiki/index.php?title=Exit_Nodes for
a list of exit nodes.
Type: null or (list of string)
Default: null
Example:
'' exit-node = [ "example.loki" ]; # maps all exit traffic to example.loki exit-node = [ "example.loki:100.0.0.0/24" ]; # maps 100.0.0.0/24 to example.loki ''
Declared by:
<nixpkgs/nixos/modules/services/networking/lokinet.nix>
|
services.lokinet.settings.network.keyfileThe private key to persist address with. If not specified the address will be ephemeral. This keyfile is generated automatically if the specified file doesn't exist.
Type: null or string
Default: null
Example: "snappkey.private"
Declared by:
<nixpkgs/nixos/modules/services/networking/lokinet.nix>
|
services.lokinet.useLocallyWhether to use Lokinet locally.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/lokinet.nix>
|
services.longview.enableIf enabled, system metrics will be sent to Linode LongView.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/longview.nix>
|
services.longview.apacheStatusUrlThe Apache status page URL. If provided, Longview will gather statistics from this location. This requires Apache mod_status to be loaded and enabled.
Type: string
Default: ""
Example: "http://127.0.0.1/server-status"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/longview.nix>
|
services.longview.apiKeyLongview API key. To get this, look in Longview settings which are found at https://manager.linode.com/longview/.
Warning: this secret is stored in the world-readable Nix store!
Use apiKeyFile instead.
Type: string
Default: ""
Example: "01234567-89AB-CDEF-0123456789ABCDEF"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/longview.nix>
|
services.longview.apiKeyFileA file containing the Longview API key. To get this, look in Longview settings which are found at https://manager.linode.com/longview/.
apiKeyFile takes precedence over apiKey.
Type: null or path
Default: null
Example: "/run/keys/longview-api-key"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/longview.nix>
|
services.longview.mysqlPasswordThe password corresponding to mysqlUser.
Warning: this is stored in cleartext in the Nix store!
Use mysqlPasswordFile instead.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/longview.nix>
|
services.longview.mysqlPasswordFileA file containing the password corresponding to mysqlUser.
Type: null or path
Default: null
Example: "/run/keys/dbpassword"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/longview.nix>
|
services.longview.mysqlUserThe user for connecting to the MySQL database. If provided, Longview will connect to MySQL and collect statistics about queries, etc. This user does not need to have been granted any extra privileges.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/longview.nix>
|
services.longview.nginxStatusUrlThe Nginx status page URL. Longview will gather statistics from this URL. This requires the Nginx stub_status module to be enabled and configured at the given location.
Type: string
Default: ""
Example: "http://127.0.0.1/nginx_status"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/longview.nix>
|
services.lorri.enableEnables the daemon for lorri, a nix-shell replacement for project
development. The socket-activated daemon starts on the first request
issued by the lorri command.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/development/lorri.nix>
|
services.lorri.packageThe lorri package to use.
Type: package
Default: pkgs.lorri
Declared by:
<nixpkgs/nixos/modules/services/development/lorri.nix>
|
services.lshd.enableWhether to enable the GNU lshd SSH2 daemon, which allows secure remote login.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/lshd.nix>
|
services.lshd.hostKeyPath to the server's private key. Note that this key must have been created, e.g., using "lsh-keygen --server | lsh-writekey --server", so that you can run lshd.
Type: string
Default: "/etc/lsh/host-key"
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/lshd.nix>
|
services.lshd.interfacesList of network interfaces where listening for connections. When providing the empty list, `[]', lshd listens on all network interfaces.
Type: list of string
Default: [ ]
Example:
[ "localhost" "1.2.3.4:443" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/lshd.nix>
|
services.lshd.loginShellIf non-null, override the default login shell with the specified value.
Type: null or string
Default: null
Example: "/nix/store/xyz-bash-10.0/bin/bash10"
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/lshd.nix>
|
services.lshd.passwordAuthenticationWhether to enable password authentication.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/lshd.nix>
|
services.lshd.portNumberThe port on which to listen for connections.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 22
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/lshd.nix>
|
services.lshd.publicKeyAuthenticationWhether to enable public key authentication.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/lshd.nix>
|
services.lshd.rootLoginWhether to enable remote root login.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/lshd.nix>
|
services.lshd.srpKeyExchangeWhether to enable SRP key exchange and user authentication.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/lshd.nix>
|
services.lshd.subsystemsList of subsystem-path pairs, where the head of the pair denotes the subsystem name, and the tail denotes the path to an executable implementing it.
Type: list of path
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/lshd.nix>
|
services.lshd.syslogWhether to enable syslog output.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/lshd.nix>
|
services.lshd.tcpForwardingWhether to enable TCP/IP forwarding.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/lshd.nix>
|
services.lshd.x11ForwardingWhether to enable X11 forwarding.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/lshd.nix>
|
services.lvm.enableWhether to enable lvm2.
Type: boolean
Default: true
Example: true
Declared by:
<nixpkgs/nixos/modules/tasks/lvm.nix>
|
services.lvm.boot.thin.enableWhether to enable support for booting from ThinLVs.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/tasks/lvm.nix>
|
services.lvm.boot.vdo.enableWhether to enable support for booting from VDOLVs.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/tasks/lvm.nix>
|
services.lvm.dmeventd.enableWhether to enable the LVM dmevent daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/tasks/lvm.nix>
|
services.lxd-image-server.enableWhether to enable lxd-image-server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/lxd-image-server.nix>
|
services.lxd-image-server.groupGroup assigned to the user and the webroot directory.
Type: string
Default: "nginx"
Example: "www-data"
Declared by:
<nixpkgs/nixos/modules/services/networking/lxd-image-server.nix>
|
services.lxd-image-server.nginx.enableWhether to enable nginx.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/lxd-image-server.nix>
|
services.lxd-image-server.nginx.domainDomain to use for nginx virtual host.
Type: string
Example: "images.example.org"
Declared by:
<nixpkgs/nixos/modules/services/networking/lxd-image-server.nix>
|
services.lxd-image-server.settingsConfiguration for lxd-image-server.
Example see https://github.com/Avature/lxd-image-server/blob/master/config.toml.
Type: TOML value
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/lxd-image-server.nix>
|
services.mackerel-agent.enableWhether to enable mackerel.io agent.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/mackerel-agent.nix>
|
services.mackerel-agent.apiKeyFilePath to file containing the Mackerel API key. The file should contain a single line of the following form:
apikey = "EXAMPLE_API_KEY"
Type: path
Example: "/run/keys/mackerel-api-key"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/mackerel-agent.nix>
|
services.mackerel-agent.autoRetirementWhether to enable Whether to automatically retire the host upon OS shutdown. .
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/mackerel-agent.nix>
|
services.mackerel-agent.runAsRootWhether to enable Whether to run as root..
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/mackerel-agent.nix>
|
services.mackerel-agent.settingsOptions for mackerel-agent.conf.
Documentation: https://mackerel.io/docs/entry/spec/agent
Type: TOML value
Default: { }
Example:
{
silent = false;
verbose = false;
}Declared by:
<nixpkgs/nixos/modules/services/monitoring/mackerel-agent.nix>
|
services.mackerel-agent.settings.diagnosticWhether to enable Collect memory usage for the agent itself.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/mackerel-agent.nix>
|
services.mackerel-agent.settings.host_status.on_startHost status after agent startup.
Type: one of "working", "standby", "maintenance", "poweroff"
Default: "working"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/mackerel-agent.nix>
|
services.mackerel-agent.settings.host_status.on_stopHost status after agent shutdown.
Type: one of "working", "standby", "maintenance", "poweroff"
Default: "poweroff"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/mackerel-agent.nix>
|
services.maddy.enableWhether to enable Maddy, a free an open source mail server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/mail/maddy.nix>
|
services.maddy.configServer configuration, see https://maddy.email for more information. The default configuration of this module will setup minimal maddy instance for mail transfer without TLS encryption.
This should not be used in a production environment.
Type: null or strings concatenated with "\n"
Default:
''
# Minimal configuration with TLS disabled, adapted from upstream example
# configuration here https://github.com/foxcpp/maddy/blob/master/maddy.conf
# Do not use this in production!
tls off
auth.pass_table local_authdb {
table sql_table {
driver sqlite3
dsn credentials.db
table_name passwords
}
}
storage.imapsql local_mailboxes {
driver sqlite3
dsn imapsql.db
}
table.chain local_rewrites {
optional_step regexp "(.+)\+(.+)@(.+)" "$1@$3"
optional_step static {
entry postmaster postmaster@$(primary_domain)
}
optional_step file /etc/maddy/aliases
}
msgpipeline local_routing {
destination postmaster $(local_domains) {
modify {
replace_rcpt &local_rewrites
}
deliver_to &local_mailboxes
}
default_destination {
reject 550 5.1.1 "User doesn't exist"
}
}
smtp tcp://0.0.0.0:25 {
limits {
all rate 20 1s
all concurrency 10
}
dmarc yes
check {
require_mx_record
dkim
spf
}
source $(local_domains) {
reject 501 5.1.8 "Use Submission for outgoing SMTP"
}
default_source {
destination postmaster $(local_domains) {
deliver_to &local_routing
}
default_destination {
reject 550 5.1.1 "User doesn't exist"
}
}
}
submission tcp://0.0.0.0:587 {
limits {
all rate 50 1s
}
auth &local_authdb
source $(local_domains) {
check {
authorize_sender {
prepare_email &local_rewrites
user_to_email identity
}
}
destination postmaster $(local_domains) {
deliver_to &local_routing
}
default_destination {
modify {
dkim $(primary_domain) $(local_domains) default
}
deliver_to &remote_queue
}
}
default_source {
reject 501 5.1.8 "Non-local sender domain"
}
}
target.remote outbound_delivery {
limits {
destination rate 20 1s
destination concurrency 10
}
mx_auth {
dane
mtasts {
cache fs
fs_dir mtasts_cache/
}
local_policy {
min_tls_level encrypted
min_mx_level none
}
}
}
target.queue remote_queue {
target &outbound_delivery
autogenerated_msg_domain $(primary_domain)
bounce {
destination postmaster $(local_domains) {
deliver_to &local_routing
}
default_destination {
reject 550 5.0.0 "Refusing to send DSNs to non-local addresses"
}
}
}
imap tcp://0.0.0.0:143 {
auth &local_authdb
storage &local_mailboxes
}
''Declared by:
<nixpkgs/nixos/modules/services/mail/maddy.nix>
|
services.maddy.groupGroup account under which maddy runs.
If left as the default value this group will automatically be created on system activation, otherwise the sysadmin is responsible for ensuring the group exists before the maddy service starts.
Type: Concatenated string
Default: "maddy"
Declared by:
<nixpkgs/nixos/modules/services/mail/maddy.nix>
|
services.maddy.hostnameHostname to use. It should be FQDN.
Type: Concatenated string
Default: "localhost"
Example: "example.com"
Declared by:
<nixpkgs/nixos/modules/services/mail/maddy.nix>
|
services.maddy.localDomainsDefine list of allowed domains.
Type: list of string
Default:
[ "$(primary_domain)" ]
Example:
[ "$(primary_domain)" "example.com" "other.example.com" ]
Declared by:
<nixpkgs/nixos/modules/services/mail/maddy.nix>
|
services.maddy.openFirewallOpen the configured incoming and outgoing mail server ports.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/mail/maddy.nix>
|
services.maddy.primaryDomainPrimary MX domain to use. It should be FQDN.
Type: Concatenated string
Default: "localhost"
Example: "mail.example.com"
Declared by:
<nixpkgs/nixos/modules/services/mail/maddy.nix>
|
services.maddy.userUser account under which maddy runs.
If left as the default value this user will automatically be created on system activation, otherwise the sysadmin is responsible for ensuring the user exists before the maddy service starts.
Type: Concatenated string
Default: "maddy"
Declared by:
<nixpkgs/nixos/modules/services/mail/maddy.nix>
|
services.magic-wormhole-mailbox-server.enableWhether to enable Magic Wormhole Mailbox Server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/magic-wormhole-mailbox-server.nix>
|
services.magnetico.enableWhether to enable Magnetico, Bittorrent DHT crawler.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/torrent/magnetico.nix>
|
services.magnetico.crawler.addressAddress to be used for indexing DHT nodes.
Type: string
Default: "0.0.0.0"
Example: "1.2.3.4"
Declared by:
<nixpkgs/nixos/modules/services/torrent/magnetico.nix>
|
services.magnetico.crawler.extraOptionsExtra command line arguments to pass to magneticod.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/torrent/magnetico.nix>
|
services.magnetico.crawler.maxLeechesMaximum number of simultaneous leeches.
Type: positive integer, meaning >0
Default: 200
Declared by:
<nixpkgs/nixos/modules/services/torrent/magnetico.nix>
|
services.magnetico.crawler.maxNeighborsMaximum number of simultaneous neighbors of an indexer. Be careful changing this number: high values can very easily cause your network to be congested or even crash your router.
Type: positive integer, meaning >0
Default: 1000
Declared by:
<nixpkgs/nixos/modules/services/torrent/magnetico.nix>
|
services.magnetico.crawler.portPort to be used for indexing DHT nodes.
This port should be added to
networking.firewall.allowedTCPPorts.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/torrent/magnetico.nix>
|
services.magnetico.web.addressAddress the web interface will listen to.
Type: string
Default: "localhost"
Example: "1.2.3.4"
Declared by:
<nixpkgs/nixos/modules/services/torrent/magnetico.nix>
|
services.magnetico.web.credentialsThe credentials to access the web interface, in case authentication is
enabled, in the format username:hash. If unset no
authentication will be required.
Usernames must start with a lowercase ([a-z]) ASCII character, might
contain non-consecutive underscores except at the end, and consists of
small-case a-z characters and digits 0-9. The
htpasswd tool from the apacheHttpd
package may be used to generate the hash:
htpasswd -bnBC 12 username password
The hashes will be stored world-readable in the nix store.
Consider using the credentialsFile option if you
don't want this.
Type: attribute set of string
Default: { }
Example:
{
myuser = "$2y$12$YE01LZ8jrbQbx6c0s2hdZO71dSjn2p/O9XsYJpz.5968yCysUgiaG";
}
Declared by:
<nixpkgs/nixos/modules/services/torrent/magnetico.nix>
|
services.magnetico.web.credentialsFileThe path to the file holding the credentials to access the web interface. If unset no authentication will be required.
The file must contain user names and password hashes in the format
username:hash, one for each line. Usernames must
start with a lowecase ([a-z]) ASCII character, might contain
non-consecutive underscores except at the end, and consists of
small-case a-z characters and digits 0-9.
The htpasswd tool from the apacheHttpd
package may be used to generate the hash:
htpasswd -bnBC 12 username password
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/torrent/magnetico.nix>
|
services.magnetico.web.extraOptionsExtra command line arguments to pass to magneticow.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/torrent/magnetico.nix>
|
services.magnetico.web.portPort the web interface will listen to.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8080
Declared by:
<nixpkgs/nixos/modules/services/torrent/magnetico.nix>
|
services.mail.sendmailSetuidWrapper.capabilitiesA comma-separated list of capability clauses to be given to the wrapper program. The format for capability clauses is described in the “TEXTUAL REPRESENTATION” section of the cap_from_text(3) manual page. For a list of capabilities supported by the system, check the capabilities(7) manual page.
cap_setpcap, which is required for the wrapper
program to be able to raise caps into the Ambient set is NOT raised
to the Ambient set so that the real program cannot modify its own
capabilities!! This may be too restrictive for cases in which the
real program needs cap_setpcap but it at least leans on the side
security paranoid vs. too relaxed.
Type: strings concatenated with ","
Default: ""
Declared by:
<nixpkgs/nixos/modules/security/wrappers/default.nix>
|
services.mail.sendmailSetuidWrapper.groupThe group of the wrapper program.
Type: string
Declared by:
<nixpkgs/nixos/modules/security/wrappers/default.nix>
|
services.mail.sendmailSetuidWrapper.ownerThe owner of the wrapper program.
Type: string
Declared by:
<nixpkgs/nixos/modules/security/wrappers/default.nix>
|
services.mail.sendmailSetuidWrapper.permissionsThe permissions of the wrapper program. The format is that of a symbolic or numeric file mode understood by chmod.
Type: file mode string
Default: "u+rx,g+x,o+x"
Example: "a+rx"
Declared by:
<nixpkgs/nixos/modules/security/wrappers/default.nix>
|
services.mail.sendmailSetuidWrapper.programThe name of the wrapper program. Defaults to the attribute name.
Type: null or string
Default: "‹name›"
Declared by:
<nixpkgs/nixos/modules/security/wrappers/default.nix>
|
services.mail.sendmailSetuidWrapper.setgidWhether to add the setgid bit the wrapper program.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/wrappers/default.nix>
|
services.mail.sendmailSetuidWrapper.setuidWhether to add the setuid bit the wrapper program.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/wrappers/default.nix>
|
services.mail.sendmailSetuidWrapper.sourceThe absolute path to the program to be wrapped.
Type: path
Declared by:
<nixpkgs/nixos/modules/security/wrappers/default.nix>
|
services.mailcatcher.enableWhether to enable MailCatcher.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/mail/mailcatcher.nix>
|
services.mailcatcher.http.ipThe ip address of the http server.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/mail/mailcatcher.nix>
|
services.mailcatcher.http.pathPrefix to all HTTP paths.
Type: null or string
Default: null
Example: "/mailcatcher"
Declared by:
<nixpkgs/nixos/modules/services/mail/mailcatcher.nix>
|
services.mailcatcher.http.portThe port address of the http server.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 1080
Declared by:
<nixpkgs/nixos/modules/services/mail/mailcatcher.nix>
|
services.mailcatcher.smtp.ipThe ip address of the smtp server.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/mail/mailcatcher.nix>
|
services.mailcatcher.smtp.portThe port address of the smtp server.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 1025
Declared by:
<nixpkgs/nixos/modules/services/mail/mailcatcher.nix>
|
services.mailhog.enableWhether to enable MailHog.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/mail/mailhog.nix>
|
services.mailhog.apiPortPort on which the API endpoint will listen.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8025
Declared by:
<nixpkgs/nixos/modules/services/mail/mailhog.nix>
|
services.mailhog.extraArgsList of additional arguments to pass to the MailHog process.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/mail/mailhog.nix>
|
services.mailhog.smtpPortPort on which the SMTP endpoint will listen.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 1025
Declared by:
<nixpkgs/nixos/modules/services/mail/mailhog.nix>
|
services.mailhog.storageStore mails on disk or in memory.
Type: one of "maildir", "memory"
Default: "memory"
Declared by:
<nixpkgs/nixos/modules/services/mail/mailhog.nix>
|
services.mailhog.uiPortPort on which the HTTP UI will listen.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8025
Declared by:
<nixpkgs/nixos/modules/services/mail/mailhog.nix>
|
services.mailman.enableEnable Mailman on this host. Requires an active MTA on the host (e.g. Postfix).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/mail/mailman.nix>
|
services.mailman.enablePostfixEnable Postfix integration. Requires an active Postfix installation.
If you want to use another MTA, set this option to false and configure settings in services.mailman.settings.mta.
Refer to the Mailman manual for more info.
Type: boolean
Default: true
Example: false
Declared by:
<nixpkgs/nixos/modules/services/mail/mailman.nix>
|
services.mailman.extraPythonPackagesPackages to add to the python environment used by mailman and mailman-web
Type: list of package
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/mail/mailman.nix>
|
services.mailman.hyperkitty.enableWhether to enable the Hyperkitty archiver for Mailman.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/mail/mailman.nix>
|
services.mailman.hyperkitty.baseUrlWhere can Mailman connect to Hyperkitty's internal API, preferably on localhost?
Type: string
Default: "http://localhost:18507/archives/"
Declared by:
<nixpkgs/nixos/modules/services/mail/mailman.nix>
|
services.mailman.ldap.enableWhether to enable LDAP auth.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/mail/mailman.nix>
|
services.mailman.ldap.attrMap.emailLDAP-attribute that corresponds to the email-attribute in mailman.
Type: string
Default: "mail"
Declared by:
<nixpkgs/nixos/modules/services/mail/mailman.nix>
|
services.mailman.ldap.attrMap.firstNameLDAP-attribute that corresponds to the firstName-attribute in mailman.
Type: string
Default: "givenName"
Declared by:
<nixpkgs/nixos/modules/services/mail/mailman.nix>
|
services.mailman.ldap.attrMap.lastNameLDAP-attribute that corresponds to the lastName-attribute in mailman.
Type: string
Default: "sn"
Declared by:
<nixpkgs/nixos/modules/services/mail/mailman.nix>
|
services.mailman.ldap.attrMap.usernameLDAP-attribute that corresponds to the username-attribute in mailman.
Type: string
Default: "uid"
Declared by:
<nixpkgs/nixos/modules/services/mail/mailman.nix>
|
services.mailman.ldap.bindDnService account to bind against.
Type: string
Example: "cn=root,dc=nixos,dc=org"
Declared by:
<nixpkgs/nixos/modules/services/mail/mailman.nix>
|
services.mailman.ldap.bindPasswordFilePath to the file containing the bind password of the service account
defined by services.mailman.ldap.bindDn.
Type: string
Example: "/run/secrets/ldap-bind"
Declared by:
<nixpkgs/nixos/modules/services/mail/mailman.nix>
|
services.mailman.ldap.groupSearch.ouOrganizational unit to look up a group.
Type: string
Example: "ou=groups,dc=nixos,dc=org"
Declared by:
<nixpkgs/nixos/modules/services/mail/mailman.nix>
|
services.mailman.ldap.groupSearch.queryQuery to find a group associated to a user in the LDAP database.
Type: string
Example: "(objectClass=groupOfNames)"
Declared by:
<nixpkgs/nixos/modules/services/mail/mailman.nix>
|
services.mailman.ldap.groupSearch.typeType of group to perform a group search against.
Type: one of "posixGroup", "groupOfNames", "memberDNGroup", "nestedMemberDNGroup", "nestedGroupOfNames", "groupOfUniqueNames", "nestedGroupOfUniqueNames", "activeDirectoryGroup", "nestedActiveDirectoryGroup", "organizationalRoleGroup", "nestedOrganizationalRoleGroup"
Default: "posixGroup"
Declared by:
<nixpkgs/nixos/modules/services/mail/mailman.nix>
|
services.mailman.ldap.serverUriLDAP host to connect against.
Type: string
Example: "ldaps://ldap.host"
Declared by:
<nixpkgs/nixos/modules/services/mail/mailman.nix>
|
services.mailman.ldap.superUserGroupGroup where a user must be a member of to gain superuser rights.
Type: null or string
Default: null
Example: "cn=admin,ou=groups,dc=nixos,dc=org"
Declared by:
<nixpkgs/nixos/modules/services/mail/mailman.nix>
|
services.mailman.ldap.userSearch.ouOrganizational unit to look up a user.
Type: string
Example: "ou=users,dc=nixos,dc=org"
Declared by:
<nixpkgs/nixos/modules/services/mail/mailman.nix>
|
services.mailman.ldap.userSearch.queryQuery to find a user in the LDAP database.
Type: string
Example: "(&(objectClass=inetOrgPerson)(|(uid=%(user)s)(mail=%(user)s)))"
Declared by:
<nixpkgs/nixos/modules/services/mail/mailman.nix>
|
services.mailman.restApiPassFilePath to the file containing the value for MAILMAN_REST_API_PASS.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/mail/mailman.nix>
|
services.mailman.serve.enableWhether to enable Automatic nginx and uwsgi setup for mailman-web.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/mail/mailman.nix>
|
services.mailman.serve.virtualRootPath to mount the mailman-web django application on.
Type: string
Default: "/"
Example: /lists
Declared by:
<nixpkgs/nixos/modules/services/mail/mailman.nix>
|
services.mailman.settingsSettings for mailman.cfg
Type: attribute set of attribute set of string
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/mail/mailman.nix>
|
services.mailman.siteOwnerCertain messages that must be delivered to a human, but which can't be delivered to a list owner (e.g. a bounce from a list owner), will be sent to this address. It should point to a human.
Type: string
Example: "postmaster@example.org"
Declared by:
<nixpkgs/nixos/modules/services/mail/mailman.nix>
|
services.mailman.webHostsThe list of hostnames and/or IP addresses from which the Mailman Web UI will accept requests. By default, "localhost" and "127.0.0.1" are enabled. All additional names under which your web server accepts requests for the UI must be listed here or incoming requests will be rejected.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/mail/mailman.nix>
|
services.mailman.webSettingsOverrides for the default mailman-web Django settings.
Type: attribute set
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/mail/mailman.nix>
|
services.mailman.webUserUser to run mailman-web as
Type: string
Default: "mailman-web"
Declared by:
<nixpkgs/nixos/modules/services/mail/mailman.nix>
|
services.malcontent.enableWhether to enable Malcontent, parental control support for applications.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/desktops/malcontent.nix>
|
services.mame.enableWhether to setup TUN/TAP Ethernet interface for MAME emulator.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/mame.nix>
|
services.mame.emuAddrIP address of the guest system. The same you set inside guest OS under
MAME. Should be on the same subnet as services.mame.hostAddr.
Type: string
Example: "192.168.31.155"
Declared by:
<nixpkgs/nixos/modules/services/misc/mame.nix>
|
services.mame.hostAddrIP address of the host system. Usually an address of the main network adapter or the adapter through which you get an internet connection.
Type: string
Example: "192.168.31.156"
Declared by:
<nixpkgs/nixos/modules/services/misc/mame.nix>
|
services.mame.userUser from which you run MAME binary.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/misc/mame.nix>
|
services.mastodon.enableWhether to enable Mastodon, a federated social network server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mastodon.nix>
|
services.mastodon.enableUnixSocketInstead of binding to an IP address like 127.0.0.1, you may bind to a Unix socket. This variable is process-specific, e.g. you need different values for every process, and it works for both web (Puma) processes and streaming API (Node.js) processes.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mastodon.nix>
|
services.mastodon.packageMastodon package to use.
Type: package
Default: pkgs.mastodon
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mastodon.nix>
|
services.mastodon.automaticMigrationsDo automatic database migrations.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mastodon.nix>
|
services.mastodon.configureNginxConfigure nginx as a reverse proxy for mastodon. Note that this makes some assumptions on your setup, and sets settings that will affect other virtualHosts running on your nginx instance, if any. Alternatively you can configure a reverse-proxy of your choice to serve these paths:
/ -> $(nix-instantiate --eval '<nixpkgs>' -A mastodon.outPath)/public
/ -> 127.0.0.1:{{ webPort }}(If there was no file in the directory above.)
/system/ -> /var/lib/mastodon/public-system/
/api/v1/streaming/ -> 127.0.0.1:{{ streamingPort }}
Make sure that websockets are forwarded properly. You might want to set up caching
of some requests. Take a look at mastodon's provided nginx configuration at
https://github.com/mastodon/mastodon/blob/master/dist/nginx.conf.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mastodon.nix>
|
services.mastodon.database.createLocallyConfigure local PostgreSQL database server for Mastodon.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mastodon.nix>
|
services.mastodon.database.hostDatabase host address or unix socket.
Type: string
Default: "/run/postgresql"
Example: "192.168.23.42"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mastodon.nix>
|
services.mastodon.database.nameDatabase name.
Type: string
Default: "mastodon"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mastodon.nix>
|
services.mastodon.database.passwordFileA file containing the password corresponding to
database.user.
Type: null or path
Default: null
Example: "/var/lib/mastodon/secrets/db-password"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mastodon.nix>
|
services.mastodon.database.portDatabase host port.
Type: null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
if config.services.mastodon.database.createLocally then null else 5432
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mastodon.nix>
|
services.mastodon.database.userDatabase user.
Type: string
Default: "mastodon"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mastodon.nix>
|
services.mastodon.elasticsearch.hostElasticsearch host. If it is not null, Elasticsearch full text search will be enabled.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mastodon.nix>
|
services.mastodon.elasticsearch.portElasticsearch port.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9200
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mastodon.nix>
|
services.mastodon.extraConfigExtra environment variables to pass to all mastodon services.
Type: attribute set
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mastodon.nix>
|
services.mastodon.groupGroup under which mastodon runs.
Type: string
Default: "mastodon"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mastodon.nix>
|
services.mastodon.localDomainThe domain serving your Mastodon instance.
Type: string
Example: "social.example.org"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mastodon.nix>
|
services.mastodon.mediaAutoRemove.enableAutomatically remove remote media attachments and preview cards older than the configured amount of days.
Recommended in https://docs.joinmastodon.org/admin/setup/.
Type: boolean
Default: true
Example: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mastodon.nix>
|
services.mastodon.mediaAutoRemove.olderThanDaysHow old remote media needs to be in order to be removed.
Type: signed integer
Default: 30
Example: 14
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mastodon.nix>
|
services.mastodon.mediaAutoRemove.startAtHow often to remove remote media.
The format is described in systemd.time(7).
Type: string
Default: "daily"
Example: "hourly"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mastodon.nix>
|
services.mastodon.otpSecretFilePath to file containing the OTP secret. A new OTP secret can be generated by running:
nix build -f '<nixpkgs>' mastodon; cd result; bin/rake secret
If this file does not exist, it will be created with a new OTP secret.
Type: string
Default: "/var/lib/mastodon/secrets/otp-secret"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mastodon.nix>
|
services.mastodon.redis.createLocallyConfigure local Redis server for Mastodon.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mastodon.nix>
|
services.mastodon.redis.hostRedis host.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mastodon.nix>
|
services.mastodon.redis.portRedis port.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 31637
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mastodon.nix>
|
services.mastodon.secretKeyBaseFilePath to file containing the secret key base. A new secret key base can be generated by running:
nix build -f '<nixpkgs>' mastodon; cd result; bin/rake secret
If this file does not exist, it will be created with a new secret key base.
Type: string
Default: "/var/lib/mastodon/secrets/secret-key-base"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mastodon.nix>
|
services.mastodon.sidekiqPortTCP port used by the mastodon-sidekiq service.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 55002
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mastodon.nix>
|
services.mastodon.sidekiqThreadsWorker threads used by the mastodon-sidekiq service.
Type: signed integer
Default: 25
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mastodon.nix>
|
services.mastodon.smtp.authenticateAuthenticate with the SMTP server using username and password.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mastodon.nix>
|
services.mastodon.smtp.createLocallyConfigure local Postfix SMTP server for Mastodon.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mastodon.nix>
|
services.mastodon.smtp.fromAddress"From" address used when sending Emails to users.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mastodon.nix>
|
services.mastodon.smtp.hostSMTP host used when sending emails to users.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mastodon.nix>
|
services.mastodon.smtp.passwordFilePath to file containing the SMTP password.
Type: null or path
Default: null
Example: "/var/lib/mastodon/secrets/smtp-password"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mastodon.nix>
|
services.mastodon.smtp.portSMTP port used when sending emails to users.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 25
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mastodon.nix>
|
services.mastodon.smtp.userSMTP login name.
Type: null or string
Default: null
Example: "mastodon@example.com"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mastodon.nix>
|
services.mastodon.streamingPortTCP port used by the mastodon-streaming service.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 55000
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mastodon.nix>
|
services.mastodon.streamingProcessesProcesses used by the mastodon-streaming service. Defaults to the number of CPU cores minus one.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mastodon.nix>
|
services.mastodon.trustedProxyYou need to set it to the IP from which your reverse proxy sends requests to Mastodon's web process, otherwise Mastodon will record the reverse proxy's own IP as the IP of all requests, which would be bad because IP addresses are used for important rate limits and security functions.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mastodon.nix>
|
services.mastodon.userUser under which mastodon runs. If it is set to "mastodon",
that user will be created, otherwise it should be set to the
name of a user created elsewhere.
In both cases, the mastodon package will be added to the user's package set
and a tootctl wrapper to system packages that switches to the configured account
and load the right environment.
Type: string
Default: "mastodon"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mastodon.nix>
|
services.mastodon.vapidPrivateKeyFilePath to file containing the private key used for Web Push Voluntary Application Server Identification. A new keypair can be generated by running:
nix build -f '<nixpkgs>' mastodon; cd result; bin/rake webpush:generate_keys
If this file does not exist, it will be created with a new private key.
Type: string
Default: "/var/lib/mastodon/secrets/vapid-private-key"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mastodon.nix>
|
services.mastodon.vapidPublicKeyFilePath to file containing the public key used for Web Push Voluntary Application Server Identification. A new keypair can be generated by running:
nix build -f '<nixpkgs>' mastodon; cd result; bin/rake webpush:generate_keys
If mastodon.vapidPrivateKeyFiledoes not
exist, it and this file will be created with a new keypair.
Type: string
Default: "/var/lib/mastodon/secrets/vapid-public-key"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mastodon.nix>
|
services.mastodon.webPortTCP port used by the mastodon-web service.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 55001
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mastodon.nix>
|
services.mastodon.webProcessesProcesses used by the mastodon-web service.
Type: signed integer
Default: 2
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mastodon.nix>
|
services.mastodon.webThreadsThreads per process used by the mastodon-web service.
Type: signed integer
Default: 5
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mastodon.nix>
|
services.matomo.enableEnable Matomo web analytics with php-fpm backend. Either the nginx option or the webServerUser option is mandatory.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
|
services.matomo.packageMatomo package for the service to use. This can be used to point to newer releases from nixos-unstable, as they don't get backported if they are not security-relevant.
Type: package
Default: pkgs.matomo
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
|
services.matomo.hostnameURL of the host, without https prefix. You may want to change it if you run Matomo on a different URL than matomo.yourdomain.
Type: string
Default:
"matomo.${config.networking.fqdnOrHostName}"
Example: "matomo.yourdomain.org"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
|
services.matomo.nginxWith this option, you can customize an nginx virtualHost which already has sensible defaults for Matomo.
Either this option or the webServerUser option is mandatory.
Set this to {} to just enable the virtualHost if you don't need any customization.
If enabled, then by default, the serverName is
${user}.${config.networking.hostName}.${config.networking.domain},
SSL is active, and certificates are acquired via ACME.
If this is set to null (the default), no nginx virtualHost will be configured.
Type: null or (submodule)
Default: null
Example:
{
serverAliases = [
"matomo.${config.networking.domain}"
"stats.${config.networking.domain}"
];
enableACME = false;
}
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
|
services.matomo.nginx.enableACMEWhether to ask Let's Encrypt to sign a certificate for this vhost.
Alternately, you can use an existing certificate through useACMEHost.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
|
services.matomo.nginx.acmeFallbackHostHost which to proxy requests to if ACME challenge is not found. Useful if you want multiple hosts to be able to verify the same domain name.
With this option, you could request certificates for the present domain with an ACME client that is running on another host, which you would specify here.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
|
services.matomo.nginx.acmeRootDirectory for the ACME challenge, which is public. Don't put certs or keys in here. Set to null to inherit from config.security.acme.
Type: null or string
Default: "/var/lib/acme/acme-challenge"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
|
services.matomo.nginx.addSSLWhether to enable HTTPS in addition to plain HTTP. This will set defaults for
listen to listen on all interfaces on the respective default
ports (80, 443).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
|
services.matomo.nginx.basicAuthBasic Auth protection for a vhost.
WARNING: This is implemented to store the password in plain text in the Nix store.
Type: attribute set of string
Default: { }
Example:
{
user = "password";
};
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
|
services.matomo.nginx.basicAuthFileBasic Auth password file for a vhost. Can be created via: htpasswd -c <filename> <username>.
WARNING: The generate file contains the users' passwords in a non-cryptographically-securely hashed way.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
|
services.matomo.nginx.defaultMakes this vhost the default.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
|
services.matomo.nginx.extraConfigThese lines go to the end of the vhost verbatim.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
|
services.matomo.nginx.forceSSLWhether to add a separate nginx server block that permanently redirects (301)
all plain HTTP traffic to HTTPS. This will set defaults for
listen to listen on all interfaces on the respective default
ports (80, 443), where the non-SSL listens are used for the redirect vhosts.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
|
services.matomo.nginx.globalRedirectIf set, all requests for this host are redirected permanently to the given hostname.
Type: null or string
Default: null
Example: "newserver.example.org"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
|
services.matomo.nginx.http2Whether to enable HTTP 2. Note that (as of writing) due to nginx's implementation, to disable HTTP 2 you have to disable it on all vhosts that use a given IP address / port. If there is one server block configured to enable http2,then it is enabled for all server blocks on this IP. See https://stackoverflow.com/a/39466948/263061.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
|
services.matomo.nginx.http3Whether to enable HTTP 3.
This requires using pkgs.nginxQuic package
which can be achieved by setting services.nginx.package = pkgs.nginxQuic;.
Note that HTTP 3 support is experimental and
not yet recommended for production.
Read more at https://quic.nginx.org/
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
|
services.matomo.nginx.kTLSWhether to enable kTLS support. Implementing TLS in the kernel (kTLS) improves performance by significantly reducing the need for copying operations between user space and the kernel. Required Nginx version 1.21.4 or later.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
|
services.matomo.nginx.listenListen addresses and ports for this virtual host.
IPv6 addresses must be enclosed in square brackets.
Note: this option overrides addSSL
and onlySSL.
If you only want to set the addresses manually and not
the ports, take a look at listenAddresses
Type: list of (submodule)
Default: [ ]
Example:
[
{
addr = "195.154.1.1";
port = 443;
ssl = true;
}
{
addr = "192.154.1.1";
port = 80;
}
]Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
|
services.matomo.nginx.listen.*.addrIP address.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
|
services.matomo.nginx.listen.*.extraParametersExtra parameters of this listen directive.
Type: list of string
Default: [ ]
Example:
[ "backlog=1024" "deferred" ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
|
services.matomo.nginx.listen.*.portPort number.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 80
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
|
services.matomo.nginx.listen.*.sslEnable SSL.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
|
services.matomo.nginx.listenAddressesListen addresses for this virtual host.
Compared to listen this only sets the addresses
and the ports are chosen automatically.
Note: This option overrides enableIPv6
Type: list of string
Default: [ ]
Example:
[ "127.0.0.1" "[::1]" ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
|
services.matomo.nginx.locationsDeclarative location config
Type: attribute set of (submodule)
Default: { }
Example:
{
"/" = {
proxyPass = "http://localhost:3000";
};
};
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
|
services.matomo.nginx.locations.<name>.aliasAlias directory for requests.
Type: null or path
Default: null
Example: "/your/alias/directory"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
|
services.matomo.nginx.locations.<name>.basicAuthBasic Auth protection for a vhost.
WARNING: This is implemented to store the password in plain text in the Nix store.
Type: attribute set of string
Default: { }
Example:
{
user = "password";
};
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
|
services.matomo.nginx.locations.<name>.basicAuthFileBasic Auth password file for a vhost. Can be created via: htpasswd -c <filename> <username>.
WARNING: The generate file contains the users' passwords in a non-cryptographically-securely hashed way.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
|
services.matomo.nginx.locations.<name>.extraConfigThese lines go to the end of the location verbatim.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
|
services.matomo.nginx.locations.<name>.fastcgiParamsFastCGI parameters to override. Unlike in the Nginx configuration file, overriding only some default parameters won't unset the default values for other parameters.
Type: attribute set of (string or path)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
|
services.matomo.nginx.locations.<name>.indexAdds index directive.
Type: null or string
Default: null
Example: "index.php index.html"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
|
services.matomo.nginx.locations.<name>.priorityOrder of this location block in relation to the others in the vhost.
The semantics are the same as with lib.mkOrder. Smaller values have
a greater priority.
Type: signed integer
Default: 1000
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
|
services.matomo.nginx.locations.<name>.proxyPassAdds proxy_pass directive and sets recommended proxy headers if recommendedProxySettings is enabled.
Type: null or string
Default: null
Example: "http://www.example.org/"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
|
services.matomo.nginx.locations.<name>.proxyWebsocketsWhether to support proxying websocket connections with HTTP/1.1.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
|
services.matomo.nginx.locations.<name>.recommendedProxySettingsEnable recommended proxy settings.
Type: boolean
Default: config.services.nginx.recommendedProxySettings
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
|
services.matomo.nginx.locations.<name>.returnAdds a return directive, for e.g. redirections.
Type: null or string
Default: null
Example: "301 http://example.com$request_uri"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
|
services.matomo.nginx.locations.<name>.rootRoot directory for requests.
Type: null or path
Default: null
Example: "/your/root/directory"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
|
services.matomo.nginx.locations.<name>.tryFilesAdds try_files directive.
Type: null or string
Default: null
Example: "$uri =404"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
|
services.matomo.nginx.onlySSLWhether to enable HTTPS and reject plain HTTP connections. This will set
defaults for listen to listen on all interfaces on port 443.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
|
services.matomo.nginx.rejectSSLWhether to listen for and reject all HTTPS connections to this vhost. Useful in
default
server blocks to avoid serving the certificate for another vhost. Uses the
ssl_reject_handshake directive available in nginx versions
1.19.4 and above.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
|
services.matomo.nginx.reuseportCreate an individual listening socket . It is required to specify only once on one of the hosts.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
|
services.matomo.nginx.rootThe path of the web root directory.
Type: null or path
Default: null
Example: "/data/webserver/docs"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
|
services.matomo.nginx.serverAliasesAdditional names of virtual hosts served by this virtual host configuration.
Type: list of string
Default: [ ]
Example:
[ "www.example.org" "example.org" ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
|
services.matomo.nginx.serverNameName of this virtual host. Defaults to attribute name in virtualHosts.
Type: null or string
Default: null
Example: "example.org"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
|
services.matomo.nginx.sslCertificatePath to server SSL certificate.
Type: path
Example: "/var/host.cert"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
|
services.matomo.nginx.sslCertificateKeyPath to server SSL certificate key.
Type: path
Example: "/var/host.key"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
|
services.matomo.nginx.sslTrustedCertificatePath to root SSL certificate for stapling and client certificates.
Type: null or path
Default: null
Example: "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
|
services.matomo.nginx.useACMEHostA host of an existing Let's Encrypt certificate to use.
This is useful if you have many subdomains and want to avoid hitting the
rate limit.
Alternately, you can generate a certificate through enableACME.
Note that this option does not create any certificates, nor it does add subdomains to existing ones – you will need to create them manually using security.acme.certs.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
|
services.matomo.periodicArchiveProcessingEnable periodic archive processing, which generates aggregated reports from the visits.
This means that you can safely disable browser triggers for Matomo archiving,
and safely enable to delete old visitor logs.
Before deleting visitor logs,
make sure though that you run systemctl start matomo-archive-processing.service
at least once without errors if you have already collected data before.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
|
services.matomo.webServerUserName of the web server user that forwards requests to services.phpfpm.pools.<name>.socket the fastcgi socket for Matomo if the nginx
option is not used. Either this option or the nginx option is mandatory.
If you want to use another webserver than nginx, you need to set this to that server's user
and pass fastcgi requests to index.php, matomo.php and piwik.php (legacy name) to this socket.
Type: null or string
Default: null
Example: "lighttpd"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/matomo.nix>
|
services.matrix-appservice-discord.enableWhether to enable a bridge between Matrix and Discord.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/matrix/appservice-discord.nix>
|
services.matrix-appservice-discord.environmentFileFile containing environment variables to be passed to the matrix-appservice-discord service,
in which secret tokens can be specified securely by defining values for
APPSERVICE_DISCORD_AUTH_CLIENT_I_D and
APPSERVICE_DISCORD_AUTH_BOT_TOKEN.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/matrix/appservice-discord.nix>
|
services.matrix-appservice-discord.localpartThe user_id localpart to assign to the AS.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/matrix/appservice-discord.nix>
|
services.matrix-appservice-discord.portPort number on which the bridge should listen for internal communication with the Matrix homeserver.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9005
Declared by:
<nixpkgs/nixos/modules/services/matrix/appservice-discord.nix>
|
services.matrix-appservice-discord.serviceDependenciesList of Systemd services to require and wait for when starting the application service, such as the Matrix homeserver if it's running on the same host.
Type: list of string
Default:
optional config.services.matrix-synapse.enable "matrix-synapse.service"
Declared by:
<nixpkgs/nixos/modules/services/matrix/appservice-discord.nix>
|
services.matrix-appservice-discord.settingsconfig.yaml configuration as a Nix attribute set.
Configuration options should match those described in config.sample.yaml.
config.bridge.domain and config.bridge.homeserverUrl
should be set to match the public host name of the Matrix homeserver for webhooks and avatars to work.
Secret tokens should be specified using environmentFile
instead of this world-readable attribute set.
Type: attribute set
Default:
{
auth = {
botToken = "";
clientID = "";
};
database = {
filename = "/var/lib/matrix-appservice-discord/discord.db";
};
}Example:
{
bridge = {
domain = "public-domain.tld";
homeserverUrl = "http://public-domain.tld:8008";
};
}
Declared by:
<nixpkgs/nixos/modules/services/matrix/appservice-discord.nix>
|
services.matrix-appservice-discord.urlThe URL where the application service is listening for HS requests.
Type: string
Default: "http://localhost:${toString config.services.matrix-appservice-discord.port}"
Declared by:
<nixpkgs/nixos/modules/services/matrix/appservice-discord.nix>
|
services.matrix-appservice-irc.enableWhether to enable the Matrix/IRC bridge.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/matrix/appservice-irc.nix>
|
services.matrix-appservice-irc.localpartThe user_id localpart to assign to the appservice
Type: string
Default: "appservice-irc"
Declared by:
<nixpkgs/nixos/modules/services/matrix/appservice-irc.nix>
|
services.matrix-appservice-irc.needBindingCapWhether the daemon needs to bind to ports below 1024 (e.g. for the ident service)
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/matrix/appservice-irc.nix>
|
services.matrix-appservice-irc.passwordEncryptionKeyLengthLength of the key to encrypt IRC passwords with
Type: unsigned integer, meaning >=0
Default: 4096
Example: 8192
Declared by:
<nixpkgs/nixos/modules/services/matrix/appservice-irc.nix>
|
services.matrix-appservice-irc.portThe port to listen on
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8009
Declared by:
<nixpkgs/nixos/modules/services/matrix/appservice-irc.nix>
|
services.matrix-appservice-irc.registrationUrlThe URL where the application service is listening for homeserver requests, from the Matrix homeserver perspective.
Type: string
Example: "http://localhost:8009"
Declared by:
<nixpkgs/nixos/modules/services/matrix/appservice-irc.nix>
|
services.matrix-appservice-irc.settingsConfiguration for the appservice, see https://github.com/matrix-org/matrix-appservice-irc/blob/0.36.0/config.sample.yaml for supported values
Type: JSON value
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/matrix/appservice-irc.nix>
|
services.matrix-appservice-irc.settings.databaseConfiguration for the database
Type: JSON value
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/matrix/appservice-irc.nix>
|
services.matrix-appservice-irc.settings.database.connectionStringThe database connection string
Type: string
Default: "nedb://var/lib/matrix-appservice-irc/data"
Example: "postgres://username:password@host:port/databasename"
Declared by:
<nixpkgs/nixos/modules/services/matrix/appservice-irc.nix>
|
services.matrix-appservice-irc.settings.database.engineWhich database engine to use
Type: string
Default: "nedb"
Example: "postgres"
Declared by:
<nixpkgs/nixos/modules/services/matrix/appservice-irc.nix>
|
services.matrix-appservice-irc.settings.homeserverHomeserver configuration
Type: JSON value
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/matrix/appservice-irc.nix>
|
services.matrix-appservice-irc.settings.homeserver.domainThe 'domain' part for user IDs on this home server. Usually (but not always) is the "domain name" part of the homeserver URL.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/matrix/appservice-irc.nix>
|
services.matrix-appservice-irc.settings.homeserver.urlThe URL to the home server for client-server API calls
Type: string
Declared by:
<nixpkgs/nixos/modules/services/matrix/appservice-irc.nix>
|
services.matrix-appservice-irc.settings.ircServiceIRC bridge configuration
Type: JSON value
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/matrix/appservice-irc.nix>
|
services.matrix-appservice-irc.settings.ircService.passwordEncryptionKeyPathLocation of the key with which IRC passwords are encrypted for storage. Will be generated on first run if not present.
Type: string
Default: "/var/lib/matrix-appservice-irc/passkey.pem"
Declared by:
<nixpkgs/nixos/modules/services/matrix/appservice-irc.nix>
|
services.matrix-appservice-irc.settings.ircService.serversIRC servers to connect to
Type: JSON value
Declared by:
<nixpkgs/nixos/modules/services/matrix/appservice-irc.nix>
|
services.matrix-conduit.enableWhether to enable matrix-conduit.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/matrix/conduit.nix>
|
services.matrix-conduit.packagePackage of the conduit matrix server to use.
Type: package
Default: pkgs.matrix-conduit
Declared by:
<nixpkgs/nixos/modules/services/matrix/conduit.nix>
|
services.matrix-conduit.extraEnvironmentExtra Environment variables to pass to the conduit server.
Type: attribute set of string
Default: { }
Example:
{
RUST_BACKTRACE = "yes";
}Declared by:
<nixpkgs/nixos/modules/services/matrix/conduit.nix>
|
services.matrix-conduit.settingsGenerates the conduit.toml configuration file. Refer to https://gitlab.com/famedly/conduit/-/blob/master/conduit-example.toml for details on supported values. Note that database_path can not be edited because the service's reliance on systemd StateDir.
Type: TOML value
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/matrix/conduit.nix>
|
services.matrix-conduit.settings.global.addressAddress to listen on for connections by the reverse proxy/tls terminator.
Type: string
Default: "::1"
Declared by:
<nixpkgs/nixos/modules/services/matrix/conduit.nix>
|
services.matrix-conduit.settings.global.allow_encryptionWhether new encrypted rooms can be created. Note: existing rooms will continue to work.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/matrix/conduit.nix>
|
services.matrix-conduit.settings.global.allow_federationWhether this server federates with other servers.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/matrix/conduit.nix>
|
services.matrix-conduit.settings.global.allow_registrationWhether new users can register on this server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/matrix/conduit.nix>
|
services.matrix-conduit.settings.global.database_backendThe database backend for the service. Switching it on an existing instance will require manual migration of data.
Type: one of "sqlite", "rocksdb"
Default: "sqlite"
Example: "rocksdb"
Declared by:
<nixpkgs/nixos/modules/services/matrix/conduit.nix>
|
services.matrix-conduit.settings.global.database_pathPath to the conduit database, the directory where conduit will save its data. Note that due to using the DynamicUser feature of systemd, this value should not be changed and is set to be read only.
Type: string (read only)
Default: "/var/lib/matrix-conduit/"
Declared by:
<nixpkgs/nixos/modules/services/matrix/conduit.nix>
|
services.matrix-conduit.settings.global.max_request_sizeMax request size in bytes. Don't forget to also change it in the proxy.
Type: positive integer, meaning >0
Default: 20000000
Declared by:
<nixpkgs/nixos/modules/services/matrix/conduit.nix>
|
services.matrix-conduit.settings.global.portThe port Conduit will be running on. You need to set up a reverse proxy in your web server (e.g. apache or nginx), so all requests to /_matrix on port 443 and 8448 will be forwarded to the Conduit instance running on this port
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 6167
Declared by:
<nixpkgs/nixos/modules/services/matrix/conduit.nix>
|
services.matrix-conduit.settings.global.server_nameThe server_name is the name of this server. It is used as a suffix for user # and room ids.
Type: string
Example: "example.com"
Declared by:
<nixpkgs/nixos/modules/services/matrix/conduit.nix>
|
services.matrix-conduit.settings.global.trusted_serversServers trusted with signing server keys.
Type: list of string
Default:
[ "matrix.org" ]
Declared by:
<nixpkgs/nixos/modules/services/matrix/conduit.nix>
|
services.matrix-synapse.enableWhether to enable matrix.org synapse.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/matrix/synapse.nix>
|
services.matrix-synapse.packageOverridable attribute of the matrix synapse server package to use.
Type: package
Default: pkgs.matrix-synapse
Declared by:
<nixpkgs/nixos/modules/services/matrix/synapse.nix>
|
services.matrix-synapse.configFilePath to the configuration file on the target system. Useful to configure e.g. workers that also need this.
Type: path (read only)
Declared by:
<nixpkgs/nixos/modules/services/matrix/synapse.nix>
|
services.matrix-synapse.dataDirThe directory where matrix-synapse stores its stateful data such as certificates, media and uploads.
Type: string
Default: "/var/lib/matrix-synapse"
Declared by:
<nixpkgs/nixos/modules/services/matrix/synapse.nix>
|
services.matrix-synapse.extraConfigFilesExtra config files to include.
The configuration files will be included based on the command line argument --config-path. This allows to configure secrets without having to go through the Nix store, e.g. based on deployment keys if NixOps is in use.
Type: list of path
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/matrix/synapse.nix>
|
services.matrix-synapse.pluginsList of additional Matrix plugins to make available.
Type: list of package
Default: [ ]
Example:
with config.services.matrix-synapse.package.plugins; [ matrix-synapse-ldap3 matrix-synapse-pam ];
Declared by:
<nixpkgs/nixos/modules/services/matrix/synapse.nix>
|
services.matrix-synapse.settingsThe primary synapse configuration. See the sample configuration for possible values.
Secrets should be passed in by using the extraConfigFiles option.
Type: YAML value
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/matrix/synapse.nix>
|
services.matrix-synapse.settings.enable_metricsEnable collection and rendering of performance metrics
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/matrix/synapse.nix>
|
services.matrix-synapse.settings.enable_registrationEnable registration for new users.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/matrix/synapse.nix>
|
services.matrix-synapse.settings.app_service_config_filesA list of application service config file to use
Type: list of path
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/matrix/synapse.nix>
|
services.matrix-synapse.settings.database.args.databaseName of the database when using the psycopg2 backend, path to the database location when using sqlite3.
Type: string
Default:
{
sqlite3 = "${services.matrix-synapse.dataDir}/homeserver.db";
psycopg2 = "matrix-synapse";
}.${services.matrix-synapse.settings.database.name};
Declared by:
<nixpkgs/nixos/modules/services/matrix/synapse.nix>
|
services.matrix-synapse.settings.database.args.userUsername to connect with psycopg2, set to null when using sqlite3.
Type: null or string
Default: "matrix-synapse"
Declared by:
<nixpkgs/nixos/modules/services/matrix/synapse.nix>
|
services.matrix-synapse.settings.database.nameThe database engine name. Can be sqlite3 or psycopg2.
Type: one of "sqlite3", "psycopg2"
Default:
if versionAtLeast config.system.stateVersion "18.03" then "psycopg2" else "sqlite3"
Declared by:
<nixpkgs/nixos/modules/services/matrix/synapse.nix>
|
services.matrix-synapse.settings.dynamic_thumbnailsWhether to generate new thumbnails on the fly to precisely match the resolution requested by the client. If true then whenever a new resolution is requested by the client the server will generate a new thumbnail. If false the server will pick a thumbnail from a precalculated list.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/matrix/synapse.nix>
|
services.matrix-synapse.settings.listenersList of ports that Synapse should listen on, their purpose and their configuration.
Type: list of (submodule)
Default:
[
{
bind_addresses = [
"127.0.0.1"
];
port = 8008;
resources = [
{
compress = true;
names = [
"client"
];
}
{
compress = false;
names = [
"federation"
];
}
];
tls = false;
type = "http";
x_forwarded = true;
}
]Declared by:
<nixpkgs/nixos/modules/services/matrix/synapse.nix>
|
services.matrix-synapse.settings.listeners.*.bind_addressesIP addresses to bind the listener to.
Type: list of string
Default:
[ "::1" "127.0.0.1" ]
Example:
[ "::" "0.0.0.0" ]
Declared by:
<nixpkgs/nixos/modules/services/matrix/synapse.nix>
|
services.matrix-synapse.settings.listeners.*.portThe port to listen for HTTP(S) requests on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Example: 8448
Declared by:
<nixpkgs/nixos/modules/services/matrix/synapse.nix>
|
services.matrix-synapse.settings.listeners.*.resourcesList of HTTP resources to serve on this listener.
Type: list of (submodule)
Declared by:
<nixpkgs/nixos/modules/services/matrix/synapse.nix>
|
services.matrix-synapse.settings.listeners.*.resources.*.compressShould synapse compress HTTP responses to clients that support it? This should be disabled if running synapse behind a load balancer that can do automatic compression.
Type: boolean
Declared by:
<nixpkgs/nixos/modules/services/matrix/synapse.nix>
|
services.matrix-synapse.settings.listeners.*.resources.*.namesList of resources to host on this listener.
Type: list of (one of "client", "consent", "federation", "keys", "media", "metrics", "openid", "replication", "static")
Example:
[ "client" ]
Declared by:
<nixpkgs/nixos/modules/services/matrix/synapse.nix>
|
services.matrix-synapse.settings.listeners.*.tlsWhether to enable TLS on the listener socket.
Type: boolean
Default: true
Example: false
Declared by:
<nixpkgs/nixos/modules/services/matrix/synapse.nix>
|
services.matrix-synapse.settings.listeners.*.typeThe type of the listener, usually http.
Type: one of "http", "manhole", "metrics", "replication"
Default: "http"
Example: "metrics"
Declared by:
<nixpkgs/nixos/modules/services/matrix/synapse.nix>
|
services.matrix-synapse.settings.listeners.*.x_forwardedUse the X-Forwarded-For (XFF) header as the client IP and not the actual client IP.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/matrix/synapse.nix>
|
services.matrix-synapse.settings.log_configThe file that holds the logging configuration.
Type: path
Default: nixos/modules/services/matrix/synapse-log_config.yaml
Declared by:
<nixpkgs/nixos/modules/services/matrix/synapse.nix>
|
services.matrix-synapse.settings.macaroon_secret_keySecret key for authentication tokens. If none is specified, the registration_shared_secret is used, if one is given; otherwise, a secret key is derived from the signing key.
Secrets should be passed in via extraConfigFiles!
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/matrix/synapse.nix>
|
services.matrix-synapse.settings.max_image_pixelsMaximum number of pixels that will be thumbnailed
Type: string
Default: "32M"
Example: "64M"
Declared by:
<nixpkgs/nixos/modules/services/matrix/synapse.nix>
|
services.matrix-synapse.settings.max_upload_sizeThe largest allowed upload size in bytes
Type: string
Default: "50M"
Example: "100M"
Declared by:
<nixpkgs/nixos/modules/services/matrix/synapse.nix>
|
services.matrix-synapse.settings.media_store_pathDirectory where uploaded images and attachments are stored.
Type: path
Default: "/var/lib/matrix-synapse/media_store for when system.stateVersion is at least 22.05, /var/lib/matrix-synapse/media when lower than 22.05"
Declared by:
<nixpkgs/nixos/modules/services/matrix/synapse.nix>
|
services.matrix-synapse.settings.pid_fileThe file to store the PID in.
Type: path (read only)
Default: "/run/matrix-synapse.pid"
Declared by:
<nixpkgs/nixos/modules/services/matrix/synapse.nix>
|
services.matrix-synapse.settings.presence.enabledWhether to enable presence tracking.
Presence tracking allows users to see the state (e.g online/offline) of other local and remote users.
Type: boolean
Default: true
Example: false
Declared by:
<nixpkgs/nixos/modules/services/matrix/synapse.nix>
|
services.matrix-synapse.settings.public_baseurlThe public-facing base URL for the client API (not including _matrix/...)
Type: null or string
Default: null
Example: "https://example.com:8448/"
Declared by:
<nixpkgs/nixos/modules/services/matrix/synapse.nix>
|
services.matrix-synapse.settings.registration_shared_secretIf set, allows registration by anyone who also has the shared secret, even if registration is otherwise disabled.
Secrets should be passed in via extraConfigFiles!
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/matrix/synapse.nix>
|
services.matrix-synapse.settings.report_statsWhether or not to report anonymized homeserver usage statistics.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/matrix/synapse.nix>
|
services.matrix-synapse.settings.server_nameThe domain name of the server, with optional explicit port. This is used by remote servers to look up the server address. This is also the last part of your UserID.
The server_name cannot be changed later so it is important to configure this correctly before you start Synapse.
Type: string
Default: config.networking.hostName
Example: "example.com"
Declared by:
<nixpkgs/nixos/modules/services/matrix/synapse.nix>
|
services.matrix-synapse.settings.signing_key_pathPath to the signing key to sign messages with.
Type: path
Default: "/var/lib/matrix-synapse/homeserver.signing.key"
Declared by:
<nixpkgs/nixos/modules/services/matrix/synapse.nix>
|
services.matrix-synapse.settings.tls_certificate_pathPEM encoded X509 certificate for TLS. You can replace the self-signed certificate that synapse autogenerates on launch with your own SSL certificate + key pair if you like. Any required intermediary certificates can be appended after the primary certificate in hierarchical order.
Type: null or string
Default: null
Example: "/var/lib/acme/example.com/fullchain.pem"
Declared by:
<nixpkgs/nixos/modules/services/matrix/synapse.nix>
|
services.matrix-synapse.settings.tls_private_key_pathPEM encoded private key for TLS. Specify null if synapse is not speaking TLS directly.
Type: null or string
Default: null
Example: "/var/lib/acme/example.com/key.pem"
Declared by:
<nixpkgs/nixos/modules/services/matrix/synapse.nix>
|
services.matrix-synapse.settings.trusted_key_serversThe trusted servers to download signing keys from.
Type: list of (submodule)
Default:
[
{
server_name = "matrix.org";
verify_keys = {
"ed25519:auto" = "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw";
};
}
]Declared by:
<nixpkgs/nixos/modules/services/matrix/synapse.nix>
|
services.matrix-synapse.settings.trusted_key_servers.*.server_nameHostname of the trusted server.
Type: string
Example: "matrix.org"
Declared by:
<nixpkgs/nixos/modules/services/matrix/synapse.nix>
|
services.matrix-synapse.settings.trusted_key_servers.*.verify_keysAttribute set from key id to base64 encoded public key.
If specified synapse will check that the response is signed by at least one of the given keys.
Type: null or (attribute set of string)
Default: null
Example:
{
"ed25519:auto" = "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw";
}
Declared by:
<nixpkgs/nixos/modules/services/matrix/synapse.nix>
|
services.matrix-synapse.settings.turn_shared_secretThe shared secret used to compute passwords for the TURN server.
Secrets should be passed in via extraConfigFiles!
Type: string
Default: ""
Example:
config.services.coturn.static-auth-secret
Declared by:
<nixpkgs/nixos/modules/services/matrix/synapse.nix>
|
services.matrix-synapse.settings.turn_urisThe public URIs of the TURN server to give to clients
Type: list of string
Default: [ ]
Example:
[ "turn:turn.example.com:3487?transport=udp" "turn:turn.example.com:3487?transport=tcp" "turns:turn.example.com:5349?transport=udp" "turns:turn.example.com:5349?transport=tcp" ]
Declared by:
<nixpkgs/nixos/modules/services/matrix/synapse.nix>
|
services.matrix-synapse.settings.url_preview_enabledIs the preview URL API enabled? If enabled, you must specify an explicit url_preview_ip_range_blacklist of IPs that the spider is denied from accessing.
Type: boolean
Default: true
Example: false
Declared by:
<nixpkgs/nixos/modules/services/matrix/synapse.nix>
|
services.matrix-synapse.settings.url_preview_ip_range_blacklistList of IP address CIDR ranges that the URL preview spider is denied from accessing.
Type: list of string
Default:
[ "10.0.0.0/8" "100.64.0.0/10" "127.0.0.0/8" "169.254.0.0/16" "172.16.0.0/12" "192.0.0.0/24" "192.0.2.0/24" "192.168.0.0/16" "192.88.99.0/24" "198.18.0.0/15" "198.51.100.0/24" "2001:db8::/32" "203.0.113.0/24" "224.0.0.0/4" "::1/128" "fc00::/7" "fe80::/10" "fec0::/10" "ff00::/8" ]
Declared by:
<nixpkgs/nixos/modules/services/matrix/synapse.nix>
|
services.matrix-synapse.settings.url_preview_ip_range_whitelistList of IP address CIDR ranges that the URL preview spider is allowed to access even if they are specified in url_preview_ip_range_blacklist.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/matrix/synapse.nix>
|
services.matrix-synapse.settings.url_preview_url_blacklistOptional list of URL matches that the URL preview spider is denied from accessing.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/matrix/synapse.nix>
|
services.matrix-synapse.withJemallocWhether to preload jemalloc to reduce memory fragmentation and overall usage.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/matrix/synapse.nix>
|
services.matterbridge.enableWhether to enable Matterbridge chat platform bridge.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/matterbridge.nix>
|
services.matterbridge.configFileWARNING: THIS IS INSECURE, as your password will end up in
/nix/store, thus publicly readable. Use
services.matterbridge.configPath instead.
The matterbridge configuration file in the TOML file format.
Type: string
Example:
''
# WARNING: as this file contains credentials, do not use this option!
# It is kept only for backwards compatibility, and would cause your
# credentials to be in the nix-store, thus with the world-readable
# permission bits.
# Use services.matterbridge.configPath instead.
[irc]
[irc.libera]
Server="irc.libera.chat:6667"
Nick="matterbot"
[mattermost]
[mattermost.work]
# Do not prefix it with http:// or https://
Server="yourmattermostserver.domain"
Team="yourteam"
Login="yourlogin"
Password="yourpass"
PrefixMessagesWithNick=true
[[gateway]]
name="gateway1"
enable=true
[[gateway.inout]]
account="irc.libera"
channel="#testing"
[[gateway.inout]]
account="mattermost.work"
channel="off-topic"
''Declared by:
<nixpkgs/nixos/modules/services/networking/matterbridge.nix>
|
services.matterbridge.configPathThe path to the matterbridge configuration file.
Type: null or string
Default: null
Example: "/etc/nixos/matterbridge.toml"
Declared by:
<nixpkgs/nixos/modules/services/networking/matterbridge.nix>
|
services.matterbridge.groupGroup which runs the matterbridge service.
Type: string
Default: "matterbridge"
Declared by:
<nixpkgs/nixos/modules/services/networking/matterbridge.nix>
|
services.matterbridge.userUser which runs the matterbridge service.
Type: string
Default: "matterbridge"
Declared by:
<nixpkgs/nixos/modules/services/networking/matterbridge.nix>
|
services.mattermost.enableWhether to enable Mattermost chat server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mattermost.nix>
|
services.mattermost.packageMattermost derivation to use.
Type: package
Default: pkgs.mattermost
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mattermost.nix>
|
services.mattermost.extraConfigAdditional configuration options as Nix attribute set in config.json schema.
Type: attribute set
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mattermost.nix>
|
services.mattermost.groupGroup which runs the Mattermost service.
Type: string
Default: "mattermost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mattermost.nix>
|
services.mattermost.listenAddressAddress and port this Mattermost instance listens to.
Type: string
Default: ":8065"
Example: "[::1]:8065"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mattermost.nix>
|
services.mattermost.localDatabaseCreateCreate a local PostgreSQL database for Mattermost automatically.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mattermost.nix>
|
services.mattermost.localDatabaseNameLocal Mattermost database name.
Type: string
Default: "mattermost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mattermost.nix>
|
services.mattermost.localDatabasePasswordPassword for local Mattermost database user.
Type: string
Default: "mmpgsecret"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mattermost.nix>
|
services.mattermost.localDatabaseUserLocal Mattermost database username.
Type: string
Default: "mattermost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mattermost.nix>
|
services.mattermost.matterircd.enableWhether to enable Mattermost IRC bridge.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mattermost.nix>
|
services.mattermost.matterircd.packagematterircd derivation to use.
Type: package
Default: pkgs.matterircd
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mattermost.nix>
|
services.mattermost.matterircd.parametersSet commandline parameters to pass to matterircd. See https://github.com/42wim/matterircd#usage for more information.
Type: list of string
Default: [ ]
Example:
[ "-mmserver chat.example.com" "-bind [::]:6667" ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mattermost.nix>
|
services.mattermost.mutableConfigWhether the Mattermost config.json is writeable by Mattermost.
Most of the settings can be edited in the system console of Mattermost if this option is enabled. A template config using the options specified in services.mattermost will be generated but won't be overwritten on changes or rebuilds.
If this option is disabled, changes in the system console won't be possible (default). If an config.json is present, it will be overwritten!
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mattermost.nix>
|
services.mattermost.pluginsPlugins to add to the configuration. Overrides any installed if non-null. This is a list of paths to .tar.gz files or derivations evaluating to .tar.gz files.
Type: list of (path or package)
Default: [ ]
Example: "[ ./com.github.moussetc.mattermost.plugin.giphy-2.0.0.tar.gz ]"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mattermost.nix>
|
services.mattermost.preferNixConfigIf both mutableConfig and this option are set, the Nix configuration will take precedence over any settings configured in the server console.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mattermost.nix>
|
services.mattermost.siteNameName of this Mattermost site.
Type: string
Default: "Mattermost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mattermost.nix>
|
services.mattermost.siteUrlURL this Mattermost instance is reachable under, without trailing slash.
Type: string
Example: "https://chat.example.com"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mattermost.nix>
|
services.mattermost.statePathMattermost working directory
Type: string
Default: "/var/lib/mattermost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mattermost.nix>
|
services.mattermost.userUser which runs the Mattermost service.
Type: string
Default: "mattermost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mattermost.nix>
|
services.mautrix-facebook.enableWhether to enable Mautrix-Facebook, a Matrix-Facebook hybrid puppeting/relaybot bridge.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/matrix/mautrix-facebook.nix>
|
services.mautrix-facebook.configurePostgresqlEnable PostgreSQL and create a user and database for mautrix-facebook. The default settings reference this database, if you disable this option you must provide a database URL.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/matrix/mautrix-facebook.nix>
|
services.mautrix-facebook.environmentFileFile containing environment variables to be passed to the mautrix-telegram service.
Any config variable can be overridden by setting MAUTRIX_FACEBOOK_SOME_KEY to override the some.key variable.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/matrix/mautrix-facebook.nix>
|
services.mautrix-facebook.registrationDataOutput data for appservice registration. Simply make any desired changes and serialize to JSON. Note that this data contains secrets so think twice before putting it into the nix store.
Currently as_token and hs_token need to be added as they are not known to this module.
Type: attribute set
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/matrix/mautrix-facebook.nix>
|
services.mautrix-facebook.settingsconfig.yaml configuration as a Nix attribute set.
Configuration options should match those described in
example-config.yaml.
Secret tokens should be specified using environmentFile
instead of this world-readable attribute set.
Type: JSON value
Default:
{
appservice = {
address = "http://localhost:29319";
bot_username = "facebookbot";
database = "postgresql://";
hostname = "localhost";
port = 29319;
};
bridge = {
encryption = {
allow = true;
default = true;
verification_levels = {
receive = "cross-signed-tofu";
send = "cross-signed-tofu";
share = "cross-signed-tofu";
};
};
username_template = "facebook_{userid}";
};
homeserver = {
address = "http://localhost:8008";
software = "standard";
};
logging = {
formatters = {
journal_fmt = {
format = "%(name)s: %(message)s";
};
};
handlers = {
journal = {
SYSLOG_IDENTIFIER = "mautrix-facebook";
class = "systemd.journal.JournalHandler";
formatter = "journal_fmt";
};
};
root = {
handlers = [
"journal"
];
level = "INFO";
};
version = 1;
};
manhole = {
enabled = false;
};
metrics = {
enabled = false;
};
}Example:
{
homeserver = {
address = "http://localhost:8008";
domain = "mydomain.example";
};
bridge.permissions = {
"@admin:mydomain.example" = "admin";
"mydomain.example" = "user";
};
}
Declared by:
<nixpkgs/nixos/modules/services/matrix/mautrix-facebook.nix>
|
services.mautrix-telegram.enableWhether to enable Mautrix-Telegram, a Matrix-Telegram hybrid puppeting/relaybot bridge.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/matrix/mautrix-telegram.nix>
|
services.mautrix-telegram.environmentFileFile containing environment variables to be passed to the mautrix-telegram service,
in which secret tokens can be specified securely by defining values for e.g.
MAUTRIX_TELEGRAM_APPSERVICE_AS_TOKEN,
MAUTRIX_TELEGRAM_APPSERVICE_HS_TOKEN,
MAUTRIX_TELEGRAM_TELEGRAM_API_ID,
MAUTRIX_TELEGRAM_TELEGRAM_API_HASH and optionally
MAUTRIX_TELEGRAM_TELEGRAM_BOT_TOKEN.
These environment variables can also be used to set other options by
replacing hierarchy levels by ., converting the name to uppercase
and prepending MAUTRIX_TELEGRAM_.
For example, the first value above maps to
settings.appservice.as_token.
The environment variable values can be prefixed with json:: to have
them be parsed as JSON. For example, login_shared_secret_map can be
set as follows:
MAUTRIX_TELEGRAM_BRIDGE_LOGIN_SHARED_SECRET_MAP=json::{"example.com":"secret"}.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/matrix/mautrix-telegram.nix>
|
services.mautrix-telegram.serviceDependenciesList of Systemd services to require and wait for when starting the application service.
Type: list of string
Default:
optional config.services.matrix-synapse.enable "matrix-synapse.service"
Declared by:
<nixpkgs/nixos/modules/services/matrix/mautrix-telegram.nix>
|
services.mautrix-telegram.settingsconfig.yaml configuration as a Nix attribute set.
Configuration options should match those described in
example-config.yaml.
Secret tokens should be specified using environmentFile
instead of this world-readable attribute set.
Type: JSON value
Default:
{
appservice = {
address = "http://localhost:8080";
database = "sqlite:////var/lib/mautrix-telegram/mautrix-telegram.db";
database_opts = { };
hostname = "0.0.0.0";
port = 8080;
};
bridge = {
double_puppet_server_map = { };
login_shared_secret_map = { };
permissions = {
"*" = "relaybot";
};
relaybot = {
whitelist = [ ];
};
};
homeserver = {
software = "standard";
};
logging = {
formatters = {
precise = {
format = "[%(levelname)s@%(name)s] %(message)s";
};
};
handlers = {
console = {
class = "logging.StreamHandler";
formatter = "precise";
};
};
loggers = {
aiohttp = {
level = "WARNING";
};
mau = {
level = "INFO";
};
telethon = {
level = "INFO";
};
};
root = {
handlers = [
"console"
];
level = "INFO";
};
version = 1;
};
}Example:
{
homeserver = {
address = "http://localhost:8008";
domain = "public-domain.tld";
};
appservice.public = {
prefix = "/public";
external = "https://public-appservice-address/public";
};
bridge.permissions = {
"example.com" = "full";
"@admin:example.com" = "admin";
};
}
Declared by:
<nixpkgs/nixos/modules/services/matrix/mautrix-telegram.nix>
|
services.mbpfan.enableWhether to enable mbpfan, fan controller daemon for Apple Macs and MacBooks.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/mbpfan.nix>
|
services.mbpfan.packageThe package used for the mbpfan daemon.
Type: package
Default: pkgs.mbpfan
Declared by:
<nixpkgs/nixos/modules/services/misc/mbpfan.nix>
|
services.mbpfan.settingsINI configuration for Mbpfan.
Type: attribute set of attribute set of (INI atom (null, bool, int, float or string))
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/misc/mbpfan.nix>
|
services.mbpfan.settings.general.high_tempIf temperature is above this, fan speed will gradually increase.
Type: signed integer
Default: 58
Declared by:
<nixpkgs/nixos/modules/services/misc/mbpfan.nix>
|
services.mbpfan.settings.general.low_tempIf temperature is below this, fans will run at minimum speed.
Type: signed integer
Default: 55
Declared by:
<nixpkgs/nixos/modules/services/misc/mbpfan.nix>
|
services.mbpfan.settings.general.max_tempIf temperature is above this, fans will run at maximum speed.
Type: signed integer
Default: 86
Declared by:
<nixpkgs/nixos/modules/services/misc/mbpfan.nix>
|
services.mbpfan.settings.general.min_fan1_speedYou can check minimum and maximum fan limits with
cat /sys/devices/platform/applesmc.768/fan*_min and
cat /sys/devices/platform/applesmc.768/fan*_max respectively.
Setting to null implies using default value from applesmc.
Type: null or signed integer
Default: 2000
Declared by:
<nixpkgs/nixos/modules/services/misc/mbpfan.nix>
|
services.mbpfan.settings.general.polling_intervalThe polling interval.
Type: signed integer
Default: 1
Declared by:
<nixpkgs/nixos/modules/services/misc/mbpfan.nix>
|
services.mbpfan.verboseIf true, sets the log level to verbose.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/mbpfan.nix>
|
services.mediatomb.enableWhether to enable the Gerbera/Mediatomb DLNA server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/mediatomb.nix>
|
services.mediatomb.packageUnderlying package to be used with the module.
Type: package
Default: pkgs.gerbera
Declared by:
<nixpkgs/nixos/modules/services/misc/mediatomb.nix>
|
services.mediatomb.customCfgAllow the service to create and use its own config file inside the dataDir as
configured by services.mediatomb.dataDir.
Deactivated by default, the service then runs with the configuration generated from this module.
Otherwise, when enabled, no service configuration is generated. Gerbera/Mediatomb then starts using
config.xml within the configured dataDir. It's up to the user to make a correct
configuration file.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/mediatomb.nix>
|
services.mediatomb.dataDirThe directory where Gerbera/Mediatomb stores its state, data, etc.
Type: path
Default: "/var/lib/${config.services.mediatomb.package.pname}"
Declared by:
<nixpkgs/nixos/modules/services/misc/mediatomb.nix>
|
services.mediatomb.dsmSupportWhether to enable D-Link DSM 320 specific tweaks. WARNING: incompatible with ps3 support.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/mediatomb.nix>
|
services.mediatomb.groupGroup account under which the service runs.
Type: string
Default: "mediatomb"
Declared by:
<nixpkgs/nixos/modules/services/misc/mediatomb.nix>
|
services.mediatomb.interfaceA specific interface to bind to.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/misc/mediatomb.nix>
|
services.mediatomb.mediaDirectoriesDeclare media directories to index.
Type: list of (submodule)
Default: [ ]
Example:
[
{
hidden-files = false;
path = "/data/pictures";
recursive = false;
}
{
hidden-files = false;
path = "/data/audio";
recursive = true;
}
]Declared by:
<nixpkgs/nixos/modules/services/misc/mediatomb.nix>
|
services.mediatomb.mediaDirectories.*.hidden-filesWhether to index the hidden files or not.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/misc/mediatomb.nix>
|
services.mediatomb.mediaDirectories.*.pathAbsolute directory path to the media directory to index.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/misc/mediatomb.nix>
|
services.mediatomb.mediaDirectories.*.recursiveWhether the indexation must take place recursively or not.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/mediatomb.nix>
|
services.mediatomb.openFirewallIf false (the default), this is up to the user to declare the firewall rules.
If true, this opens port 1900 (tcp and udp) and the port specified by
sercvices.mediatomb.port.
If the option services.mediatomb.interface is set,
the firewall rules opened are dedicated to that interface. Otherwise,
those rules are opened globally.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/mediatomb.nix>
|
services.mediatomb.pcDirectoryHideWhether to list the top-level directory or not (from upnp client standpoint).
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/misc/mediatomb.nix>
|
services.mediatomb.portThe network port to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 49152
Declared by:
<nixpkgs/nixos/modules/services/misc/mediatomb.nix>
|
services.mediatomb.ps3SupportWhether to enable ps3 specific tweaks. WARNING: incompatible with DSM 320 support.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/mediatomb.nix>
|
services.mediatomb.serverNameHow to identify the server on the network.
Type: string
Default: "Gerbera (Mediatomb)"
Declared by:
<nixpkgs/nixos/modules/services/misc/mediatomb.nix>
|
services.mediatomb.tg100SupportWhether to enable Telegent TG100 specific tweaks.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/mediatomb.nix>
|
services.mediatomb.transcodingWhether to enable transcoding.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/mediatomb.nix>
|
services.mediatomb.userUser account under which the service runs.
Type: string
Default: "mediatomb"
Declared by:
<nixpkgs/nixos/modules/services/misc/mediatomb.nix>
|
services.mediatomb.uuidA unique (on your network) to identify the server by.
Type: string
Default: "fdfc8a4e-a3ad-4c1d-b43d-a2eedb03a687"
Declared by:
<nixpkgs/nixos/modules/services/misc/mediatomb.nix>
|
services.mediawiki.enableWhether to enable MediaWiki.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
|
services.mediawiki.packageWhich MediaWiki package to use.
Type: package
Default: pkgs.mediawiki
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
|
services.mediawiki.database.createLocallyCreate the database and database user locally. This currently only applies if database type "mysql" is selected.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
|
services.mediawiki.database.hostDatabase host address.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
|
services.mediawiki.database.nameDatabase name.
Type: string
Default: "mediawiki"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
|
services.mediawiki.database.passwordFileA file containing the password corresponding to
database.user.
Type: null or path
Default: null
Example: "/run/keys/mediawiki-dbpassword"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
|
services.mediawiki.database.portDatabase host port.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 3306
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
|
services.mediawiki.database.socketPath to the unix socket file to use for authentication.
Type: null or path
Default: /run/mysqld/mysqld.sock
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
|
services.mediawiki.database.tablePrefixIf you only have access to a single database and wish to install more than one version of MediaWiki, or have other applications that also use the database, you can give the table names a unique prefix to stop any naming conflicts or confusion. See https://www.mediawiki.org/wiki/Manual:$wgDBprefix.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
|
services.mediawiki.database.typeDatabase engine to use. MySQL/MariaDB is the database of choice by MediaWiki developers.
Type: one of "mysql", "postgres", "sqlite", "mssql", "oracle"
Default: "mysql"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
|
services.mediawiki.database.userDatabase user.
Type: string
Default: "mediawiki"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
|
services.mediawiki.extensionsAttribute set of paths whose content is copied to the extensions
subdirectory of the MediaWiki installation and enabled in configuration.
Use null instead of path to enable extensions that are part of MediaWiki.
Type: attribute set of (null or path)
Default: { }
Example:
{
Matomo = pkgs.fetchzip {
url = "https://github.com/DaSchTour/matomo-mediawiki-extension/archive/v4.0.1.tar.gz";
sha256 = "0g5rd3zp0avwlmqagc59cg9bbkn3r7wx7p6yr80s644mj6dlvs1b";
};
ParserFunctions = null;
}
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
|
services.mediawiki.extraConfigAny additional text to be appended to MediaWiki's LocalSettings.php configuration file. For configuration settings, see https://www.mediawiki.org/wiki/Manual:Configuration_settings.
Type: strings concatenated with "\n"
Default: ""
Example:
'' $wgEnableEmail = false; ''
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
|
services.mediawiki.nameName of the wiki.
Type: string
Default: "MediaWiki"
Example: "Foobar Wiki"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
|
services.mediawiki.passwordFileA file containing the initial password for the admin user.
Type: path
Example: "/run/keys/mediawiki-password"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
|
services.mediawiki.poolConfigOptions for the MediaWiki PHP pool. See the documentation on php-fpm.conf
for details on configuration directives.
Type: attribute set of (string or signed integer or boolean)
Default:
{
pm = "dynamic";
"pm.max_children" = 32;
"pm.max_requests" = 500;
"pm.max_spare_servers" = 4;
"pm.min_spare_servers" = 2;
"pm.start_servers" = 2;
}Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
|
services.mediawiki.skinsAttribute set of paths whose content is copied to the skins
subdirectory of the MediaWiki installation in addition to the default skins.
Type: attribute set of path
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
|
services.mediawiki.uploadsDirThis directory is used for uploads of pictures. The directory passed here is automatically created and permissions adjusted as required.
Type: null or path
Default: "/var/lib/mediawiki/uploads"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
|
services.mediawiki.virtualHostApache configuration can be done by adapting services.httpd.virtualHosts.
See services.httpd.virtualHosts for further information.
Type: submodule
Example:
{
hostName = "mediawiki.example.org";
adminAddr = "webmaster@example.org";
forceSSL = true;
enableACME = true;
}
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
|
services.mediawiki.virtualHost.enableACMEWhether to ask Let's Encrypt to sign a certificate for this vhost.
Alternately, you can use an existing certificate through useACMEHost.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
|
services.mediawiki.virtualHost.enableUserDirWhether to enable serving ~/public_html as
/~«username».
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
|
services.mediawiki.virtualHost.acmeRootDirectory for the acme challenge which is PUBLIC, don't put certs or keys in here. Set to null to inherit from config.security.acme.
Type: null or string
Default: "/var/lib/acme/acme-challenge"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
|
services.mediawiki.virtualHost.addSSLWhether to enable HTTPS in addition to plain HTTP. This will set defaults for
listen to listen on all interfaces on the respective default
ports (80, 443).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
|
services.mediawiki.virtualHost.adminAddrE-mail address of the server administrator.
Type: null or string
Default: null
Example: "admin@example.org"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
|
services.mediawiki.virtualHost.documentRootThe path of Apache's document root directory. If left undefined, an empty directory in the Nix store will be used as root.
Type: null or path
Default: null
Example: "/data/webserver/docs"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
|
services.mediawiki.virtualHost.extraConfigThese lines go to httpd.conf verbatim. They will go after directories and directory aliases defined by default.
Type: strings concatenated with "\n"
Default: ""
Example:
''
<Directory /home>
Options FollowSymlinks
AllowOverride All
</Directory>
''Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
|
services.mediawiki.virtualHost.forceSSLWhether to add a separate nginx server block that permanently redirects (301)
all plain HTTP traffic to HTTPS. This will set defaults for
listen to listen on all interfaces on the respective default
ports (80, 443), where the non-SSL listens are used for the redirect vhosts.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
|
services.mediawiki.virtualHost.globalRedirectIf set, all requests for this host are redirected permanently to the given URL.
Type: null or string
Default: null
Example: "http://newserver.example.org/"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
|
services.mediawiki.virtualHost.hostNameCanonical hostname for the server.
Type: string
Default: "‹name›"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
|
services.mediawiki.virtualHost.http2Whether to enable HTTP 2. HTTP/2 is supported in all multi-processing modules that come with httpd. However, if you use the prefork mpm, there will be severe restrictions. Refer to https://httpd.apache.org/docs/2.4/howto/http2.html#mpm-config for details.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
|
services.mediawiki.virtualHost.listenListen addresses and ports for this virtual host.
This option overrides addSSL, forceSSL and onlySSL.
If you only want to set the addresses manually and not the ports, take a look at listenAddresses.
Type: list of (submodule)
Default: [ ]
Example:
[
{
ip = "195.154.1.1";
port = 443;
ssl = true;
}
{
ip = "192.154.1.1";
port = 80;
}
{
ip = "*";
port = 8080;
}
]Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
|
services.mediawiki.virtualHost.listen.*.ipIP to listen on. 0.0.0.0 for IPv4 only, * for all.
Type: string
Default: "*"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
|
services.mediawiki.virtualHost.listen.*.portPort to listen on
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
|
services.mediawiki.virtualHost.listen.*.sslWhether to enable SSL (https) support.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
|
services.mediawiki.virtualHost.listenAddressesListen addresses for this virtual host.
Compared to listen this only sets the addresses
and the ports are chosen automatically.
Type: non-empty (list of string)
Default:
[ "*" ]
Example:
[ "127.0.0.1" ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
|
services.mediawiki.virtualHost.locationsDeclarative location config. See https://httpd.apache.org/docs/2.4/mod/core.html#location for details.
Type: attribute set of (submodule)
Default: { }
Example:
{
"/" = {
proxyPass = "http://localhost:3000";
};
"/foo/bar.png" = {
alias = "/home/eelco/some-file.png";
};
};
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
|
services.mediawiki.virtualHost.locations.<name>.aliasAlias directory for requests. See https://httpd.apache.org/docs/2.4/mod/mod_alias.html#alias.
Type: null or path
Default: null
Example: "/your/alias/directory"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
|
services.mediawiki.virtualHost.locations.<name>.extraConfigThese lines go to the end of the location verbatim.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
|
services.mediawiki.virtualHost.locations.<name>.indexAdds DirectoryIndex directive. See https://httpd.apache.org/docs/2.4/mod/mod_dir.html#directoryindex.
Type: null or string
Default: null
Example: "index.php index.html"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
|
services.mediawiki.virtualHost.locations.<name>.priorityOrder of this location block in relation to the others in the vhost.
The semantics are the same as with lib.mkOrder. Smaller values have
a greater priority.
Type: signed integer
Default: 1000
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
|
services.mediawiki.virtualHost.locations.<name>.proxyPassSets up a simple reverse proxy as described by https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html#simple.
Type: null or string
Default: null
Example: "http://www.example.org/"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
|
services.mediawiki.virtualHost.logFormatLog format for Apache's log files. Possible values are: combined, common, referer, agent.
Type: string
Default: "common"
Example: "combined"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
|
services.mediawiki.virtualHost.onlySSLWhether to enable HTTPS and reject plain HTTP connections. This will set
defaults for listen to listen on all interfaces on port 443.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
|
services.mediawiki.virtualHost.robotsEntriesSpecification of pages to be ignored by web crawlers. See http://www.robotstxt.org/ for details.
Type: strings concatenated with "\n"
Default: ""
Example: "Disallow: /foo/"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
|
services.mediawiki.virtualHost.servedDirsThis option provides a simple way to serve static directories.
Type: list of (attribute set)
Default: [ ]
Example:
[
{
dir = "/home/eelco/Dev/nix-homepage";
urlPath = "/nix";
}
]Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
|
services.mediawiki.virtualHost.servedFilesThis option provides a simple way to serve individual, static files.
This option has been deprecated and will be removed in a future
version of NixOS. You can achieve the same result by making use of
the locations.<name>.alias option.
Type: list of (attribute set)
Default: [ ]
Example:
[
{
file = "/home/eelco/some-file.png";
urlPath = "/foo/bar.png";
}
]Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
|
services.mediawiki.virtualHost.serverAliasesAdditional names of virtual hosts served by this virtual host configuration.
Type: list of string
Default: [ ]
Example:
[ "www.example.org" "www.example.org:8080" "example.org" ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
|
services.mediawiki.virtualHost.sslServerCertPath to server SSL certificate.
Type: path
Example: "/var/host.cert"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
|
services.mediawiki.virtualHost.sslServerChainPath to server SSL chain file.
Type: null or path
Default: null
Example: "/var/ca.pem"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
|
services.mediawiki.virtualHost.sslServerKeyPath to server SSL certificate key.
Type: path
Example: "/var/host.key"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
|
services.mediawiki.virtualHost.useACMEHostA host of an existing Let's Encrypt certificate to use.
This is useful if you have many subdomains and want to avoid hitting the
rate limit.
Alternately, you can generate a certificate through enableACME.
Note that this option does not create any certificates, nor it does add subdomains to existing ones – you will need to create them manually using security.acme.certs.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/mediawiki.nix>
|
services.meilisearch.enableWhether to enable MeiliSearch - a RESTful search API.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/search/meilisearch.nix>
|
services.meilisearch.packageThe package to use for meilisearch. Use this if you require specific features to be enabled. The default package has no features.
Type: package
Default: pkgs.meilisearch
Declared by:
<nixpkgs/nixos/modules/services/search/meilisearch.nix>
|
services.meilisearch.environmentDefines the running environment of MeiliSearch.
Type: one of "development", "production"
Default: "development"
Declared by:
<nixpkgs/nixos/modules/services/search/meilisearch.nix>
|
services.meilisearch.listenAddressMeiliSearch listen address.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/search/meilisearch.nix>
|
services.meilisearch.listenPortMeiliSearch port to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 7700
Declared by:
<nixpkgs/nixos/modules/services/search/meilisearch.nix>
|
services.meilisearch.logLevelDefines how much detail should be present in MeiliSearch's logs. MeiliSearch currently supports four log levels, listed in order of increasing verbosity:
'ERROR': only log unexpected events indicating MeiliSearch is not functioning as expected
'WARN:' log all unexpected events, regardless of their severity
'INFO:' log all events. This is the default value
'DEBUG': log all events and including detailed information on MeiliSearch's internal processes. Useful when diagnosing issues and debugging
Type: string
Default: "INFO"
Declared by:
<nixpkgs/nixos/modules/services/search/meilisearch.nix>
|
services.meilisearch.masterKeyEnvironmentFilePath to file which contains the master key. By doing so, all routes will be protected and will require a key to be accessed. If no master key is provided, all routes can be accessed without requiring any key. The format is the following: MEILI_MASTER_KEY=my_secret_key
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/search/meilisearch.nix>
|
services.meilisearch.maxIndexSizeSets the maximum size of the index. Value must be given in bytes or explicitly stating a base unit. For example, the default value can be written as 107374182400, '107.7Gb', or '107374 Mb'. Default is 100 GiB
Type: string
Default: "107374182400"
Declared by:
<nixpkgs/nixos/modules/services/search/meilisearch.nix>
|
services.meilisearch.noAnalyticsDeactivates analytics. Analytics allow MeiliSearch to know how many users are using MeiliSearch, which versions and which platforms are used. This process is entirely anonymous.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/search/meilisearch.nix>
|
services.meilisearch.payloadSizeLimitSets the maximum size of accepted JSON payloads. Value must be given in bytes or explicitly stating a base unit. For example, the default value can be written as 107374182400, '107.7Gb', or '107374 Mb'. Default is ~ 100 MB
Type: string
Default: "104857600"
Declared by:
<nixpkgs/nixos/modules/services/search/meilisearch.nix>
|
services.memcached.enableWhether to enable Memcached.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/databases/memcached.nix>
|
services.memcached.enableUnixSocketWhether to enable unix socket at /run/memcached/memcached.sock.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/databases/memcached.nix>
|
services.memcached.extraOptionsA list of extra options that will be added as a suffix when running memcached.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/databases/memcached.nix>
|
services.memcached.listenThe IP address to bind to.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/databases/memcached.nix>
|
services.memcached.maxConnectionsThe maximum number of simultaneous connections.
Type: unsigned integer, meaning >=0
Default: 1024
Declared by:
<nixpkgs/nixos/modules/services/databases/memcached.nix>
|
services.memcached.maxMemoryThe maximum amount of memory to use for storage, in megabytes.
Type: unsigned integer, meaning >=0
Default: 64
Declared by:
<nixpkgs/nixos/modules/services/databases/memcached.nix>
|
services.memcached.portThe port to bind to.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 11211
Declared by:
<nixpkgs/nixos/modules/services/databases/memcached.nix>
|
services.memcached.userThe user to run Memcached as
Type: string
Default: "memcached"
Declared by:
<nixpkgs/nixos/modules/services/databases/memcached.nix>
|
services.merecat.enableWhether to enable Merecat HTTP server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-servers/merecat.nix>
|
services.merecat.settingsMerecat configuration. Refer to merecat(8) for details on supported values.
Type: attribute set of (atom (null, bool, int, float or string))
Default: { }
Example:
{
directory = "/srv/www";
hostname = "localhost";
port = 8080;
virtual-host = true;
}Declared by:
<nixpkgs/nixos/modules/services/web-servers/merecat.nix>
|
services.meshcentral.enableWhether to enable MeshCentral computer management server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/admin/meshcentral.nix>
|
services.meshcentral.packageMeshCentral package to use. Replacing this may be necessary to add dependencies for extra functionality.
Type: package
Default: pkgs.meshcentral
Declared by:
<nixpkgs/nixos/modules/services/admin/meshcentral.nix>
|
services.meshcentral.settingsSettings for MeshCentral. Refer to upstream documentation for details:
Type: JSON value
Example:
{
domains = {
"" = {
certUrl = "https://meshcentral.example.com/";
};
};
settings = {
Cert = "meshcentral.example.com";
Port = 4430;
TlsOffload = "10.0.0.2,fd42::2";
WANonly = true;
};
}Declared by:
<nixpkgs/nixos/modules/services/admin/meshcentral.nix>
|
services.metabase.enableWhether to enable Metabase service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/metabase.nix>
|
services.metabase.listen.ipIP address that Metabase should listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/misc/metabase.nix>
|
services.metabase.listen.portListen port for Metabase.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 3000
Declared by:
<nixpkgs/nixos/modules/services/misc/metabase.nix>
|
services.metabase.openFirewallOpen ports in the firewall for Metabase.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/metabase.nix>
|
services.metabase.ssl.enableWhether to enable SSL (https) support.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/metabase.nix>
|
services.metabase.ssl.keystoreJava KeyStore file containing the certificates.
Type: null or path
Default: "/var/lib/metabase/metabase.jks"
Example: "/etc/secrets/keystore.jks"
Declared by:
<nixpkgs/nixos/modules/services/misc/metabase.nix>
|
services.metabase.ssl.portListen port over SSL (https) for Metabase.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8443
Declared by:
<nixpkgs/nixos/modules/services/misc/metabase.nix>
|
services.metricbeat.enableWhether to enable metricbeat.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/metricbeat.nix>
|
services.metricbeat.packageThe metricbeat package to use
Type: package
Default: pkgs.metricbeat
Example: pkgs.metricbeat7
Declared by:
<nixpkgs/nixos/modules/services/monitoring/metricbeat.nix>
|
services.metricbeat.modulesMetricbeat modules are responsible for reading metrics from the various sources.
This is like services.metricbeat.settings.metricbeat.modules,
but structured as an attribute set. This has the benefit that multiple
NixOS modules can contribute settings to a single metricbeat module.
A module can be specified multiple times by choosing a different <name>
for each, but setting services.metricbeat.modules.<name>.module to the same value.
See https://www.elastic.co/guide/en/beats/metricbeat/current/metricbeat-modules.html.
Type: attribute set of (YAML value)
Default: { }
Example:
{
system = {
core = {
metrics = [
"percentages"
];
};
cpu = {
metrics = [
"percentages"
"normalized_percentages"
];
};
enabled = true;
metricsets = [
"cpu"
"load"
"memory"
"network"
"process"
"process_summary"
"uptime"
"socket_summary"
];
period = "10s";
processes = [
".*"
];
};
}Declared by:
<nixpkgs/nixos/modules/services/monitoring/metricbeat.nix>
|
services.metricbeat.modules.<name>.moduleThe name of the module.
Look for the value after module: on the individual
module pages linked from https://www.elastic.co/guide/en/beats/metricbeat/current/metricbeat-modules.html.
Type: string
Default: "‹name›"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/metricbeat.nix>
|
services.metricbeat.settingsConfiguration for metricbeat. See https://www.elastic.co/guide/en/beats/metricbeat/current/configuring-howto-metricbeat.html for supported values.
Type: YAML value
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/monitoring/metricbeat.nix>
|
services.metricbeat.settings.nameName of the beat. Defaults to the hostname. See https://www.elastic.co/guide/en/beats/metricbeat/current/configuration-general-options.html#_name.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/metricbeat.nix>
|
services.metricbeat.settings.tagsTags to place on the shipped metrics. See https://www.elastic.co/guide/en/beats/metricbeat/current/configuration-general-options.html#_tags_2.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/metricbeat.nix>
|
services.mighttpd2.enableWhether to enable Mighttpd2 web server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-servers/mighttpd2.nix>
|
services.mighttpd2.configVerbatim config file to use (see http://www.mew.org/~kazu/proj/mighttpd/en/config.html)
Type: strings concatenated with "\n"
Default: ""
Example:
'' # Example configuration for Mighttpd 2 Port: 80 # IP address or "*" Host: * Debug_Mode: Yes # Yes or No # If available, "nobody" is much more secure for User:. User: root # If available, "nobody" is much more secure for Group:. Group: root Pid_File: /run/mighty.pid Logging: Yes # Yes or No Log_File: /var/log/mighty # The directory must be writable by User: Log_File_Size: 16777216 # bytes Log_Backup_Number: 10 Index_File: index.html Index_Cgi: index.cgi Status_File_Dir: /usr/local/share/mighty/status Connection_Timeout: 30 # seconds Fd_Cache_Duration: 10 # seconds # Server_Name: Mighttpd/3.x.y Tls_Port: 443 Tls_Cert_File: cert.pem # should change this with an absolute path # should change this with comma-separated absolute paths Tls_Chain_Files: chain.pem # Currently, Tls_Key_File must not be encrypted. Tls_Key_File: privkey.pem # should change this with an absolute path Service: 0 # 0 is HTTP only, 1 is HTTPS only, 2 is both ''
Declared by:
<nixpkgs/nixos/modules/services/web-servers/mighttpd2.nix>
|
services.mighttpd2.coresHow many cores to use. If null it will be determined automatically
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-servers/mighttpd2.nix>
|
services.mighttpd2.routingVerbatim routing file to use (see http://www.mew.org/~kazu/proj/mighttpd/en/config.html)
Type: strings concatenated with "\n"
Default: ""
Example:
'' # Example routing for Mighttpd 2 # Domain lists [localhost www.example.com] # Entries are looked up in the specified order # All paths must end with "/" # A path to CGI scripts should be specified with "=>" /~alice/cgi-bin/ => /home/alice/public_html/cgi-bin/ # A path to static files should be specified with "->" /~alice/ -> /home/alice/public_html/ /cgi-bin/ => /export/cgi-bin/ # Reverse proxy rules should be specified with ">>" # /path >> host:port/path2 # Either "host" or ":port" can be committed, but not both. /app/cal/ >> example.net/calendar/ # Yesod app in the same server /app/wiki/ >> 127.0.0.1:3000/ / -> /export/www/ ''
Declared by:
<nixpkgs/nixos/modules/services/web-servers/mighttpd2.nix>
|
services.mimir.enableWhether to enable mimir.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/mimir.nix>
|
services.mimir.configFileSpecify a configuration file that Mimir should use.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/mimir.nix>
|
services.mimir.configurationSpecify the configuration for Mimir in Nix.
Type: JSON value
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/monitoring/mimir.nix>
|
services.minecraft-server.enableIf enabled, start a Minecraft Server. The server
data will be loaded from and saved to
services.minecraft-server.dataDir.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/games/minecraft-server.nix>
|
services.minecraft-server.packageVersion of minecraft-server to run.
Type: package
Default: pkgs.minecraft-server
Example: pkgs.minecraft-server_1_12_2
Declared by:
<nixpkgs/nixos/modules/services/games/minecraft-server.nix>
|
services.minecraft-server.dataDirDirectory to store Minecraft database and other state/data files.
Type: path
Default: "/var/lib/minecraft"
Declared by:
<nixpkgs/nixos/modules/services/games/minecraft-server.nix>
|
services.minecraft-server.declarativeWhether to use a declarative Minecraft server configuration.
Only if set to true, the options
services.minecraft-server.whitelist and
services.minecraft-server.serverProperties will be
applied.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/games/minecraft-server.nix>
|
services.minecraft-server.eulaWhether you agree to
Mojangs EULA. This option must be set to
true to run Minecraft server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/games/minecraft-server.nix>
|
services.minecraft-server.jvmOptsJVM options for the Minecraft server.
Type: strings concatenated with " "
Default: "-Xmx2048M -Xms2048M"
Example: "-Xms4092M -Xmx4092M -XX:+UseG1GC -XX:+CMSIncrementalPacing -XX:+CMSClassUnloadingEnabled -XX:ParallelGCThreads=2 -XX:MinHeapFreeRatio=5 -XX:MaxHeapFreeRatio=10"
Declared by:
<nixpkgs/nixos/modules/services/games/minecraft-server.nix>
|
services.minecraft-server.openFirewallWhether to open ports in the firewall for the server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/games/minecraft-server.nix>
|
services.minecraft-server.serverPropertiesMinecraft server properties for the server.properties file. Only has
an effect when services.minecraft-server.declarative
is set to true. See
https://minecraft.gamepedia.com/Server.properties#Java_Edition_3
for documentation on these values.
Type: attribute set of (boolean or signed integer or string)
Default: { }
Example:
{
server-port = 43000;
difficulty = 3;
gamemode = 1;
max-players = 5;
motd = "NixOS Minecraft server!";
white-list = true;
enable-rcon = true;
"rcon.password" = "hunter2";
}
Declared by:
<nixpkgs/nixos/modules/services/games/minecraft-server.nix>
|
services.minecraft-server.whitelistWhitelisted players, only has an effect when
services.minecraft-server.declarative is
true and the whitelist is enabled
via services.minecraft-server.serverProperties by
setting white-list to true.
This is a mapping from Minecraft usernames to UUIDs.
You can use https://mcuuid.net/ to get a
Minecraft UUID for a username.
Type: attribute set of Minecraft UUID
Default: { }
Example:
{
username1 = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx";
username2 = "yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy";
};
Declared by:
<nixpkgs/nixos/modules/services/games/minecraft-server.nix>
|
services.minetest-server.enableIf enabled, starts a Minetest Server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/games/minetest-server.nix>
|
services.minetest-server.configPathPath to the config to use.
If set to null, the config of the running user will be used:
~/.minetest/minetest.conf.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/games/minetest-server.nix>
|
services.minetest-server.gameIdId of the game to use. To list available games run
minetestserver --gameid list.
If only one game exists, this option can be null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/games/minetest-server.nix>
|
services.minetest-server.logPathPath to logfile for logging.
If set to null, logging will be output to stdout which means all output will be caught by systemd.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/games/minetest-server.nix>
|
services.minetest-server.portPort number to bind to.
If set to null, the default 30000 will be used.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/games/minetest-server.nix>
|
services.minetest-server.worldName of the world to use. To list available worlds run
minetestserver --world list.
If only one world exists, this option can be null.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/games/minetest-server.nix>
|
services.minidlna.enableWhether to enable MiniDLNA, a simple DLNA server.
It serves media files such as video and music to DLNA client devices
such as televisions and media players. If you use the firewall consider
adding the following: services.minidlna.openFirewall = true;
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/minidlna.nix>
|
services.minidlna.openFirewallWhether to open both HTTP (TCP) and SSDP (UDP) ports in the firewall.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/minidlna.nix>
|
services.minidlna.settingsThe contents of MiniDLNA's configuration file. When the service is activated, a basic template is generated from the current options opened here.
Type: attribute set of (atom (null, bool, int, float or string) or a list of them for duplicate keys)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/minidlna.nix>
|
services.minidlna.settings.enable_tivoSupport for streaming .jpg and .mp3 files to a TiVo supporting HMO.
Type: one of "yes", "no"
Default: "no"
Declared by:
<nixpkgs/nixos/modules/services/networking/minidlna.nix>
|
services.minidlna.settings.db_dirSpecify the directory where you want MiniDLNA to store its database and album art cache.
Type: path
Default: "/var/cache/minidlna"
Example: "/tmp/minidlna"
Declared by:
<nixpkgs/nixos/modules/services/networking/minidlna.nix>
|
services.minidlna.settings.friendly_nameName that the DLNA server presents to clients.
Type: string
Default: config.networking.hostName
Example: "rpi3"
Declared by:
<nixpkgs/nixos/modules/services/networking/minidlna.nix>
|
services.minidlna.settings.inotifyWhether to enable inotify monitoring to automatically discover new files.
Type: one of "yes", "no"
Default: "no"
Declared by:
<nixpkgs/nixos/modules/services/networking/minidlna.nix>
|
services.minidlna.settings.log_levelDefines the type of messages that should be logged and down to which level of importance.
Type: string
Default: "warn"
Example: "general,artwork,database,inotify,scanner,metadata,http,ssdp,tivo=warn"
Declared by:
<nixpkgs/nixos/modules/services/networking/minidlna.nix>
|
services.minidlna.settings.media_dirDirectories to be scanned for media files.
The A, V, P, prefixes restrict a directory to audio, video or image files.
The directories must be accessible to the minidlna user account.
Type: list of string
Default: [ ]
Example:
[ "/data/media" "V,/home/alice/video" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/minidlna.nix>
|
services.minidlna.settings.notify_intervalThe interval between announces (in seconds).
Instead of waiting for announces, you should set openFirewall option to use SSDP discovery.
Furthermore, this option has been set to 90000 in order to prevent disconnects with certain
clients and relies solely on the discovery.
Lower values (e.g. 30 seconds) should be used if you can't use the discovery. Some relevant information can be found here: https://sourceforge.net/p/minidlna/discussion/879957/thread/1389d197/
Type: signed integer
Default: 90000
Declared by:
<nixpkgs/nixos/modules/services/networking/minidlna.nix>
|
services.minidlna.settings.portPort number for HTTP traffic (descriptions, SOAP, media transfer).
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8200
Declared by:
<nixpkgs/nixos/modules/services/networking/minidlna.nix>
|
services.minidlna.settings.root_containerUse a different container as the root of the directory tree presented to clients.
Type: string
Default: "."
Example: "B"
Declared by:
<nixpkgs/nixos/modules/services/networking/minidlna.nix>
|
services.minidlna.settings.wide_linksSet this to yes to allow symlinks that point outside user-defined media_dir.
Type: one of "yes", "no"
Default: "no"
Declared by:
<nixpkgs/nixos/modules/services/networking/minidlna.nix>
|
services.miniflux.enableWhether to enable miniflux and creates a local postgres database for it.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/miniflux.nix>
|
services.miniflux.packageMiniflux package to use.
Type: package
Default: pkgs.miniflux
Declared by:
<nixpkgs/nixos/modules/services/web-apps/miniflux.nix>
|
services.miniflux.adminCredentialsFileFile containing the ADMIN_USERNAME and ADMIN_PASSWORD (length >= 6) in the format of an EnvironmentFile=, as described by systemd.exec(5).
Type: path
Example: "/etc/nixos/miniflux-admin-credentials"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/miniflux.nix>
|
services.miniflux.configConfiguration for Miniflux, refer to https://miniflux.app/docs/configuration.html for documentation on the supported values.
Correct configuration for the database is already provided. By default, listens on localhost:8080.
Type: attribute set of string
Example:
{
CLEANUP_FREQUENCY = "48";
LISTEN_ADDR = "localhost:8080";
}
Declared by:
<nixpkgs/nixos/modules/services/web-apps/miniflux.nix>
|
services.minio.enableWhether to enable Minio Object Storage.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-servers/minio.nix>
|
services.minio.packageMinio package to use.
Type: package
Default: pkgs.minio
Declared by:
<nixpkgs/nixos/modules/services/web-servers/minio.nix>
|
services.minio.accessKeyAccess key of 5 to 20 characters in length that clients use to access the server.
This overrides the access key that is generated by minio on first startup and stored inside the
configDir directory.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-servers/minio.nix>
|
services.minio.browserEnable or disable access to web UI.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-servers/minio.nix>
|
services.minio.configDirThe config directory, for the access keys and other settings.
Type: path
Default: "/var/lib/minio/config"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/minio.nix>
|
services.minio.consoleAddressIP address and port of the web UI (console).
Type: string
Default: ":9001"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/minio.nix>
|
services.minio.dataDirThe list of data directories for storing the objects. Use one path for regular operation and the minimum of 4 endpoints for Erasure Code mode.
Type: list of path
Default:
[ "/var/lib/minio/data" ]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/minio.nix>
|
services.minio.listenAddressIP address and port of the server.
Type: string
Default: ":9000"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/minio.nix>
|
services.minio.regionThe physical location of the server. By default it is set to us-east-1, which is same as AWS S3's and Minio's default region.
Type: string
Default: "us-east-1"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/minio.nix>
|
services.minio.rootCredentialsFileFile containing the MINIO_ROOT_USER, default is "minioadmin", and MINIO_ROOT_PASSWORD (length >= 8), default is "minioadmin"; in the format of an EnvironmentFile=, as described by systemd.exec(5).
Type: null or path
Default: null
Example: "/etc/nixos/minio-root-credentials"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/minio.nix>
|
services.minio.secretKeySpecify the Secret key of 8 to 40 characters in length that clients use to access the server.
This overrides the secret key that is generated by minio on first startup and stored inside the
configDir directory.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-servers/minio.nix>
|
services.miniupnpd.enableWhether to enable MiniUPnP daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/miniupnpd.nix>
|
services.miniupnpd.appendConfigConfiguration lines appended to the MiniUPnP config.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/miniupnpd.nix>
|
services.miniupnpd.externalInterfaceName of the external interface.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/miniupnpd.nix>
|
services.miniupnpd.internalIPsThe IP address ranges to listen on.
Type: list of string
Example:
[ "192.168.1.1/24" "enp1s0" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/miniupnpd.nix>
|
services.miniupnpd.natpmpWhether to enable NAT-PMP support.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/miniupnpd.nix>
|
services.miniupnpd.upnpWhether to enable UPNP support.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/miniupnpd.nix>
|
services.mirakurun.enableWhether to enable the Mirakurun DVR Tuner Server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/video/mirakurun.nix>
|
services.mirakurun.allowSmartCardAccessInstall polkit rules to allow Mirakurun to access smart card readers which is commonly used along with tuner devices.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/video/mirakurun.nix>
|
services.mirakurun.channelSettingsOptions which are added to channels.yml. If none is specified, it will automatically be generated at runtime.
Documentation: https://github.com/Chinachu/Mirakurun/blob/master/doc/Configuration.md
Type: null or YAML value
Default: null
Example:
[
{
name = "channel";
types = "GR";
channel = "0";
}
];
Declared by:
<nixpkgs/nixos/modules/services/video/mirakurun.nix>
|
services.mirakurun.openFirewallOpen ports in the firewall for Mirakurun.
Exposing Mirakurun to the open internet is generally advised against. Only use it inside a trusted local network, or consider putting it behind a VPN if you want remote access.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/video/mirakurun.nix>
|
services.mirakurun.portPort to listen on. If null, it won't listen on
any port.
Type: null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 40772
Declared by:
<nixpkgs/nixos/modules/services/video/mirakurun.nix>
|
services.mirakurun.serverSettingsOptions for server.yml.
Documentation: https://github.com/Chinachu/Mirakurun/blob/master/doc/Configuration.md
Type: YAML value
Default: { }
Example:
{
highWaterMark = 25165824;
overflowTimeLimit = 30000;
};
Declared by:
<nixpkgs/nixos/modules/services/video/mirakurun.nix>
|
services.mirakurun.tunerSettingsOptions which are added to tuners.yml. If none is specified, it will automatically be generated at runtime.
Documentation: https://github.com/Chinachu/Mirakurun/blob/master/doc/Configuration.md
Type: null or YAML value
Default: null
Example:
[
{
name = "tuner-name";
types = [ "GR" "BS" "CS" "SKY" ];
dvbDevicePath = "/dev/dvb/adapterX/dvrX";
}
];
Declared by:
<nixpkgs/nixos/modules/services/video/mirakurun.nix>
|
services.mirakurun.unixSocketPath to unix socket to listen on. If null, it
won't listen on any unix sockets.
Type: null or path
Default: "/var/run/mirakurun/mirakurun.sock"
Declared by:
<nixpkgs/nixos/modules/services/video/mirakurun.nix>
|
services.miredo.enableWhether to enable the Miredo IPv6 tunneling service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/miredo.nix>
|
services.miredo.packageThe package to use for the miredo daemon's binary.
Type: package
Default: pkgs.miredo
Declared by:
<nixpkgs/nixos/modules/services/networking/miredo.nix>
|
services.miredo.bindAddressDepending on the local firewall/NAT rules, you might need to force Miredo to use a fixed UDP port and or IPv4 address.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/miredo.nix>
|
services.miredo.bindPortDepending on the local firewall/NAT rules, you might need to force Miredo to use a fixed UDP port and or IPv4 address.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/miredo.nix>
|
services.miredo.interfaceNameName of the network tunneling interface.
Type: string
Default: "teredo"
Declared by:
<nixpkgs/nixos/modules/services/networking/miredo.nix>
|
services.miredo.serverAddressThe hostname or primary IPv4 address of the Teredo server. This setting is required if Miredo runs as a Teredo client. "teredo.remlab.net" is an experimental service for testing only. Please use another server for production and/or large scale deployments.
Type: string
Default: "teredo.remlab.net"
Declared by:
<nixpkgs/nixos/modules/services/networking/miredo.nix>
|
services.mjolnir.enableWhether to enable Mjolnir, a moderation tool for Matrix.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/matrix/mjolnir.nix>
|
services.mjolnir.accessTokenFileFile containing the matrix access token for the mjolnir user.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/matrix/mjolnir.nix>
|
services.mjolnir.dataPathThe directory the bot should store various bits of information in.
Type: path
Default: "/var/lib/mjolnir"
Declared by:
<nixpkgs/nixos/modules/services/matrix/mjolnir.nix>
|
services.mjolnir.homeserverUrlWhere the homeserver is located (client-server URL).
If pantalaimon.enable is true, this option will become the homeserver to which pantalaimon connects.
The listen address of pantalaimon will then become the homeserverUrl of mjolnir.
Type: string
Default: "https://matrix.org"
Declared by:
<nixpkgs/nixos/modules/services/matrix/mjolnir.nix>
|
services.mjolnir.managementRoomThe room ID where people can use the bot. The bot has no access controls, so
anyone in this room can use the bot - secure your room!
This should be a room alias or room ID - not a matrix.to URL.
Note: mjolnir is fairly verbose - expect a lot of messages from it.
Type: string
Default: "#moderators:example.org"
Declared by:
<nixpkgs/nixos/modules/services/matrix/mjolnir.nix>
|
services.mjolnir.pantalaimonpantalaimon options (enables E2E Encryption support).
This will create a pantalaimon instance with the name "mjolnir".
Type: submodule
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/matrix/mjolnir.nix>
|
services.mjolnir.pantalaimon.enableWhether to enable If true, accessToken is ignored and the username/password below will be used instead. The access token of the bot will be stored in the dataPath. .
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/matrix/mjolnir.nix>
|
services.mjolnir.pantalaimon.optionspassthrough additional options to the pantalaimon service.
Type: submodule
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/matrix/mjolnir.nix>
|
services.mjolnir.pantalaimon.options.dataPathThe directory where pantalaimon should store its state such as the database file.
Type: path
Default: "/var/lib/pantalaimon-‹name›"
Declared by:
<nixpkgs/nixos/modules/services/matrix/mjolnir.nix>
|
services.mjolnir.pantalaimon.options.extraSettingsExtra configuration options. See pantalaimon(5) for available options.
Type: attribute set
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/matrix/mjolnir.nix>
|
services.mjolnir.pantalaimon.options.homeserverThe URI of the homeserver that the pantalaimon proxy should
forward requests to, without the matrix API path but including
the http(s) schema.
Type: string
Example: "https://matrix.org"
Declared by:
<nixpkgs/nixos/modules/services/matrix/mjolnir.nix>
|
services.mjolnir.pantalaimon.options.listenAddressThe address where the daemon will listen to client connections for this homeserver.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/matrix/mjolnir.nix>
|
services.mjolnir.pantalaimon.options.listenPortThe port where the daemon will listen to client connections for this homeserver. Note that the listen address/port combination needs to be unique between different homeservers.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8009
Declared by:
<nixpkgs/nixos/modules/services/matrix/mjolnir.nix>
|
services.mjolnir.pantalaimon.options.logLevelSet the log level of the daemon.
Type: one of "info", "warning", "error", "debug"
Default: "warning"
Declared by:
<nixpkgs/nixos/modules/services/matrix/mjolnir.nix>
|
services.mjolnir.pantalaimon.options.sslWhether or not SSL verification should be enabled for outgoing connections to the homeserver.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/matrix/mjolnir.nix>
|
services.mjolnir.pantalaimon.passwordFileFile containing the matrix password for the mjolnir user.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/matrix/mjolnir.nix>
|
services.mjolnir.pantalaimon.usernameThe username to login with.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/matrix/mjolnir.nix>
|
services.mjolnir.protectedRoomsA list of rooms to protect (matrix.to URLs).
Type: list of string
Default: [ ]
Example:
[ "https://matrix.to/#/#yourroom:example.org" "https://matrix.to/#/#anotherroom:example.org" ]
Declared by:
<nixpkgs/nixos/modules/services/matrix/mjolnir.nix>
|
services.mjolnir.settingsAdditional settings (see mjolnir default config for available settings). These settings will override settings made by the module config.
Type: YAML value
Default: { }
Example:
{
autojoinOnlyIfManager = true;
automaticallyRedactForReasons = [ "spam" "advertising" ];
}
Declared by:
<nixpkgs/nixos/modules/services/matrix/mjolnir.nix>
|
services.mjpg-streamer.enableWhether to enable mjpg-streamer webcam streamer.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/mjpg-streamer.nix>
|
services.mjpg-streamer.groupmjpg-streamer group name.
Type: string
Default: "video"
Declared by:
<nixpkgs/nixos/modules/services/networking/mjpg-streamer.nix>
|
services.mjpg-streamer.inputPluginInput plugin. See plugins documentation for more information.
Type: string
Default: "input_uvc.so"
Declared by:
<nixpkgs/nixos/modules/services/networking/mjpg-streamer.nix>
|
services.mjpg-streamer.outputPluginOutput plugin. @www@ is substituted for default mjpg-streamer www directory.
See plugins documentation for more information.
Type: string
Default: "output_http.so -w @www@ -n -p 5050"
Declared by:
<nixpkgs/nixos/modules/services/networking/mjpg-streamer.nix>
|
services.mjpg-streamer.usermjpg-streamer user name.
Type: string
Default: "mjpg-streamer"
Declared by:
<nixpkgs/nixos/modules/services/networking/mjpg-streamer.nix>
|
services.mlmmj.enableEnable mlmmj
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/mail/mlmmj.nix>
|
services.mlmmj.groupmailinglist local group
Type: string
Default: "mlmmj"
Declared by:
<nixpkgs/nixos/modules/services/mail/mlmmj.nix>
|
services.mlmmj.listDomainSet the mailing list domain
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/mail/mlmmj.nix>
|
services.mlmmj.mailListsThe collection of hosted maillists
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/mail/mlmmj.nix>
|
services.mlmmj.maintIntervalTime interval between mlmmj-maintd runs, see systemd.time(7) for format information.
Type: string
Default: "20min"
Declared by:
<nixpkgs/nixos/modules/services/mail/mlmmj.nix>
|
services.mlmmj.usermailinglist local user
Type: string
Default: "mlmmj"
Declared by:
<nixpkgs/nixos/modules/services/mail/mlmmj.nix>
|
services.mmsd.enableWhether to enable Multimedia Messaging Service Daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/mmsd.nix>
|
services.mmsd.extraArgsExtra arguments passed to mmsd-tng
Type: list of string
Default: [ ]
Example:
[ "--debug" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/mmsd.nix>
|
services.molly-brown.enableWhether to enable Molly-Brown Gemini server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-servers/molly-brown.nix>
|
services.molly-brown.certPathPath to TLS certificate. An ACME certificate and key may be shared with an HTTP server, but only if molly-brown has permissions allowing it to read such keys.
As an example:
systemd.services.molly-brown.serviceConfig.SupplementaryGroups = [ config.security.acme.certs."example.com".group ];
Type: path
Example: "/var/lib/acme/example.com/cert.pem"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/molly-brown.nix>
|
services.molly-brown.docBaseBase directory for Gemini content.
Type: path
Example: "/var/lib/molly-brown"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/molly-brown.nix>
|
services.molly-brown.hostNameThe hostname to respond to requests for. Requests for URLs with other hosts will result in a status 53 (PROXY REQUEST REFUSED) response.
Type: string
Default: config.networking.hostName
Declared by:
<nixpkgs/nixos/modules/services/web-servers/molly-brown.nix>
|
services.molly-brown.keyPathPath to TLS key. See CertPath.
Type: path
Example: "/var/lib/acme/example.com/key.pem"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/molly-brown.nix>
|
services.molly-brown.portTCP port for molly-brown to bind to.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 1965
Declared by:
<nixpkgs/nixos/modules/services/web-servers/molly-brown.nix>
|
services.molly-brown.settingsmolly-brown configuration. Refer to https://tildegit.org/solderpunk/molly-brown/src/branch/master/example.conf for details on supported values.
Type: TOML value
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/web-servers/molly-brown.nix>
|
services.monero.enableWhether to enable Monero node daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/monero.nix>
|
services.monero.dataDirThe directory where Monero stores its data files.
Type: string
Default: "/var/lib/monero"
Declared by:
<nixpkgs/nixos/modules/services/networking/monero.nix>
|
services.monero.exclusiveNodesList of peer IP addresses to connect to only. If given the other peer options will be ignored.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/monero.nix>
|
services.monero.extraConfigExtra lines to be added verbatim to monerod configuration.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/monero.nix>
|
services.monero.extraNodesList of additional peer IP addresses to add to the local list.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/monero.nix>
|
services.monero.limits.downloadLimit of the download rate in kB/s.
Set to -1 to leave unlimited.
Type: signed integer
Default: -1
Declared by:
<nixpkgs/nixos/modules/services/networking/monero.nix>
|
services.monero.limits.syncSizeMaximum number of blocks to sync at once.
Set to 0 for adaptive.
Type: signed integer
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/networking/monero.nix>
|
services.monero.limits.threadsMaximum number of threads used for a parallel job.
Set to 0 to leave unlimited.
Type: signed integer
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/networking/monero.nix>
|
services.monero.limits.uploadLimit of the upload rate in kB/s.
Set to -1 to leave unlimited.
Type: signed integer
Default: -1
Declared by:
<nixpkgs/nixos/modules/services/networking/monero.nix>
|
services.monero.mining.enableWhether to mine monero.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/monero.nix>
|
services.monero.mining.addressMonero address where to send mining rewards.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/monero.nix>
|
services.monero.mining.threadsNumber of threads used for mining.
Set to 0 to use all available.
Type: signed integer
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/networking/monero.nix>
|
services.monero.priorityNodesList of peer IP addresses to connect to and attempt to keep the connection open.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/monero.nix>
|
services.monero.rpc.addressIP address the RPC server will bind to.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/monero.nix>
|
services.monero.rpc.passwordPassword for RPC connections.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/monero.nix>
|
services.monero.rpc.portPort the RPC server will bind to.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 18081
Declared by:
<nixpkgs/nixos/modules/services/networking/monero.nix>
|
services.monero.rpc.restrictedWhether to restrict RPC to view only commands.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/monero.nix>
|
services.monero.rpc.userUser name for RPC connections.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/monero.nix>
|
services.monetdb.enableWhether to enable the MonetDB database server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/databases/monetdb.nix>
|
services.monetdb.packageMonetDB package to use.
Type: package
Default: pkgs.monetdb
Declared by:
<nixpkgs/nixos/modules/services/databases/monetdb.nix>
|
services.monetdb.dataDirData directory for the dbfarm.
Type: path
Default: "/var/lib/monetdb"
Declared by:
<nixpkgs/nixos/modules/services/databases/monetdb.nix>
|
services.monetdb.groupGroup under which MonetDB runs.
Type: string
Default: "monetdb"
Declared by:
<nixpkgs/nixos/modules/services/databases/monetdb.nix>
|
services.monetdb.listenAddressAddress to listen on.
Type: string
Default: "127.0.0.1"
Example: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/databases/monetdb.nix>
|
services.monetdb.portPort to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 50000
Declared by:
<nixpkgs/nixos/modules/services/databases/monetdb.nix>
|
services.monetdb.userUser account under which MonetDB runs.
Type: string
Default: "monetdb"
Declared by:
<nixpkgs/nixos/modules/services/databases/monetdb.nix>
|
services.mongodb.enableWhether to enable the MongoDB server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/databases/mongodb.nix>
|
services.mongodb.enableAuthEnable client authentication. Creates a default superuser with username root!
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/databases/mongodb.nix>
|
services.mongodb.packageWhich MongoDB derivation to use.
Type: package
Default: pkgs.mongodb
Declared by:
<nixpkgs/nixos/modules/services/databases/mongodb.nix>
|
services.mongodb.bind_ipIP to bind to
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/databases/mongodb.nix>
|
services.mongodb.dbpathLocation where MongoDB stores its files
Type: string
Default: "/var/db/mongodb"
Declared by:
<nixpkgs/nixos/modules/services/databases/mongodb.nix>
|
services.mongodb.extraConfigMongoDB extra configuration in YAML format
Type: strings concatenated with "\n"
Default: ""
Example:
'' storage.journal.enabled: false ''
Declared by:
<nixpkgs/nixos/modules/services/databases/mongodb.nix>
|
services.mongodb.initialRootPasswordPassword for the root user if auth is enabled.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/databases/mongodb.nix>
|
services.mongodb.initialScriptA file containing MongoDB statements to execute on first startup.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/databases/mongodb.nix>
|
services.mongodb.pidFileLocation of MongoDB pid file
Type: string
Default: "/run/mongodb.pid"
Declared by:
<nixpkgs/nixos/modules/services/databases/mongodb.nix>
|
services.mongodb.quietquieter output
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/databases/mongodb.nix>
|
services.mongodb.replSetNameIf this instance is part of a replica set, set its name here. Otherwise, leave empty to run as single node.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/databases/mongodb.nix>
|
services.mongodb.userUser account under which MongoDB runs
Type: string
Default: "mongodb"
Declared by:
<nixpkgs/nixos/modules/services/databases/mongodb.nix>
|
services.monit.enableWhether to enable Monit.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/monit.nix>
|
services.monit.configmonitrc content
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/monit.nix>
|
services.moodle.enableWhether to enable Moodle web application.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/moodle.nix>
|
services.moodle.packageThe Moodle package to use.
Type: package
Default: pkgs.moodle
Declared by:
<nixpkgs/nixos/modules/services/web-apps/moodle.nix>
|
services.moodle.database.createLocallyCreate the database and database user locally.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/moodle.nix>
|
services.moodle.database.hostDatabase host address.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/moodle.nix>
|
services.moodle.database.nameDatabase name.
Type: string
Default: "moodle"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/moodle.nix>
|
services.moodle.database.passwordFileA file containing the password corresponding to
database.user.
Type: null or path
Default: null
Example: "/run/keys/moodle-dbpassword"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/moodle.nix>
|
services.moodle.database.portDatabase host port.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 3306
Declared by:
<nixpkgs/nixos/modules/services/web-apps/moodle.nix>
|
services.moodle.database.socketPath to the unix socket file to use for authentication.
Type: null or path
Default: /run/mysqld/mysqld.sock
Declared by:
<nixpkgs/nixos/modules/services/web-apps/moodle.nix>
|
services.moodle.database.typeDatabase engine to use.
Type: one of "mysql", "pgsql"
Default: "mysql"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/moodle.nix>
|
services.moodle.database.userDatabase user.
Type: string
Default: "moodle"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/moodle.nix>
|
services.moodle.extraConfigAny additional text to be appended to the config.php configuration file. This is a PHP script. For configuration details, see https://docs.moodle.org/37/en/Configuration_file.
Type: strings concatenated with "\n"
Default: ""
Example:
'' $CFG->disableupdatenotifications = true; ''
Declared by:
<nixpkgs/nixos/modules/services/web-apps/moodle.nix>
|
services.moodle.initialPasswordSpecifies the initial password for the admin, i.e. the password assigned if the user does not already exist. The password specified here is world-readable in the Nix store, so it should be changed promptly.
Type: string
Example: "correcthorsebatterystaple"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/moodle.nix>
|
services.moodle.poolConfigOptions for the Moodle PHP pool. See the documentation on php-fpm.conf
for details on configuration directives.
Type: attribute set of (string or signed integer or boolean)
Default:
{
pm = "dynamic";
"pm.max_children" = 32;
"pm.max_requests" = 500;
"pm.max_spare_servers" = 4;
"pm.min_spare_servers" = 2;
"pm.start_servers" = 2;
}Declared by:
<nixpkgs/nixos/modules/services/web-apps/moodle.nix>
|
services.moodle.virtualHostApache configuration can be done by adapting services.httpd.virtualHosts.
See services.httpd.virtualHosts for further information.
Type: submodule
Example:
{
hostName = "moodle.example.org";
adminAddr = "webmaster@example.org";
forceSSL = true;
enableACME = true;
}
Declared by:
<nixpkgs/nixos/modules/services/web-apps/moodle.nix>
|
services.moodle.virtualHost.enableACMEWhether to ask Let's Encrypt to sign a certificate for this vhost.
Alternately, you can use an existing certificate through useACMEHost.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/moodle.nix>
|
services.moodle.virtualHost.enableUserDirWhether to enable serving ~/public_html as
/~«username».
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/moodle.nix>
|
services.moodle.virtualHost.acmeRootDirectory for the acme challenge which is PUBLIC, don't put certs or keys in here. Set to null to inherit from config.security.acme.
Type: null or string
Default: "/var/lib/acme/acme-challenge"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/moodle.nix>
|
services.moodle.virtualHost.addSSLWhether to enable HTTPS in addition to plain HTTP. This will set defaults for
listen to listen on all interfaces on the respective default
ports (80, 443).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/moodle.nix>
|
services.moodle.virtualHost.adminAddrE-mail address of the server administrator.
Type: null or string
Default: null
Example: "admin@example.org"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/moodle.nix>
|
services.moodle.virtualHost.documentRootThe path of Apache's document root directory. If left undefined, an empty directory in the Nix store will be used as root.
Type: null or path
Default: null
Example: "/data/webserver/docs"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/moodle.nix>
|
services.moodle.virtualHost.extraConfigThese lines go to httpd.conf verbatim. They will go after directories and directory aliases defined by default.
Type: strings concatenated with "\n"
Default: ""
Example:
''
<Directory /home>
Options FollowSymlinks
AllowOverride All
</Directory>
''Declared by:
<nixpkgs/nixos/modules/services/web-apps/moodle.nix>
|
services.moodle.virtualHost.forceSSLWhether to add a separate nginx server block that permanently redirects (301)
all plain HTTP traffic to HTTPS. This will set defaults for
listen to listen on all interfaces on the respective default
ports (80, 443), where the non-SSL listens are used for the redirect vhosts.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/moodle.nix>
|
services.moodle.virtualHost.globalRedirectIf set, all requests for this host are redirected permanently to the given URL.
Type: null or string
Default: null
Example: "http://newserver.example.org/"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/moodle.nix>
|
services.moodle.virtualHost.hostNameCanonical hostname for the server.
Type: string
Default: "‹name›"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/moodle.nix>
|
services.moodle.virtualHost.http2Whether to enable HTTP 2. HTTP/2 is supported in all multi-processing modules that come with httpd. However, if you use the prefork mpm, there will be severe restrictions. Refer to https://httpd.apache.org/docs/2.4/howto/http2.html#mpm-config for details.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/moodle.nix>
|
services.moodle.virtualHost.listenListen addresses and ports for this virtual host.
This option overrides addSSL, forceSSL and onlySSL.
If you only want to set the addresses manually and not the ports, take a look at listenAddresses.
Type: list of (submodule)
Default: [ ]
Example:
[
{
ip = "195.154.1.1";
port = 443;
ssl = true;
}
{
ip = "192.154.1.1";
port = 80;
}
{
ip = "*";
port = 8080;
}
]Declared by:
<nixpkgs/nixos/modules/services/web-apps/moodle.nix>
|
services.moodle.virtualHost.listen.*.ipIP to listen on. 0.0.0.0 for IPv4 only, * for all.
Type: string
Default: "*"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/moodle.nix>
|
services.moodle.virtualHost.listen.*.portPort to listen on
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Declared by:
<nixpkgs/nixos/modules/services/web-apps/moodle.nix>
|
services.moodle.virtualHost.listen.*.sslWhether to enable SSL (https) support.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/moodle.nix>
|
services.moodle.virtualHost.listenAddressesListen addresses for this virtual host.
Compared to listen this only sets the addresses
and the ports are chosen automatically.
Type: non-empty (list of string)
Default:
[ "*" ]
Example:
[ "127.0.0.1" ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/moodle.nix>
|
services.moodle.virtualHost.locationsDeclarative location config. See https://httpd.apache.org/docs/2.4/mod/core.html#location for details.
Type: attribute set of (submodule)
Default: { }
Example:
{
"/" = {
proxyPass = "http://localhost:3000";
};
"/foo/bar.png" = {
alias = "/home/eelco/some-file.png";
};
};
Declared by:
<nixpkgs/nixos/modules/services/web-apps/moodle.nix>
|
services.moodle.virtualHost.locations.<name>.aliasAlias directory for requests. See https://httpd.apache.org/docs/2.4/mod/mod_alias.html#alias.
Type: null or path
Default: null
Example: "/your/alias/directory"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/moodle.nix>
|
services.moodle.virtualHost.locations.<name>.extraConfigThese lines go to the end of the location verbatim.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/moodle.nix>
|
services.moodle.virtualHost.locations.<name>.indexAdds DirectoryIndex directive. See https://httpd.apache.org/docs/2.4/mod/mod_dir.html#directoryindex.
Type: null or string
Default: null
Example: "index.php index.html"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/moodle.nix>
|
services.moodle.virtualHost.locations.<name>.priorityOrder of this location block in relation to the others in the vhost.
The semantics are the same as with lib.mkOrder. Smaller values have
a greater priority.
Type: signed integer
Default: 1000
Declared by:
<nixpkgs/nixos/modules/services/web-apps/moodle.nix>
|
services.moodle.virtualHost.locations.<name>.proxyPassSets up a simple reverse proxy as described by https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html#simple.
Type: null or string
Default: null
Example: "http://www.example.org/"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/moodle.nix>
|
services.moodle.virtualHost.logFormatLog format for Apache's log files. Possible values are: combined, common, referer, agent.
Type: string
Default: "common"
Example: "combined"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/moodle.nix>
|
services.moodle.virtualHost.onlySSLWhether to enable HTTPS and reject plain HTTP connections. This will set
defaults for listen to listen on all interfaces on port 443.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/moodle.nix>
|
services.moodle.virtualHost.robotsEntriesSpecification of pages to be ignored by web crawlers. See http://www.robotstxt.org/ for details.
Type: strings concatenated with "\n"
Default: ""
Example: "Disallow: /foo/"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/moodle.nix>
|
services.moodle.virtualHost.servedDirsThis option provides a simple way to serve static directories.
Type: list of (attribute set)
Default: [ ]
Example:
[
{
dir = "/home/eelco/Dev/nix-homepage";
urlPath = "/nix";
}
]Declared by:
<nixpkgs/nixos/modules/services/web-apps/moodle.nix>
|
services.moodle.virtualHost.servedFilesThis option provides a simple way to serve individual, static files.
This option has been deprecated and will be removed in a future
version of NixOS. You can achieve the same result by making use of
the locations.<name>.alias option.
Type: list of (attribute set)
Default: [ ]
Example:
[
{
file = "/home/eelco/some-file.png";
urlPath = "/foo/bar.png";
}
]Declared by:
<nixpkgs/nixos/modules/services/web-apps/moodle.nix>
|
services.moodle.virtualHost.serverAliasesAdditional names of virtual hosts served by this virtual host configuration.
Type: list of string
Default: [ ]
Example:
[ "www.example.org" "www.example.org:8080" "example.org" ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/moodle.nix>
|
services.moodle.virtualHost.sslServerCertPath to server SSL certificate.
Type: path
Example: "/var/host.cert"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/moodle.nix>
|
services.moodle.virtualHost.sslServerChainPath to server SSL chain file.
Type: null or path
Default: null
Example: "/var/ca.pem"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/moodle.nix>
|
services.moodle.virtualHost.sslServerKeyPath to server SSL certificate key.
Type: path
Example: "/var/host.key"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/moodle.nix>
|
services.moodle.virtualHost.useACMEHostA host of an existing Let's Encrypt certificate to use.
This is useful if you have many subdomains and want to avoid hitting the
rate limit.
Alternately, you can generate a certificate through enableACME.
Note that this option does not create any certificates, nor it does add subdomains to existing ones – you will need to create them manually using security.acme.certs.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/moodle.nix>
|
services.moonraker.enableWhether to enable Moonraker, an API web server for Klipper.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/moonraker.nix>
|
services.moonraker.addressThe IP or host to listen on.
Type: string
Default: "127.0.0.1"
Example: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/misc/moonraker.nix>
|
services.moonraker.allowSystemControlWhether to allow Moonraker to perform system-level operations.
Moonraker exposes APIs to perform system-level operations, such as reboot, shutdown, and management of systemd units. See the documentation for details on what clients are able to do.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/moonraker.nix>
|
services.moonraker.configDirThe directory containing client-writable configuration files.
Clients will be able to edit files in this directory via the API. This directory must be writable.
Type: path
Default: config.services.moonraker.stateDir + "/config"
Declared by:
<nixpkgs/nixos/modules/services/misc/moonraker.nix>
|
services.moonraker.groupGroup account under which Moonraker runs.
Type: string
Default: "moonraker"
Declared by:
<nixpkgs/nixos/modules/services/misc/moonraker.nix>
|
services.moonraker.klipperSocketPath to Klipper's API socket.
Type: path
Default: config.services.klipper.apiSocket
Declared by:
<nixpkgs/nixos/modules/services/misc/moonraker.nix>
|
services.moonraker.portThe port to listen on.
Type: unsigned integer, meaning >=0
Default: 7125
Declared by:
<nixpkgs/nixos/modules/services/misc/moonraker.nix>
|
services.moonraker.settingsConfiguration for Moonraker. See the documentation for supported values.
Type: attribute set of attribute set of (INI atom (null, bool, int, float or string) or a non-empty list of them)
Default: { }
Example:
{
authorization = {
cors_domains = [
"https://app.fluidd.xyz"
];
trusted_clients = [
"10.0.0.0/24"
];
};
}Declared by:
<nixpkgs/nixos/modules/services/misc/moonraker.nix>
|
services.moonraker.stateDirThe directory containing the Moonraker databases.
Type: path
Default: "/var/lib/moonraker"
Declared by:
<nixpkgs/nixos/modules/services/misc/moonraker.nix>
|
services.moonraker.userUser account under which Moonraker runs.
Type: string
Default: "moonraker"
Declared by:
<nixpkgs/nixos/modules/services/misc/moonraker.nix>
|
services.moosefs.chunkserver.enableWhether to enable Moosefs chunkserver daemon..
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/moosefs.nix>
|
services.moosefs.chunkserver.hddsMount points to be used by chunkserver for storage (see mfshdd.cfg).
Type: list of string
Default: null
Example:
[ "/mnt/hdd1" ]
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/moosefs.nix>
|
services.moosefs.chunkserver.openFirewallWhether to automatically open the necessary ports in the firewall.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/moosefs.nix>
|
services.moosefs.chunkserver.settingsContents of chunkserver config file (mfschunkserver.cfg).
Type: attribute set of (Flat key-value file)
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/moosefs.nix>
|
services.moosefs.chunkserver.settings.DATA_PATHDirectory for lock file.
Type: string
Default: "/var/lib/mfs"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/moosefs.nix>
|
services.moosefs.client.enableWhether to enable Moosefs client..
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/moosefs.nix>
|
services.moosefs.master.enableEnable Moosefs master daemon.
You need to run mfsmaster-init on a freshly installed master server to
initialize the DATA_PATH directory.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/moosefs.nix>
|
services.moosefs.master.exportsPaths to export (see mfsexports.cfg).
Type: list of string
Default: null
Example:
[ "* / rw,alldirs,admin,maproot=0:0" "* . rw" ]
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/moosefs.nix>
|
services.moosefs.master.openFirewallWhether to automatically open the necessary ports in the firewall.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/moosefs.nix>
|
services.moosefs.master.settingsContents of config file (mfsmaster.cfg).
Type: attribute set of (Flat key-value file)
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/moosefs.nix>
|
services.moosefs.master.settings.DATA_PATHData storage directory.
Type: string
Default: "/var/lib/mfs"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/moosefs.nix>
|
services.moosefs.masterHostIP or DNS name of master host.
Type: string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/moosefs.nix>
|
services.moosefs.metalogger.enableWhether to enable Moosefs metalogger daemon..
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/moosefs.nix>
|
services.moosefs.metalogger.settingsContents of metalogger config file (mfsmetalogger.cfg).
Type: attribute set of (Flat key-value file)
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/moosefs.nix>
|
services.moosefs.metalogger.settings.DATA_PATHData storage directory
Type: string
Default: "/var/lib/mfs"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/moosefs.nix>
|
services.moosefs.runAsUserRun daemons as user moosefs instead of root.
Type: boolean
Default: true
Example: true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/moosefs.nix>
|
services.mopidy.enableWhether to enable Mopidy, a music player daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/audio/mopidy.nix>
|
services.mopidy.configurationThe configuration that Mopidy should use.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/audio/mopidy.nix>
|
services.mopidy.dataDirThe directory where Mopidy stores its state.
Type: string
Default: "/var/lib/mopidy"
Declared by:
<nixpkgs/nixos/modules/services/audio/mopidy.nix>
|
services.mopidy.extensionPackagesMopidy extensions that should be loaded by the service.
Type: list of package
Default: [ ]
Example: [ pkgs.mopidy-spotify ]
Declared by:
<nixpkgs/nixos/modules/services/audio/mopidy.nix>
|
services.mopidy.extraConfigFilesExtra config file read by Mopidy when the service starts. Later files in the list overrides earlier configuration.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/audio/mopidy.nix>
|
services.morty.enableWhether to enable Morty proxy server. See https://github.com/asciimoo/morty.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/morty.nix>
|
services.morty.packagemorty package to use.
Type: package
Default: pkgs.morty
Declared by:
<nixpkgs/nixos/modules/services/networking/morty.nix>
|
services.morty.ipv6Allow IPv6 HTTP requests?
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/morty.nix>
|
services.morty.keyHMAC url validation key (hexadecimal encoded).
Leave blank to disable. Without validation key, anyone can
submit proxy requests. Leave blank to disable.
Generate with printf %s somevalue | openssl dgst -sha1 -hmac somekey
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/morty.nix>
|
services.morty.listenAddressThe address on which the service listens
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/morty.nix>
|
services.morty.portListing port
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 3000
Declared by:
<nixpkgs/nixos/modules/services/networking/morty.nix>
|
services.morty.timeoutRequest timeout in seconds.
Type: signed integer
Default: 2
Declared by:
<nixpkgs/nixos/modules/services/networking/morty.nix>
|
services.mosquitto.enableWhether to enable the MQTT Mosquitto broker.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/mosquitto.nix>
|
services.mosquitto.packageMosquitto package to use.
Type: package
Default: pkgs.mosquitto
Declared by:
<nixpkgs/nixos/modules/services/networking/mosquitto.nix>
|
services.mosquitto.bridgesBridges to build to other MQTT brokers.
Type: attribute set of (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/mosquitto.nix>
|
services.mosquitto.bridges.<name>.addressesRemote endpoints for the bridge.
Type: list of (submodule)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/mosquitto.nix>
|
services.mosquitto.bridges.<name>.addresses.*.addressAddress of the remote MQTT broker.
Type: single-line string
Declared by:
<nixpkgs/nixos/modules/services/networking/mosquitto.nix>
|
services.mosquitto.bridges.<name>.addresses.*.portPort of the remote MQTT broker.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 1883
Declared by:
<nixpkgs/nixos/modules/services/networking/mosquitto.nix>
|
services.mosquitto.bridges.<name>.settingsAdditional settings for this bridge.
Type: attribute set of (string, path, bool, or integer)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/mosquitto.nix>
|
services.mosquitto.bridges.<name>.topicsTopic patterns to be shared between the two brokers. Refer to the mosquitto.conf documentation for details on the format.
Type: list of single-line string
Default: [ ]
Example:
[ "# both 2 local/topic/ remote/topic/" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/mosquitto.nix>
|
services.mosquitto.dataDirThe data directory.
Type: path
Default: "/var/lib/mosquitto"
Declared by:
<nixpkgs/nixos/modules/services/networking/mosquitto.nix>
|
services.mosquitto.includeDirsDirectories to be scanned for further config files to include.
Directories will processed in the order given,
*.conf files in the directory will be
read in case-sensitive alphabetical order.
Type: list of path
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/mosquitto.nix>
|
services.mosquitto.listenersListeners to configure on this broker.
Type: list of (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/mosquitto.nix>
|
services.mosquitto.listeners.*.aclAdditional ACL items to prepend to the generated ACL file.
Type: list of single-line string
Default: [ ]
Example:
[ "pattern read #" "topic readwrite anon/report/#" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/mosquitto.nix>
|
services.mosquitto.listeners.*.addressAddress to listen on. Listen on 0.0.0.0/::
when unset.
Type: null or single-line string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/mosquitto.nix>
|
services.mosquitto.listeners.*.authPluginsAuthentication plugin to attach to this listener. Refer to the mosquitto.conf documentation for details on authentication plugins.
Type: list of (submodule)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/mosquitto.nix>
|
services.mosquitto.listeners.*.authPlugins.*.denySpecialCharsAutomatically disallow all clients using #
or + in their name/id.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/mosquitto.nix>
|
services.mosquitto.listeners.*.authPlugins.*.optionsOptions for the auth plugin. Each key turns into a auth_opt_*
line in the config.
Type: attribute set of (string, path, bool, or integer)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/mosquitto.nix>
|
services.mosquitto.listeners.*.authPlugins.*.pluginPlugin path to load, should be a .so file.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/networking/mosquitto.nix>
|
services.mosquitto.listeners.*.omitPasswordAuthOmits password checking, allowing anyone to log in with any user name unless other mandatory authentication methods (eg TLS client certificates) are configured.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/mosquitto.nix>
|
services.mosquitto.listeners.*.portPort to listen on. Must be set to 0 to listen on a unix domain socket.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 1883
Declared by:
<nixpkgs/nixos/modules/services/networking/mosquitto.nix>
|
services.mosquitto.listeners.*.settingsAdditional settings for this listener.
Type: attribute set of (string, path, bool, or integer)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/mosquitto.nix>
|
services.mosquitto.listeners.*.usersA set of users and their passwords and ACLs.
Type: attribute set of (submodule)
Default: { }
Example:
{
john = {
acl = [
"readwrite john/#"
];
password = "123456";
};
}Declared by:
<nixpkgs/nixos/modules/services/networking/mosquitto.nix>
|
services.mosquitto.listeners.*.users.<name>.aclControl client access to topics on the broker.
Type: list of single-line string
Default: [ ]
Example:
[ "read A/B" "readwrite A/#" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/mosquitto.nix>
|
services.mosquitto.listeners.*.users.<name>.hashedPasswordSpecifies the hashed password for the MQTT User.
To generate hashed password install the mosquitto
package and use mosquitto_passwd, then extract
the second field (after the :) from the generated
file.
Type: null or single-line string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/mosquitto.nix>
|
services.mosquitto.listeners.*.users.<name>.hashedPasswordFileSpecifies the path to a file containing the
hashed password for the MQTT user.
To generate hashed password install the mosquitto
package and use mosquitto_passwd, then remove the
username: prefix from the generated file.
Type: null or path
Default: null
Example: "/path/to/file"
Declared by:
<nixpkgs/nixos/modules/services/networking/mosquitto.nix>
|
services.mosquitto.listeners.*.users.<name>.passwordSpecifies the (clear text) password for the MQTT User.
Type: null or single-line string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/mosquitto.nix>
|
services.mosquitto.listeners.*.users.<name>.passwordFileSpecifies the path to a file containing the clear text password for the MQTT user.
Type: null or path
Default: null
Example: "/path/to/file"
Declared by:
<nixpkgs/nixos/modules/services/networking/mosquitto.nix>
|
services.mosquitto.logDestDestinations to send log messages to.
Type: list of (path or one of "stdout", "stderr", "syslog", "topic", "dlt")
Default:
[ "stderr" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/mosquitto.nix>
|
services.mosquitto.logTypeTypes of messages to log.
Type: list of (one of "debug", "error", "warning", "notice", "information", "subscribe", "unsubscribe", "websockets", "none", "all")
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/mosquitto.nix>
|
services.mosquitto.persistenceEnable persistent storage of subscriptions and messages.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/mosquitto.nix>
|
services.mosquitto.settingsGlobal configuration options for the mosquitto broker.
Type: attribute set of (string, path, bool, or integer)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/mosquitto.nix>
|
services.mozillavpn.enableWhether to enable Mozilla VPN daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/mozillavpn.nix>
|
services.mpd.enableWhether to enable MPD, the music player daemon.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/audio/mpd.nix>
|
services.mpd.credentialsCredentials and permissions for accessing the mpd server.
Type: list of (submodule)
Default: [ ]
Example:
[
{
passwordFile = "/var/lib/secrets/mpd_readonly_password";
permissions = [
"read"
];
}
{
passwordFile = "/var/lib/secrets/mpd_admin_password";
permissions = [
"read"
"add"
"control"
"admin"
];
}
]Declared by:
<nixpkgs/nixos/modules/services/audio/mpd.nix>
|
services.mpd.credentials.*.passwordFilePath to file containing the password.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/audio/mpd.nix>
|
services.mpd.credentials.*.permissionsList of permissions that are granted with this password. Permissions can be "read", "add", "control", "admin".
Type: list of (one of "read", "add", "control", "admin")
Default:
[ "read" ]
Declared by:
<nixpkgs/nixos/modules/services/audio/mpd.nix>
|
services.mpd.dataDirThe directory where MPD stores its state, tag cache, playlists etc. If left as the default value this directory will automatically be created before the MPD server starts, otherwise the sysadmin is responsible for ensuring the directory exists with appropriate ownership and permissions.
Type: path
Default: "/var/lib/mpd"
Declared by:
<nixpkgs/nixos/modules/services/audio/mpd.nix>
|
services.mpd.dbFileThe path to MPD's database. If set to null the
parameter is omitted from the configuration.
Type: null or string
Default: "${dataDir}/tag_cache"
Declared by:
<nixpkgs/nixos/modules/services/audio/mpd.nix>
|
services.mpd.extraConfigExtra directives added to to the end of MPD's configuration file,
mpd.conf. Basic configuration like file location and uid/gid
is added automatically to the beginning of the file. For available
options see man 5 mpd.conf'.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/audio/mpd.nix>
|
services.mpd.fluidsynthIf set, add fluidsynth soundfont and configure the plugin.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/audio/mpd.nix>
|
services.mpd.groupGroup account under which MPD runs.
Type: string
Default: "mpd"
Declared by:
<nixpkgs/nixos/modules/services/audio/mpd.nix>
|
services.mpd.musicDirectoryThe directory or NFS/SMB network share where MPD reads music from. If left as the default value this directory will automatically be created before the MPD server starts, otherwise the sysadmin is responsible for ensuring the directory exists with appropriate ownership and permissions.
Type: path or string matching the pattern (http|https|nfs|smb)://.+
Default: "${dataDir}/music"
Declared by:
<nixpkgs/nixos/modules/services/audio/mpd.nix>
|
services.mpd.network.listenAddressThe address for the daemon to listen on.
Use any to listen on all addresses.
Type: string
Default: "127.0.0.1"
Example: "any"
Declared by:
<nixpkgs/nixos/modules/services/audio/mpd.nix>
|
services.mpd.network.portThis setting is the TCP port that is desired for the daemon to get assigned to.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 6600
Declared by:
<nixpkgs/nixos/modules/services/audio/mpd.nix>
|
services.mpd.playlistDirectoryThe directory where MPD stores playlists. If left as the default value this directory will automatically be created before the MPD server starts, otherwise the sysadmin is responsible for ensuring the directory exists with appropriate ownership and permissions.
Type: path
Default: "${dataDir}/playlists"
Declared by:
<nixpkgs/nixos/modules/services/audio/mpd.nix>
|
services.mpd.startWhenNeededIf set, mpd is socket-activated; that is, instead of having it permanently running as a daemon, systemd will start it on the first incoming connection.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/audio/mpd.nix>
|
services.mpd.userUser account under which MPD runs.
Type: string
Default: "mpd"
Declared by:
<nixpkgs/nixos/modules/services/audio/mpd.nix>
|
services.mpdscribble.enableWhether to enable mpdscribble.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/audio/mpdscribble.nix>
|
services.mpdscribble.endpointsEndpoints to scrobble to. If the endpoint is one of "jamendo", "last.fm", "libre.fm", "listenbrainz" the url is set automatically.
Type: attribute set of (submodule)
Default: { }
Example:
{
"last.fm" = {
passwordFile = "/run/secrets/lastfm_password";
username = "foo";
};
}Declared by:
<nixpkgs/nixos/modules/services/audio/mpdscribble.nix>
|
services.mpdscribble.endpoints.<name>.passwordFileFile containing the password, either as MD5SUM or cleartext.
Type: null or string
Declared by:
<nixpkgs/nixos/modules/services/audio/mpdscribble.nix>
|
services.mpdscribble.endpoints.<name>.urlThe url endpoint where the scrobble API is listening.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/audio/mpdscribble.nix>
|
services.mpdscribble.endpoints.<name>.usernameUsername for the scrobble service.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/audio/mpdscribble.nix>
|
services.mpdscribble.hostHost for the mpdscribble daemon to search for a mpd daemon on.
Type: string
Default:
if config.services.mpd.network.listenAddress != "any" then config.services.mpd.network.listenAddress else "localhost"
Declared by:
<nixpkgs/nixos/modules/services/audio/mpdscribble.nix>
|
services.mpdscribble.journalIntervalHow often should mpdscribble save the journal file? [seconds]
Type: signed integer
Default: 600
Example: 60
Declared by:
<nixpkgs/nixos/modules/services/audio/mpdscribble.nix>
|
services.mpdscribble.passwordFileFile containing the password for the mpd daemon.
If there is a local mpd configured using services.mpd.credentials
the default is automatically set to a matching passwordFile of the local mpd.
Type: null or string
Default: The first password file with read access configured for MPD when using a local instance,
otherwise null.
Declared by:
<nixpkgs/nixos/modules/services/audio/mpdscribble.nix>
|
services.mpdscribble.portPort for the mpdscribble daemon to search for a mpd daemon on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: config.services.mpd.network.port
Declared by:
<nixpkgs/nixos/modules/services/audio/mpdscribble.nix>
|
services.mpdscribble.proxyHTTP proxy URL.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/audio/mpdscribble.nix>
|
services.mpdscribble.verboseLog level for the mpdscribble daemon.
Type: signed integer
Default: 1
Declared by:
<nixpkgs/nixos/modules/services/audio/mpdscribble.nix>
|
services.mstpd.enableWhether to enable the multiple spanning tree protocol daemon.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/mstpd.nix>
|
services.mtprotoproxy.enableWhether to enable mtprotoproxy.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/mtprotoproxy.nix>
|
services.mtprotoproxy.adTagTag for advertising that can be obtained from @MTProxybot.
Type: null or string
Default: null
Example: "3c09c680b76ee91a4c25ad51f742267d"
Declared by:
<nixpkgs/nixos/modules/services/networking/mtprotoproxy.nix>
|
services.mtprotoproxy.extraConfigExtra configuration options for mtprotoproxy.
Type: attribute set
Default: { }
Example:
{
STATS_PRINT_PERIOD = 600;
}Declared by:
<nixpkgs/nixos/modules/services/networking/mtprotoproxy.nix>
|
services.mtprotoproxy.portTCP port to accept mtproto connections on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 3256
Declared by:
<nixpkgs/nixos/modules/services/networking/mtprotoproxy.nix>
|
services.mtprotoproxy.secureOnlyDon't allow users to connect in non-secure mode (without random padding).
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/mtprotoproxy.nix>
|
services.mtprotoproxy.usersAllowed users and their secrets. A secret is a 32 characters long hex string.
Type: attribute set of string
Example:
{
tg = "00000000000000000000000000000000";
tg2 = "0123456789abcdef0123456789abcdef";
}Declared by:
<nixpkgs/nixos/modules/services/networking/mtprotoproxy.nix>
|
services.mtr-exporter.enableWhether to enable a Prometheus exporter for MTR.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/mtr-exporter.nix>
|
services.mtr-exporter.addressListen address for MTR exporter.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/mtr-exporter.nix>
|
services.mtr-exporter.intervalInterval between MTR checks in seconds.
Type: signed integer
Default: 60
Declared by:
<nixpkgs/nixos/modules/services/networking/mtr-exporter.nix>
|
services.mtr-exporter.mtrFlagsAdditional flags to pass to MTR.
Type: list of string
Default: [ ]
Example:
[ "-G1" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/mtr-exporter.nix>
|
services.mtr-exporter.portListen port for MTR exporter.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8080
Declared by:
<nixpkgs/nixos/modules/services/networking/mtr-exporter.nix>
|
services.mtr-exporter.targetTarget to check using MTR.
Type: string
Example: "example.org"
Declared by:
<nixpkgs/nixos/modules/services/networking/mtr-exporter.nix>
|
services.mullvad-vpn.enableThis option enables Mullvad VPN daemon.
This sets networking.firewall.checkReversePath to "loose", which might be undesirable for security.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/mullvad-vpn.nix>
|
services.mullvad-vpn.enableExcludeWrapperThis option activates the wrapper that allows the use of mullvad-exclude. Might have minor security impact, so consider disabling if you do not use the feature.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/mullvad-vpn.nix>
|
services.mullvad-vpn.packageThe Mullvad package to use. pkgs.mullvad only provides the CLI tool, pkgs.mullvad-vpn provides both the CLI and the GUI.
Type: package
Default: pkgs.mullvad
Declared by:
<nixpkgs/nixos/modules/services/networking/mullvad-vpn.nix>
|
services.multipath.enableWhether to enable the device mapper multipath (DM-MP) daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
|
services.multipath.packagemultipath-tools package to use
Type: package
Default: pkgs.multipath-tools
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
|
services.multipath.blacklistThis section defines which devices should be excluded from the multipath topology discovery.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
|
services.multipath.blacklist_exceptionsThis section defines which devices should be included in the multipath topology discovery, despite being listed in the blacklist section.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
|
services.multipath.defaultsThis section defines default values for attributes which are used whenever no values are given in the appropriate device or multipath sections.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
|
services.multipath.devicesThis option allows you to define arrays for use in multipath groups.
Type: list of (submodule)
Default: [ ]
Example:
[
{
vendor = "\"COMPELNT\"";
product = "\"Compellent Vol\"";
path_checker = "tur";
no_path_retry = "queue";
max_sectors_kb = 256;
}, ...
]
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
|
services.multipath.devices.*.alias_prefixThe user_friendly_names prefix to use for this device type, instead of the default mpath
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
|
services.multipath.devices.*.all_tg_ptSet the 'all targets ports' flag when registering keys with mpathpersist
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
|
services.multipath.devices.*.deferred_removeIf set to "yes", multipathd will do a deferred remove instead of a regular remove when the last path device has been deleted. This means that if the multipath device is still in use, it will be freed when the last user closes it. If path is added to the multipath device before the last user closes it, the deferred remove will be canceled.
Type: null or one of "yes", "no"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
|
services.multipath.devices.*.delay_wait_checksThis option is deprecated, and mapped to san_path_err_recovery_time
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
|
services.multipath.devices.*.delay_watch_checksThis option is deprecated, and mapped to san_path_err_forget_rate
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
|
services.multipath.devices.*.detect_checkerIf set to "yes", multipath will try to detect if the device supports SCSI-3 ALUA. If so, the device will automatically use the tur checker. If set to "no", the checker will be selected as usual.
Type: null or one of "yes", "no"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
|
services.multipath.devices.*.detect_prioIf set to "yes", multipath will try to detect if the device supports SCSI-3 ALUA. If so, the device will automatically use the sysfs prioritizer if the required sysf attributes access_state and preferred_path are supported, or the alua prioritizer if not. If set to "no", the prioritizer will be selected as usual.
Type: null or one of "yes", "no"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
|
services.multipath.devices.*.dev_loss_tmoSpecify the number of seconds the SCSI layer will wait after a problem has been detected on a FC remote port before removing it from the system. This can be set to "infinity" which sets it to the max value of 2147483647 seconds, or 68 years. It will be automatically adjusted to the overall retry interval no_path_retry * polling_interval if a number of retries is given with no_path_retry and the overall retry interval is longer than the specified dev_loss_tmo value. The Linux kernel will cap this value to 600 if fast_io_fail_tmo is not set.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
|
services.multipath.devices.*.failbackTell multipathd how to manage path group failback. Quote integers as strings
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
|
services.multipath.devices.*.fast_io_fail_tmoSpecify the number of seconds the SCSI layer will wait after a problem has been detected on a FC remote port before failing I/O to devices on that remote port. This should be smaller than dev_loss_tmo. Setting this to "off" will disable the timeout. Quote integers as strings.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
|
services.multipath.devices.*.featuresSpecify any device-mapper features to be used
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
|
services.multipath.devices.*.flush_on_last_delIf set to "yes" multipathd will disable queueing when the last path to a device has been deleted.
Type: null or one of "yes", "no"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
|
services.multipath.devices.*.getuid_callout(Superseded by uid_attribute) The default program and args to callout to obtain a unique path identifier. Should be specified with an absolute path.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
|
services.multipath.devices.*.ghost_delaySets the number of seconds that multipath will wait after creating a device with only ghost paths before marking it ready for use in systemd
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
|
services.multipath.devices.*.hardware_handlerThe hardware handler to use for this device type
Type: null or one of "emc", "rdac", "hp_sw", "alua", "ana"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
|
services.multipath.devices.*.marginal_path_double_failed_timeOne of the four parameters of supporting path check based on accounting IO error such as intermittent error
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
|
services.multipath.devices.*.marginal_path_err_rate_thresholdThe error rate threshold as a permillage (1/1000)
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
|
services.multipath.devices.*.marginal_path_err_recheck_gap_timeOne of the four parameters of supporting path check based on accounting IO error such as intermittent error
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
|
services.multipath.devices.*.marginal_path_err_sample_timeOne of the four parameters of supporting path check based on accounting IO error such as intermittent error
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
|
services.multipath.devices.*.max_sectors_kbSets the max_sectors_kb device parameter on all path devices and the multipath device to the specified value
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
|
services.multipath.devices.*.no_path_retrySpecify what to do when all paths are down. Quote integers as strings
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
|
services.multipath.devices.*.path_checkerThe default method used to determine the paths state
Type: one of "readsector0", "tur", "emc_clariion", "hp_sw", "rdac", "directio", "cciss_tur", "none"
Default: "tur"
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
|
services.multipath.devices.*.path_grouping_policyThe default path grouping policy to apply to unspecified multipaths
Type: null or one of "failover", "multibus", "group_by_serial", "group_by_prio", "group_by_node_name"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
|
services.multipath.devices.*.path_selectorThe default path selector algorithm to use; they are offered by the kernel multipath target
Type: null or one of ""round-robin 0"", ""queue-length 0"", ""service-time 0"", ""historical-service-time 0""
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
|
services.multipath.devices.*.prioThe name of the path priority routine
Type: null or one of "none", "const", "sysfs", "emc", "alua", "ontap", "rdac", "hp_sw", "hds", "random", "weightedpath", "path_latency", "ana", "datacore", "iet"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
|
services.multipath.devices.*.prio_argsArguments to pass to to the prio function
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
|
services.multipath.devices.*.productRegular expression to match the product name
Type: string
Example: "Compellent Vol"
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
|
services.multipath.devices.*.product_blacklistProducts with the given vendor matching this string are blacklisted
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
|
services.multipath.devices.*.revisionRegular expression to match the product revision
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
|
services.multipath.devices.*.rr_min_ioNumber of I/O requests to route to a path before switching to the next in the same path group. This is only for Block I/O (BIO) based multipath and only apply to round-robin path_selector.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
|
services.multipath.devices.*.rr_min_io_rqNumber of I/O requests to route to a path before switching to the next in the same path group. This is only for Request based multipath and only apply to round-robin path_selector.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
|
services.multipath.devices.*.rr_weightIf set to priorities the multipath configurator will assign path weights as "path prio * rr_min_io".
Type: null or one of "priorities", "uniform"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
|
services.multipath.devices.*.san_path_err_forget_rateIf set to a value greater than 0, multipathd will check whether the path failures has exceeded the san_path_err_threshold within this many checks i.e san_path_err_forget_rate. If so we will not reinstante the path till san_path_err_recovery_time.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
|
services.multipath.devices.*.san_path_err_recovery_timeIf set to a value greater than 0, multipathd will make sure that when path failures has exceeded the san_path_err_threshold within san_path_err_forget_rate then the path will be placed in failed state for san_path_err_recovery_time duration. Once san_path_err_recovery_time has timeout we will reinstante the failed path. san_path_err_recovery_time value should be in secs.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
|
services.multipath.devices.*.san_path_err_thresholdIf set to a value greater than 0, multipathd will watch paths and check how many times a path has been failed due to errors.If the number of failures on a particular path is greater then the san_path_err_threshold, then the path will not reinstate till san_path_err_recovery_time. These path failures should occur within a san_path_err_forget_rate checks, if not we will consider the path is good enough to reinstantate.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
|
services.multipath.devices.*.skip_kpartxIf set to yes, kpartx will not automatically create partitions on the device
Type: null or one of "yes", "no"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
|
services.multipath.devices.*.uid_attributeThe udev attribute providing a unique path identifier (WWID)
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
|
services.multipath.devices.*.user_friendly_namesIf set to "yes", using the bindings file /etc/multipath/bindings to assign a persistent and unique alias to the multipath, in the form of mpath. If set to "no" use the WWID as the alias. In either case this be will be overridden by any specific aliases in the multipaths section.
Type: null or one of "yes", "no"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
|
services.multipath.devices.*.vendorRegular expression to match the vendor name
Type: string
Example: "COMPELNT"
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
|
services.multipath.devices.*.vpd_vendorThe vendor specific vpd page information, using the vpd page abbreviation
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
|
services.multipath.extraConfigLines to append to default multipath.conf
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
|
services.multipath.extraConfigFileAppend an additional file's contents to /etc/multipath.conf
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
|
services.multipath.overridesThis section defines values for attributes that should override the device-specific settings for all devices.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
|
services.multipath.pathGroupsThis option allows you to define multipath groups as described in http://christophe.varoqui.free.fr/usage.html.
Type: list of (submodule)
Example:
[
{
wwid = "360080e500043b35c0123456789abcdef";
alias = 10001234;
array = "bigarray.example.com";
fsType = "zfs"; # optional
options = "ro"; # optional
}, ...
]
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
|
services.multipath.pathGroups.*.aliasThe name of the multipath device
Type: signed integer
Example: 1001234
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
|
services.multipath.pathGroups.*.arrayThe DNS name of the storage array
Type: string
Default: null
Example: "bigarray.example.com"
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
|
services.multipath.pathGroups.*.fsTypeType of the filesystem
Type: null or string
Default: null
Example: "zfs"
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
|
services.multipath.pathGroups.*.optionsOptions used to mount the file system
Type: null or string
Default: null
Example: "ro"
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
|
services.multipath.pathGroups.*.wwidThe identifier for the multipath device
Type: string (with check: hexadecimal string)
Example: "360080e500043b35c0123456789abcdef"
Declared by:
<nixpkgs/nixos/modules/services/networking/multipath.nix>
|
services.munge.enableWhether to enable munge service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/security/munge.nix>
|
services.munge.passwordThe path to a daemon's secret key.
Type: path
Default: "/etc/munge/munge.key"
Declared by:
<nixpkgs/nixos/modules/services/security/munge.nix>
|
services.munin-cron.enableEnable munin-cron. Takes care of all heavy lifting to collect data from nodes and draws graphs to html. Runs munin-update, munin-limits, munin-graphs and munin-html in that order.
HTML output is in /var/www/munin/, configure your
favourite webserver to serve static files.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/munin.nix>
|
services.munin-cron.extraCSSCustom styling for the HTML that munin-cron generates. This will be appended to the CSS files used by munin-cron and will thus take precedence over the builtin styles.
Type: strings concatenated with "\n"
Default: ""
Example:
''
/* A simple dark theme. */
html, body { background: #222222; }
#header, #footer { background: #333333; }
img.i, img.iwarn, img.icrit, img.iunkn {
filter: invert(100%) hue-rotate(-30deg);
}
''Declared by:
<nixpkgs/nixos/modules/services/monitoring/munin.nix>
|
services.munin-cron.extraGlobalConfigmunin.conf extra global configuration.
See http://guide.munin-monitoring.org/en/latest/reference/munin.conf.html.
Useful to setup notifications, see
http://guide.munin-monitoring.org/en/latest/tutorial/alert.html
Type: strings concatenated with "\n"
Default: ""
Example:
''
contact.email.command mail -s "Munin notification for ''${var:host}" someone@example.com
''Declared by:
<nixpkgs/nixos/modules/services/monitoring/munin.nix>
|
services.munin-cron.hostsDefinitions of hosts of nodes to collect data from. Needs at least one host for cron to succeed. See http://guide.munin-monitoring.org/en/latest/reference/munin.conf.html
Type: strings concatenated with "\n"
Default: ""
Example:
''
[${config.networking.hostName}]
address localhost
''
Declared by:
<nixpkgs/nixos/modules/services/monitoring/munin.nix>
|
services.munin-node.enableEnable Munin Node agent. Munin node listens on 0.0.0.0 and by default accepts connections only from 127.0.0.1 for security reasons.
See http://guide.munin-monitoring.org/en/latest/architecture/index.html.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/munin.nix>
|
services.munin-node.disabledPluginsMunin plugins to disable, even if
munin-node-configure --suggest tries to enable
them. To disable a wildcard plugin, use an actual wildcard, as in
the example.
munin_stats is disabled by default as it tries to read
/var/log/munin/munin-update.log for timing
information, and the NixOS build of Munin does not write this file.
Type: list of string
Default:
[ "munin_stats" ]
Example:
[ "diskstats" "zfs_usage_*" ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/munin.nix>
|
services.munin-node.extraAutoPluginsAdditional Munin plugins to autoconfigure, using
munin-node-configure --suggest. These should be
the actual paths to the plugin files (or directories containing them),
not just their names.
If you want to manually enable individual plugins instead, use
services.munin-node.extraPlugins.
Note that only plugins that have the 'autoconfig' capability will do
anything if listed here, since plugins that cannot autoconfigure
won't be automatically enabled by
munin-node-configure.
Plugins will be copied into the Nix store, and it will attempt to
modify them to run properly by fixing hardcoded references to
/bin, /usr/bin,
/sbin, and /usr/sbin.
Type: list of path
Default: [ ]
Example:
[ /src/munin-contrib/plugins/zfs /src/munin-contrib/plugins/ssh ];
Declared by:
<nixpkgs/nixos/modules/services/monitoring/munin.nix>
|
services.munin-node.extraConfigmunin-node.conf extra configuration. See
http://guide.munin-monitoring.org/en/latest/reference/munin-node.conf.html
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/munin.nix>
|
services.munin-node.extraPluginConfigplugin-conf.d extra plugin configuration. See
http://guide.munin-monitoring.org/en/latest/plugin/use.html
Type: strings concatenated with "\n"
Default: ""
Example:
'' [fail2ban_*] user root ''
Declared by:
<nixpkgs/nixos/modules/services/monitoring/munin.nix>
|
services.munin-node.extraPluginsAdditional Munin plugins to activate. Keys are the name of the plugin symlink, values are the path to the underlying plugin script. You can use the same plugin script multiple times (e.g. for wildcard plugins).
Note that these plugins do not participate in autoconfiguration. If
you want to autoconfigure additional plugins, use
services.munin-node.extraAutoPlugins.
Plugins enabled in this manner take precedence over autoconfigured plugins.
Plugins will be copied into the Nix store, and it will attempt to
modify them to run properly by fixing hardcoded references to
/bin, /usr/bin,
/sbin, and /usr/sbin.
Type: attribute set of path
Default: { }
Example:
{
zfs_usage_bigpool = /src/munin-contrib/plugins/zfs/zfs_usage_;
zfs_usage_smallpool = /src/munin-contrib/plugins/zfs/zfs_usage_;
zfs_list = /src/munin-contrib/plugins/zfs/zfs_list;
};
Declared by:
<nixpkgs/nixos/modules/services/monitoring/munin.nix>
|
services.murmur.enableIf enabled, start the Murmur Mumble server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
|
services.murmur.packageOverridable attribute of the murmur package to use.
Type: package
Default: pkgs.murmur
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
|
services.murmur.allowHtmlAllow HTML in client messages, comments, and channel descriptions.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
|
services.murmur.autobanAttemptsNumber of attempts a client is allowed to make in
autobanTimeframe seconds, before being
banned for autobanTime.
Type: signed integer
Default: 10
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
|
services.murmur.autobanTimeThe amount of time an IP ban lasts (in seconds).
Type: signed integer
Default: 300
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
|
services.murmur.autobanTimeframeTimeframe in which a client can connect without being banned for repeated attempts (in seconds).
Type: signed integer
Default: 120
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
|
services.murmur.bandwidthMaximum bandwidth (in bits per second) that clients may send speech at.
Type: signed integer
Default: 72000
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
|
services.murmur.bonjourEnable Bonjour auto-discovery, which allows clients over your LAN to automatically discover Murmur servers.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
|
services.murmur.clientCertRequiredRequire clients to authenticate via certificates.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
|
services.murmur.environmentFileEnvironment file as defined in systemd.exec(5).
Secrets may be passed to the service without adding them to the world-readable Nix store, by specifying placeholder variables as the option value in Nix and setting these variables accordingly in the environment file.
# snippet of murmur-related config services.murmur.password = "$MURMURD_PASSWORD";
# content of the environment file MURMURD_PASSWORD=verysecretpassword
Note that this file needs to be available on the host on which
murmur is running.
Type: null or path
Default: null
Example: "/var/lib/murmur/murmurd.env"
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
|
services.murmur.extraConfigExtra configuration to put into murmur.ini.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
|
services.murmur.hostNameHost to bind to. Defaults binding on all addresses.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
|
services.murmur.imgMsgLengthMax length of image messages. Set 0 for no limit.
Type: signed integer
Default: 131072
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
|
services.murmur.logDaysHow long to store RPC logs for in the database. Set 0 to keep logs forever, or -1 to disable DB logging.
Type: signed integer
Default: 31
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
|
services.murmur.logFilePath to the log file for Murmur daemon. Empty means log to journald.
Type: null or path
Default: null
Example: "/var/log/murmur/murmurd.log"
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
|
services.murmur.openFirewallOpen ports in the firewall for the Murmur Mumble server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
|
services.murmur.passwordRequired password to join server, if specified.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
|
services.murmur.portPorts to bind to (UDP and TCP).
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 64738
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
|
services.murmur.registerHostnameDNS hostname where your server can be reached. This is only needed if you want your server to be accessed by its hostname and not IP - but the name must resolve on the internet properly.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
|
services.murmur.registerNamePublic server registration name, and also the name of the Root channel. Even if you don't publicly register your server, you probably still want to set this.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
|
services.murmur.registerPasswordPublic server registry password, used authenticate your server to the registry to prevent impersonation; required for subsequent registry updates.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
|
services.murmur.registerUrlURL website for your server.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
|
services.murmur.sendVersionSend Murmur version in UDP response.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
|
services.murmur.sslCaPath to your SSL CA certificate.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
|
services.murmur.sslCertPath to your SSL certificate.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
|
services.murmur.sslKeyPath to your SSL key.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
|
services.murmur.textMsgLengthMax length of text messages. Set 0 for no limit.
Type: signed integer
Default: 5000
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
|
services.murmur.usersMaximum number of concurrent clients allowed.
Type: signed integer
Default: 100
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
|
services.murmur.welcometextWelcome message for connected clients.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/murmur.nix>
|
services.mx-puppet-discord.enableWhether to enable mx-puppet-discord is a discord puppeting bridge for matrix. It handles bridging private and group DMs, as well as Guilds (servers) .
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/mx-puppet-discord.nix>
|
services.mx-puppet-discord.serviceDependenciesList of Systemd services to require and wait for when starting the application service.
Type: list of string
Default:
optional config.services.matrix-synapse.enable "matrix-synapse.service"
Declared by:
<nixpkgs/nixos/modules/services/misc/mx-puppet-discord.nix>
|
services.mx-puppet-discord.settingsconfig.yaml configuration as a Nix attribute set.
Configuration options should match those described in
sample.config.yaml.
Type: JSON value
Default:
{
bridge = {
port = 8434;
};
database = {
filename = "/var/lib/mx-puppet-discord/database.db";
};
logging = {
console = "info";
lineDateFormat = "MMM-D HH:mm:ss.SSS";
};
namePatterns = {
group = ":name";
room = ":name";
user = ":name";
userOverride = ":displayname";
};
presence = {
enabled = true;
interval = 500;
};
provisioning = {
whitelist = [ ];
};
relay = {
whitelist = [ ];
};
}Example:
{
bridge = {
bindAddress = "localhost";
domain = "example.com";
homeserverUrl = "https://example.com";
};
provisioning.whitelist = [ "@admin:example.com" ];
relay.whitelist = [ "@.*:example.com" ];
}
Declared by:
<nixpkgs/nixos/modules/services/misc/mx-puppet-discord.nix>
|
services.mxisd.enableWhether to enable matrix federated identity server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/mxisd.nix>
|
services.mxisd.packageThe mxisd/ma1sd package to use
Type: package
Default: pkgs.ma1sd
Declared by:
<nixpkgs/nixos/modules/services/networking/mxisd.nix>
|
services.mxisd.dataDirWhere data mxisd/ma1sd uses resides
Type: string
Default: "/var/lib/mxisd"
Declared by:
<nixpkgs/nixos/modules/services/networking/mxisd.nix>
|
services.mxisd.environmentFilePath to an environment-file which may contain secrets to be
substituted via envsubst.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/mxisd.nix>
|
services.mxisd.extraConfigExtra options merged into the mxisd/ma1sd configuration
Type: attribute set
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/mxisd.nix>
|
services.mxisd.matrix.domainthe domain of the matrix homeserver
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/mxisd.nix>
|
services.mxisd.server.namePublic hostname of mxisd/ma1sd, if different from the Matrix domain.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/mxisd.nix>
|
services.mxisd.server.portHTTP port to listen on (unencrypted)
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/mxisd.nix>
|
services.mysql.enableWhether to enable MySQL server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/databases/mysql.nix>
|
services.mysql.packageWhich MySQL derivation to use. MariaDB packages are supported too.
Type: package
Example: pkgs.mariadb
Declared by:
<nixpkgs/nixos/modules/services/databases/mysql.nix>
|
services.mysql.configFileOverride the configuration file used by MySQL. By default,
NixOS generates one automatically from services.mysql.settings.
Type: path
Default:
'' A configuration file automatically generated by NixOS. ''
Example:
pkgs.writeText "my.cnf" '' [mysqld] datadir = /var/lib/mysql bind-address = 127.0.0.1 port = 3336 !includedir /etc/mysql/conf.d/ '';
Declared by:
<nixpkgs/nixos/modules/services/databases/mysql.nix>
|
services.mysql.dataDirThe data directory for MySQL.
If left as the default value of /var/lib/mysql this directory will automatically be created before the MySQL
server starts, otherwise you are responsible for ensuring the directory exists with appropriate ownership and permissions.
Type: path
Example: "/var/lib/mysql"
Declared by:
<nixpkgs/nixos/modules/services/databases/mysql.nix>
|
services.mysql.ensureDatabasesEnsures that the specified databases exist. This option will never delete existing databases, especially not when the value of this option is changed. This means that databases created once through this option or otherwise have to be removed manually.
Type: list of string
Default: [ ]
Example:
[ "nextcloud" "matomo" ]
Declared by:
<nixpkgs/nixos/modules/services/databases/mysql.nix>
|
services.mysql.ensureUsersEnsures that the specified users exist and have at least the ensured permissions. The MySQL users will be identified using Unix socket authentication. This authenticates the Unix user with the same name only, and that without the need for a password. This option will never delete existing users or remove permissions, especially not when the value of this option is changed. This means that users created and permissions assigned once through this option or otherwise have to be removed manually.
Type: list of (submodule)
Default: [ ]
Example:
[
{
name = "nextcloud";
ensurePermissions = {
"nextcloud.*" = "ALL PRIVILEGES";
};
}
{
name = "backup";
ensurePermissions = {
"*.*" = "SELECT, LOCK TABLES";
};
}
]
Declared by:
<nixpkgs/nixos/modules/services/databases/mysql.nix>
|
services.mysql.ensureUsers.*.ensurePermissionsPermissions to ensure for the user, specified as attribute set. The attribute names specify the database and tables to grant the permissions for, separated by a dot. You may use wildcards here. The attribute values specfiy the permissions to grant. You may specify one or multiple comma-separated SQL privileges here.
For more information on how to specify the target
and on which privileges exist, see the
GRANT syntax.
The attributes are used as GRANT ${attrName} ON ${attrValue}.
Type: attribute set of string
Default: { }
Example:
{
"database.*" = "ALL PRIVILEGES";
"*.*" = "SELECT, LOCK TABLES";
}
Declared by:
<nixpkgs/nixos/modules/services/databases/mysql.nix>
|
services.mysql.ensureUsers.*.nameName of the user to ensure.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/databases/mysql.nix>
|
services.mysql.groupGroup account under which MySQL runs.
If left as the default value this group will automatically be created on system activation, otherwise you are responsible for ensuring the user exists before the MySQL service starts.
Type: string
Default: "mysql"
Declared by:
<nixpkgs/nixos/modules/services/databases/mysql.nix>
|
services.mysql.initialDatabasesList of database names and their initial schemas that should be used to create databases on the first startup of MySQL. The schema attribute is optional: If not specified, an empty database is created.
Type: list of (submodule)
Default: [ ]
Example:
[
{ name = "foodatabase"; schema = ./foodatabase.sql; }
{ name = "bardatabase"; }
]
Declared by:
<nixpkgs/nixos/modules/services/databases/mysql.nix>
|
services.mysql.initialDatabases.*.nameThe name of the database to create.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/databases/mysql.nix>
|
services.mysql.initialDatabases.*.schemaThe initial schema of the database; if null (the default), an empty database is created.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/databases/mysql.nix>
|
services.mysql.initialScriptA file containing SQL statements to be executed on the first startup. Can be used for granting certain permissions on the database.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/databases/mysql.nix>
|
services.mysql.replication.masterHostHostname of the MySQL master server.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/databases/mysql.nix>
|
services.mysql.replication.masterPasswordPassword of the MySQL replication user.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/databases/mysql.nix>
|
services.mysql.replication.masterPortPort number on which the MySQL master server runs.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 3306
Declared by:
<nixpkgs/nixos/modules/services/databases/mysql.nix>
|
services.mysql.replication.masterUserUsername of the MySQL replication user.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/databases/mysql.nix>
|
services.mysql.replication.roleRole of the MySQL server instance.
Type: one of "master", "slave", "none"
Default: "none"
Declared by:
<nixpkgs/nixos/modules/services/databases/mysql.nix>
|
services.mysql.replication.serverIdId of the MySQL server instance. This number must be unique for each instance.
Type: signed integer
Default: 1
Declared by:
<nixpkgs/nixos/modules/services/databases/mysql.nix>
|
services.mysql.replication.slaveHostHostname of the MySQL slave server.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/databases/mysql.nix>
|
services.mysql.settingsMySQL configuration. Refer to https://dev.mysql.com/doc/refman/5.7/en/server-system-variables.html, https://dev.mysql.com/doc/refman/8.0/en/server-system-variables.html, and https://mariadb.com/kb/en/server-system-variables/ for details on supported values.
MySQL configuration options such as --quick should be treated as
boolean options and provided values such as true, false,
1, or 0. See the provided example below.
Type: attribute set of attribute set of (INI atom (null, bool, int, float or string) or a list of them for duplicate keys)
Default: { }
Example:
{
mysqld = {
key_buffer_size = "6G";
table_cache = 1600;
log-error = "/var/log/mysql_err.log";
plugin-load-add = [ "server_audit" "ed25519=auth_ed25519" ];
};
mysqldump = {
quick = true;
max_allowed_packet = "16M";
};
}
Declared by:
<nixpkgs/nixos/modules/services/databases/mysql.nix>
|
services.mysql.userUser account under which MySQL runs.
If left as the default value this user will automatically be created on system activation, otherwise you are responsible for ensuring the user exists before the MySQL service starts.
Type: string
Default: "mysql"
Declared by:
<nixpkgs/nixos/modules/services/databases/mysql.nix>
|
services.mysqlBackup.enableWhether to enable MySQL backups.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/backup/mysql-backup.nix>
|
services.mysqlBackup.calendarConfigured when to run the backup service systemd unit (DayOfWeek Year-Month-Day Hour:Minute:Second).
Type: string
Default: "01:15:00"
Declared by:
<nixpkgs/nixos/modules/services/backup/mysql-backup.nix>
|
services.mysqlBackup.databasesList of database names to dump.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/backup/mysql-backup.nix>
|
services.mysqlBackup.locationLocation to put the gzipped MySQL database dumps.
Type: path
Default: "/var/backup/mysql"
Declared by:
<nixpkgs/nixos/modules/services/backup/mysql-backup.nix>
|
services.mysqlBackup.singleTransactionWhether to create database dump in a single transaction
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/backup/mysql-backup.nix>
|
services.mysqlBackup.userUser to be used to perform backup.
Type: string
Default: "mysqlbackup"
Declared by:
<nixpkgs/nixos/modules/services/backup/mysql-backup.nix>
|
services.n8n.enableWhether to enable n8n server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/n8n.nix>
|
services.n8n.openFirewallOpen ports in the firewall for the n8n web interface.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/n8n.nix>
|
services.n8n.settingsConfiguration for n8n, see https://docs.n8n.io/reference/configuration.html for supported values.
Type: JSON value
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/misc/n8n.nix>
|
services.nagios.enableWhether to enable Nagios to monitor your system or network..
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
|
services.nagios.enableWebInterfaceWhether to enable the Nagios web interface. You should also
enable Apache (services.httpd.enable).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
|
services.nagios.cgiConfigFileDerivation for the configuration file of Nagios CGI scripts that can be used in web servers for running the Nagios web interface.
Type: package
Default: nagiosCGICfgFile
Declared by:
<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
|
services.nagios.extraConfigConfiguration to add to /etc/nagios.cfg
Type: attribute set of string
Default: { }
Example:
{
debug_file = "/var/log/nagios/debug.log";
debug_level = "-1";
}Declared by:
<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
|
services.nagios.mainConfigFileIf non-null, overrides the main configuration file of Nagios.
Type: null or package
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
|
services.nagios.objectDefsA list of Nagios object configuration files that must define the hosts, host groups, services and contacts for the network that you want Nagios to monitor.
Type: list of path
Example: [ ./objects.cfg ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
|
services.nagios.pluginsPackages to be added to the Nagios PATH.
Typically used to add plugins, but can be anything.
Type: list of package
Default: [pkgs.monitoring-plugins pkgs.msmtp pkgs.mailutils]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
|
services.nagios.validateConfigif true, the syntax of the nagios configuration file is checked at build time
Type: boolean
Default: pkgs.stdenv.hostPlatform == pkgs.stdenv.buildPlatform
Declared by:
<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
|
services.nagios.virtualHostApache configuration can be done by adapting services.httpd.virtualHosts.
See services.httpd.virtualHosts for further information.
Type: submodule
Example:
{ hostName = "example.org";
adminAddr = "webmaster@example.org";
enableSSL = true;
sslServerCert = "/var/lib/acme/example.org/full.pem";
sslServerKey = "/var/lib/acme/example.org/key.pem";
}
Declared by:
<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
|
services.nagios.virtualHost.enableACMEWhether to ask Let's Encrypt to sign a certificate for this vhost.
Alternately, you can use an existing certificate through useACMEHost.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
|
services.nagios.virtualHost.enableUserDirWhether to enable serving ~/public_html as
/~«username».
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
|
services.nagios.virtualHost.acmeRootDirectory for the acme challenge which is PUBLIC, don't put certs or keys in here. Set to null to inherit from config.security.acme.
Type: null or string
Default: "/var/lib/acme/acme-challenge"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
|
services.nagios.virtualHost.addSSLWhether to enable HTTPS in addition to plain HTTP. This will set defaults for
listen to listen on all interfaces on the respective default
ports (80, 443).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
|
services.nagios.virtualHost.adminAddrE-mail address of the server administrator.
Type: null or string
Default: null
Example: "admin@example.org"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
|
services.nagios.virtualHost.documentRootThe path of Apache's document root directory. If left undefined, an empty directory in the Nix store will be used as root.
Type: null or path
Default: null
Example: "/data/webserver/docs"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
|
services.nagios.virtualHost.extraConfigThese lines go to httpd.conf verbatim. They will go after directories and directory aliases defined by default.
Type: strings concatenated with "\n"
Default: ""
Example:
''
<Directory /home>
Options FollowSymlinks
AllowOverride All
</Directory>
''Declared by:
<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
|
services.nagios.virtualHost.forceSSLWhether to add a separate nginx server block that permanently redirects (301)
all plain HTTP traffic to HTTPS. This will set defaults for
listen to listen on all interfaces on the respective default
ports (80, 443), where the non-SSL listens are used for the redirect vhosts.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
|
services.nagios.virtualHost.globalRedirectIf set, all requests for this host are redirected permanently to the given URL.
Type: null or string
Default: null
Example: "http://newserver.example.org/"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
|
services.nagios.virtualHost.hostNameCanonical hostname for the server.
Type: string
Default: "‹name›"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
|
services.nagios.virtualHost.http2Whether to enable HTTP 2. HTTP/2 is supported in all multi-processing modules that come with httpd. However, if you use the prefork mpm, there will be severe restrictions. Refer to https://httpd.apache.org/docs/2.4/howto/http2.html#mpm-config for details.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
|
services.nagios.virtualHost.listenListen addresses and ports for this virtual host.
This option overrides addSSL, forceSSL and onlySSL.
If you only want to set the addresses manually and not the ports, take a look at listenAddresses.
Type: list of (submodule)
Default: [ ]
Example:
[
{
ip = "195.154.1.1";
port = 443;
ssl = true;
}
{
ip = "192.154.1.1";
port = 80;
}
{
ip = "*";
port = 8080;
}
]Declared by:
<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
|
services.nagios.virtualHost.listen.*.ipIP to listen on. 0.0.0.0 for IPv4 only, * for all.
Type: string
Default: "*"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
|
services.nagios.virtualHost.listen.*.portPort to listen on
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Declared by:
<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
|
services.nagios.virtualHost.listen.*.sslWhether to enable SSL (https) support.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
|
services.nagios.virtualHost.listenAddressesListen addresses for this virtual host.
Compared to listen this only sets the addresses
and the ports are chosen automatically.
Type: non-empty (list of string)
Default:
[ "*" ]
Example:
[ "127.0.0.1" ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
|
services.nagios.virtualHost.locationsDeclarative location config. See https://httpd.apache.org/docs/2.4/mod/core.html#location for details.
Type: attribute set of (submodule)
Default: { }
Example:
{
"/" = {
proxyPass = "http://localhost:3000";
};
"/foo/bar.png" = {
alias = "/home/eelco/some-file.png";
};
};
Declared by:
<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
|
services.nagios.virtualHost.locations.<name>.aliasAlias directory for requests. See https://httpd.apache.org/docs/2.4/mod/mod_alias.html#alias.
Type: null or path
Default: null
Example: "/your/alias/directory"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
|
services.nagios.virtualHost.locations.<name>.extraConfigThese lines go to the end of the location verbatim.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
|
services.nagios.virtualHost.locations.<name>.indexAdds DirectoryIndex directive. See https://httpd.apache.org/docs/2.4/mod/mod_dir.html#directoryindex.
Type: null or string
Default: null
Example: "index.php index.html"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
|
services.nagios.virtualHost.locations.<name>.priorityOrder of this location block in relation to the others in the vhost.
The semantics are the same as with lib.mkOrder. Smaller values have
a greater priority.
Type: signed integer
Default: 1000
Declared by:
<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
|
services.nagios.virtualHost.locations.<name>.proxyPassSets up a simple reverse proxy as described by https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html#simple.
Type: null or string
Default: null
Example: "http://www.example.org/"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
|
services.nagios.virtualHost.logFormatLog format for Apache's log files. Possible values are: combined, common, referer, agent.
Type: string
Default: "common"
Example: "combined"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
|
services.nagios.virtualHost.onlySSLWhether to enable HTTPS and reject plain HTTP connections. This will set
defaults for listen to listen on all interfaces on port 443.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
|
services.nagios.virtualHost.robotsEntriesSpecification of pages to be ignored by web crawlers. See http://www.robotstxt.org/ for details.
Type: strings concatenated with "\n"
Default: ""
Example: "Disallow: /foo/"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
|
services.nagios.virtualHost.servedDirsThis option provides a simple way to serve static directories.
Type: list of (attribute set)
Default: [ ]
Example:
[
{
dir = "/home/eelco/Dev/nix-homepage";
urlPath = "/nix";
}
]Declared by:
<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
|
services.nagios.virtualHost.servedFilesThis option provides a simple way to serve individual, static files.
This option has been deprecated and will be removed in a future
version of NixOS. You can achieve the same result by making use of
the locations.<name>.alias option.
Type: list of (attribute set)
Default: [ ]
Example:
[
{
file = "/home/eelco/some-file.png";
urlPath = "/foo/bar.png";
}
]Declared by:
<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
|
services.nagios.virtualHost.serverAliasesAdditional names of virtual hosts served by this virtual host configuration.
Type: list of string
Default: [ ]
Example:
[ "www.example.org" "www.example.org:8080" "example.org" ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
|
services.nagios.virtualHost.sslServerCertPath to server SSL certificate.
Type: path
Example: "/var/host.cert"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
|
services.nagios.virtualHost.sslServerChainPath to server SSL chain file.
Type: null or path
Default: null
Example: "/var/ca.pem"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
|
services.nagios.virtualHost.sslServerKeyPath to server SSL certificate key.
Type: path
Example: "/var/host.key"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
|
services.nagios.virtualHost.useACMEHostA host of an existing Let's Encrypt certificate to use.
This is useful if you have many subdomains and want to avoid hitting the
rate limit.
Alternately, you can generate a certificate through enableACME.
Note that this option does not create any certificates, nor it does add subdomains to existing ones – you will need to create them manually using security.acme.certs.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/nagios.nix>
|
services.namecoind.enableWhether to enable namecoind, Namecoin client.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/namecoind.nix>
|
services.namecoind.extraNodesList of additional peer IP addresses to connect to.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/namecoind.nix>
|
services.namecoind.generateWhether to generate (mine) Namecoins.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/namecoind.nix>
|
services.namecoind.rpc.addressIP address the RPC server will bind to.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/networking/namecoind.nix>
|
services.namecoind.rpc.allowFromList of IP address ranges allowed to use the RPC API. Wiledcards (*) can be user to specify a range.
Type: list of string
Default:
[ "127.0.0.1" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/namecoind.nix>
|
services.namecoind.rpc.certificateCertificate file for securing RPC connections.
Type: null or path
Default: null
Example: "/var/lib/namecoind/server.cert"
Declared by:
<nixpkgs/nixos/modules/services/networking/namecoind.nix>
|
services.namecoind.rpc.keyKey file for securing RPC connections.
Type: null or path
Default: null
Example: "/var/lib/namecoind/server.pem"
Declared by:
<nixpkgs/nixos/modules/services/networking/namecoind.nix>
|
services.namecoind.rpc.passwordPassword for RPC connections.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/namecoind.nix>
|
services.namecoind.rpc.portPort the RPC server will bind to.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8332
Declared by:
<nixpkgs/nixos/modules/services/networking/namecoind.nix>
|
services.namecoind.rpc.userUser name for RPC connections.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/namecoind.nix>
|
services.namecoind.trustedNodesList of the only peer IP addresses to connect to. If specified no other connection will be made.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/namecoind.nix>
|
services.namecoind.walletWallet file. The ownership of the file has to be namecoin:namecoin, and the permissions must be 0640.
Type: path
Default: "/var/lib/namecoind/wallet.dat"
Declared by:
<nixpkgs/nixos/modules/services/networking/namecoind.nix>
|
services.nar-serve.enableWhether to enable Serve NAR file contents via HTTP.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/nar-serve.nix>
|
services.nar-serve.cacheURLBinary cache URL to connect to.
The URL format is compatible with the nix remote url style, such as:
http://, https:// for binary caches via HTTP or HTTPS
s3:// for binary caches stored in Amazon S3
gs:// for binary caches stored in Google Cloud Storage
Type: string
Default: "https://cache.nixos.org/"
Declared by:
<nixpkgs/nixos/modules/services/networking/nar-serve.nix>
|
services.nar-serve.portPort number where nar-serve will listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8383
Declared by:
<nixpkgs/nixos/modules/services/networking/nar-serve.nix>
|
services.nats.enableWhether to enable NATS messaging system.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/nats.nix>
|
services.nats.dataDirThe NATS data directory. Only used if JetStream is enabled, for storing stream metadata and messages.
If left as the default value this directory will automatically be created before the NATS server starts, otherwise the sysadmin is responsible for ensuring the directory exists with appropriate ownership and permissions.
Type: path
Default: "/var/lib/nats"
Declared by:
<nixpkgs/nixos/modules/services/networking/nats.nix>
|
services.nats.groupGroup under which NATS runs.
Type: string
Default: "nats"
Declared by:
<nixpkgs/nixos/modules/services/networking/nats.nix>
|
services.nats.jetstreamWhether to enable JetStream.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/nats.nix>
|
services.nats.portPort on which to listen.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 4222
Declared by:
<nixpkgs/nixos/modules/services/networking/nats.nix>
|
services.nats.serverNameName of the NATS server, must be unique if clustered.
Type: string
Default: "nats"
Example: "n1-c3"
Declared by:
<nixpkgs/nixos/modules/services/networking/nats.nix>
|
services.nats.settingsDeclarative NATS configuration. See the NATS documentation for a list of options.
Type: JSON value
Default: { }
Example:
{
jetstream = {
max_mem = "1G";
max_file = "10G";
};
};
Declared by:
<nixpkgs/nixos/modules/services/networking/nats.nix>
|
services.nats.userUser account under which NATS runs.
Type: string
Default: "nats"
Declared by:
<nixpkgs/nixos/modules/services/networking/nats.nix>
|
services.navidrome.enableWhether to enable Navidrome music server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/audio/navidrome.nix>
|
services.navidrome.settingsConfiguration for Navidrome, see https://www.navidrome.org/docs/usage/configuration-options/ for supported values.
Type: JSON value
Default:
{
Address = "127.0.0.1";
Port = 4533;
}Example:
{
MusicFolder = "/mnt/music";
}Declared by:
<nixpkgs/nixos/modules/services/audio/navidrome.nix>
|
services.nbd.server.enableWhether to enable the Network Block Device (nbd) server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/nbd.nix>
|
services.nbd.server.exportsFiles or block devices to make available over the network.
Type: attribute set of (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/nbd.nix>
|
services.nbd.server.exports.<name>.allowAddressesIPs and subnets that are authorized to connect for this device. If not specified, the server will allow all connections.
Type: null or (list of string)
Default: null
Example:
[ "10.10.0.0/24" "127.0.0.1" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/nbd.nix>
|
services.nbd.server.exports.<name>.extraOptionsExtra options for this export. See nbd-server(5).
Type: attribute set of (boolean or signed integer or floating point number or string)
Default:
{
flush = true;
fua = true;
}Declared by:
<nixpkgs/nixos/modules/services/networking/nbd.nix>
|
services.nbd.server.exports.<name>.pathFile or block device to export.
Type: string
Example: "/dev/sdb1"
Declared by:
<nixpkgs/nixos/modules/services/networking/nbd.nix>
|
services.nbd.server.extraOptionsExtra options for the server. See nbd-server(5).
Type: attribute set of (boolean or signed integer or floating point number or string)
Default:
{
allowlist = false;
}Declared by:
<nixpkgs/nixos/modules/services/networking/nbd.nix>
|
services.nbd.server.listenAddressAddress to listen on. If not specified, the server will listen on all interfaces.
Type: null or string
Default: null
Example: "10.10.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/nbd.nix>
|
services.nbd.server.listenPortPort to listen on. The port is NOT automatically opened in the firewall.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 10809
Declared by:
<nixpkgs/nixos/modules/services/networking/nbd.nix>
|
services.ncdns.enableWhether to enable ncdns, a Go daemon to bridge Namecoin to DNS.
To resolve .bit domains set services.namecoind.enable = true;
and an RPC username/password
.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/ncdns.nix>
|
services.ncdns.addressThe IP address the ncdns resolver will bind to. Leave this unchanged if you do not wish to directly expose the resolver.
Type: string
Default: "[::1]"
Declared by:
<nixpkgs/nixos/modules/services/networking/ncdns.nix>
|
services.ncdns.dnssec.enableWhether to enable DNSSEC support in ncdns. This will generate KSK and ZSK keypairs
(unless provided via the options
services.ncdns.dnssec.publicKey,
services.ncdns.dnssec.privateKey etc.) and add a trust
anchor to recursive resolvers
.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/ncdns.nix>
|
services.ncdns.dnssec.keys.privatePath to the file containing the KSK private key.
Type: path
Default: "/var/lib/ncdns/bit.private"
Declared by:
<nixpkgs/nixos/modules/services/networking/ncdns.nix>
|
services.ncdns.dnssec.keys.publicPath to the file containing the KSK public key.
The key can be generated using the dnssec-keygen
command, provided by the package bind as follows:
$ dnssec-keygen -a RSASHA256 -3 -b 2048 -f KSK bit
Type: path
Default: "/var/lib/ncdns/bit.key"
Declared by:
<nixpkgs/nixos/modules/services/networking/ncdns.nix>
|
services.ncdns.dnssec.keys.zonePrivatePath to the file containing the ZSK private key.
Type: path
Default: "/var/lib/ncdns/bit-zone.private"
Declared by:
<nixpkgs/nixos/modules/services/networking/ncdns.nix>
|
services.ncdns.dnssec.keys.zonePublicPath to the file containing the ZSK public key.
The key can be generated using the dnssec-keygen
command, provided by the package bind as follows:
$ dnssec-keygen -a RSASHA256 -3 -b 2048 bit
Type: path
Default: "/var/lib/ncdns/bit-zone.key"
Declared by:
<nixpkgs/nixos/modules/services/networking/ncdns.nix>
|
services.ncdns.identity.addressThe IP address the hostname specified in
services.ncdns.identity.hostname should resolve to.
If you are only using ncdns locally you can ignore this.
Type: string
Default: "127.127.127.127"
Declared by:
<nixpkgs/nixos/modules/services/networking/ncdns.nix>
|
services.ncdns.identity.hostmasterAn email address for the SOA record at the bit zone. If you are only using ncdns locally you can ignore this.
Type: string
Default: ""
Example: "root@example.com"
Declared by:
<nixpkgs/nixos/modules/services/networking/ncdns.nix>
|
services.ncdns.identity.hostnameThe hostname of this ncdns instance, which defaults to the machine hostname. If specified, ncdns lists the hostname as an NS record at the zone apex:
bit. IN NS ns1.example.com.
If unset ncdns will generate an internal pseudo-hostname under the
zone, which will resolve to the value of
services.ncdns.identity.address.
If you are only using ncdns locally you can ignore this.
Type: string
Default: config.networking.hostName
Example: "example.com"
Declared by:
<nixpkgs/nixos/modules/services/networking/ncdns.nix>
|
services.ncdns.portThe port the ncdns resolver will bind to.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 5333
Declared by:
<nixpkgs/nixos/modules/services/networking/ncdns.nix>
|
services.ncdns.settingsncdns settings. Use this option to configure ncds settings not exposed in a NixOS option or to bypass one. See the example ncdns.conf file at https://github.com/namecoin/ncdns/blob/master/_doc/ncdns.conf.example for the available options.
Type: ncdns.conf configuration type. The format consists of an attribute set of settings. Each setting can be either `null`, a value or an attribute set. The allowed values are integers, strings, booleans or paths.
Default: { }
Example:
{ # enable webserver
ncdns.httplistenaddr = ":8202";
# synchronize TLS certs
certstore.nss = true;
# note: all paths are relative to the config file
certstore.nsscertdir = "../../var/lib/ncdns";
certstore.nssdbdir = "../../home/alice/.pki/nssdb";
}
Declared by:
<nixpkgs/nixos/modules/services/networking/ncdns.nix>
|
services.ndppd.enableWhether to enable daemon that proxies NDP (Neighbor Discovery Protocol) messages between interfaces.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/ndppd.nix>
|
services.ndppd.configFilePath to configuration file.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/ndppd.nix>
|
services.ndppd.interfaceInterface which is on link-level with router. (Legacy option, use services.ndppd.proxies.<interface>.rules.<network> instead)
Type: null or string
Default: null
Example: "eth0"
Declared by:
<nixpkgs/nixos/modules/services/networking/ndppd.nix>
|
services.ndppd.networkNetwork that we proxy. (Legacy option, use services.ndppd.proxies.<interface>.rules.<network> instead)
Type: null or string
Default: null
Example: "1111::/64"
Declared by:
<nixpkgs/nixos/modules/services/networking/ndppd.nix>
|
services.ndppd.proxiesThis sets up a listener, that will listen for any Neighbor Solicitation messages, and respond to them according to a set of rules.
Type: attribute set of (submodule)
Default: { }
Example:
{
eth0.rules."1111::/64" = {};
}
Declared by:
<nixpkgs/nixos/modules/services/networking/ndppd.nix>
|
services.ndppd.proxies.<name>.interfaceListen for any Neighbor Solicitation messages on this interface, and respond to them according to a set of rules. Defaults to the name of the attrset.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/ndppd.nix>
|
services.ndppd.proxies.<name>.routerTurns on or off the router flag for Neighbor Advertisement Messages.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/ndppd.nix>
|
services.ndppd.proxies.<name>.rulesThis is a rule that the target address is to match against. If no netmask is provided, /128 is assumed. You may have several rule sections, and the addresses may or may not overlap.
Type: attribute set of (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/ndppd.nix>
|
services.ndppd.proxies.<name>.rules.<name>.interfaceInterface to use when method is iface.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/ndppd.nix>
|
services.ndppd.proxies.<name>.rules.<name>.methodstatic: Immediately answer any Neighbor Solicitation Messages (if they match the IP rule). iface: Forward the Neighbor Solicitation Message through the specified interface and only respond if a matching Neighbor Advertisement Message is received. auto: Same as iface, but instead of manually specifying the outgoing interface, check for a matching route in /proc/net/ipv6_route.
Type: one of "static", "iface", "auto"
Default: "auto"
Declared by:
<nixpkgs/nixos/modules/services/networking/ndppd.nix>
|
services.ndppd.proxies.<name>.rules.<name>.networkThis is the target address is to match against. If no netmask is provided, /128 is assumed. The addresses of several rules may or may not overlap. Defaults to the name of the attrset.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/ndppd.nix>
|
services.ndppd.proxies.<name>.timeoutControls how long to wait for a Neighbor Advertisement Message before invalidating the entry, in milliseconds.
Type: signed integer
Default: 500
Declared by:
<nixpkgs/nixos/modules/services/networking/ndppd.nix>
|
services.ndppd.proxies.<name>.ttlControls how long a valid or invalid entry remains in the cache, in milliseconds.
Type: signed integer
Default: 30000
Declared by:
<nixpkgs/nixos/modules/services/networking/ndppd.nix>
|
services.ndppd.routeTTLThis tells 'ndppd' how often to reload the route file /proc/net/ipv6_route, in milliseconds.
Type: signed integer
Default: 30000
Declared by:
<nixpkgs/nixos/modules/services/networking/ndppd.nix>
|
services.neard.enableWhether to enable neard, NFC daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/desktops/neard.nix>
|
services.nebula.networksNebula network definitions.
Type: attribute set of (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/nebula.nix>
|
services.nebula.networks.<name>.enableEnable or disable this network.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/nebula.nix>
|
services.nebula.networks.<name>.packageNebula derivation to use.
Type: package
Default: pkgs.nebula
Declared by:
<nixpkgs/nixos/modules/services/networking/nebula.nix>
|
services.nebula.networks.<name>.caPath to the certificate authority certificate.
Type: path
Example: "/etc/nebula/ca.crt"
Declared by:
<nixpkgs/nixos/modules/services/networking/nebula.nix>
|
services.nebula.networks.<name>.certPath to the host certificate.
Type: path
Example: "/etc/nebula/host.crt"
Declared by:
<nixpkgs/nixos/modules/services/networking/nebula.nix>
|
services.nebula.networks.<name>.firewall.inboundFirewall rules for inbound traffic.
Type: list of (attribute set)
Default: [ ]
Example:
[
{
host = "any";
port = "any";
proto = "any";
}
]Declared by:
<nixpkgs/nixos/modules/services/networking/nebula.nix>
|
services.nebula.networks.<name>.firewall.outboundFirewall rules for outbound traffic.
Type: list of (attribute set)
Default: [ ]
Example:
[
{
host = "any";
port = "any";
proto = "any";
}
]Declared by:
<nixpkgs/nixos/modules/services/networking/nebula.nix>
|
services.nebula.networks.<name>.isLighthouseWhether this node is a lighthouse.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/nebula.nix>
|
services.nebula.networks.<name>.keyPath to the host key.
Type: path
Example: "/etc/nebula/host.key"
Declared by:
<nixpkgs/nixos/modules/services/networking/nebula.nix>
|
services.nebula.networks.<name>.lighthousesList of IPs of lighthouse hosts this node should report to and query from. This should be empty on lighthouse nodes. The IPs should be the lighthouse's Nebula IPs, not their external IPs.
Type: list of string
Default: [ ]
Example:
[ "192.168.100.1" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/nebula.nix>
|
services.nebula.networks.<name>.listen.hostIP address to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/networking/nebula.nix>
|
services.nebula.networks.<name>.listen.portPort number to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 4242
Declared by:
<nixpkgs/nixos/modules/services/networking/nebula.nix>
|
services.nebula.networks.<name>.settingsNebula configuration. Refer to https://github.com/slackhq/nebula/blob/master/examples/config.yml for details on supported values.
Type: YAML value
Default: { }
Example:
{
lighthouse.dns = {
host = "0.0.0.0";
port = 53;
};
}
Declared by:
<nixpkgs/nixos/modules/services/networking/nebula.nix>
|
services.nebula.networks.<name>.staticHostMapThe static host map defines a set of hosts with fixed IP addresses on the internet (or any network). A host can have multiple fixed IP addresses defined here, and nebula will try each when establishing a tunnel.
Type: attribute set of list of string
Default: { }
Example:
{
"192.168.100.1" = [
"100.64.22.11:4242"
];
}Declared by:
<nixpkgs/nixos/modules/services/networking/nebula.nix>
|
services.nebula.networks.<name>.tun.deviceName of the tun device. Defaults to nebula.${networkName}.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/nebula.nix>
|
services.nebula.networks.<name>.tun.disableWhen tun is disabled, a lighthouse can be started without a local tun interface (and therefore without root).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/nebula.nix>
|
services.neo4j.enableWhether to enable Neo4j Community Edition.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
|
services.neo4j.packageNeo4j package to use.
Type: package
Default: pkgs.neo4j
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
|
services.neo4j.allowUpgradeAllow upgrade of Neo4j database files from an older version.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
|
services.neo4j.bolt.enableEnable the BOLT connector for Neo4j. Setting this option to
false will stop Neo4j from listening for incoming
connections on the BOLT port (7687 by default).
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
|
services.neo4j.bolt.listenAddressNeo4j listen address for BOLT traffic. The listen address is
expressed in the format <ip-address>:<port-number>.
Type: string
Default: ":7687"
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
|
services.neo4j.bolt.sslPolicyNeo4j SSL policy for BOLT traffic.
The legacy policy is a special policy which is not defined in
the policy configuration section, but rather derives from
directories.certificates and
associated files (by default: neo4j.key and
neo4j.cert). Its use will be deprecated.
Note: This connector must be configured to support/require
SSL/TLS for the legacy policy to actually be utilized. See
bolt.tlsLevel.
Type: string
Default: "legacy"
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
|
services.neo4j.bolt.tlsLevelSSL/TSL requirement level for BOLT traffic.
Type: one of "REQUIRED", "OPTIONAL", "DISABLED"
Default: "OPTIONAL"
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
|
services.neo4j.constrainLoadCsvSets the root directory for file URLs used with the Cypher
LOAD CSV clause to be that defined by
directories.imports. It restricts
access to only those files within that directory and its
subdirectories.
Setting this option to false introduces
possible security problems.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
|
services.neo4j.defaultListenAddressDefault network interface to listen for incoming connections. To listen for connections on all interfaces, use "0.0.0.0".
Specifies the default IP address and address part of connector
specific listenAddress options. To bind specific
connectors to a specific network interfaces, specify the entire
listenAddress option for that connector.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
|
services.neo4j.directories.certificatesDirectory for storing certificates to be used by Neo4j for TLS connections.
When setting this directory to something other than its default,
ensure the directory's existence, and that read/write permissions are
given to the Neo4j daemon user neo4j.
Note that changing this directory from its default will prevent
the directory structure required for each SSL policy from being
automatically generated. A policy's directory structure as defined by
its baseDirectory,revokedDir and
trustedDir must then be setup manually. The
existence of these directories is mandatory, as well as the presence
of the certificate file and the private key. Ensure the correct
permissions are set on these directories and files.
Type: path
Default: "${config.services.neo4j.directories.home}/certificates"
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
|
services.neo4j.directories.dataPath of the data directory. You must not configure more than one Neo4j installation to use the same data directory.
When setting this directory to something other than its default,
ensure the directory's existence, and that read/write permissions are
given to the Neo4j daemon user neo4j.
Type: path
Default: "${config.services.neo4j.directories.home}/data"
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
|
services.neo4j.directories.homePath of the Neo4j home directory. Other default directories are
subdirectories of this path. This directory will be created if
non-existent, and its ownership will be chown to
the Neo4j daemon user neo4j.
Type: path
Default: "/var/lib/neo4j"
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
|
services.neo4j.directories.importsThe root directory for file URLs used with the Cypher
LOAD CSV clause. Only meaningful when
constrainLoadCvs is set to
true.
When setting this directory to something other than its default,
ensure the directory's existence, and that read permission is
given to the Neo4j daemon user neo4j.
Type: path
Default: "${config.services.neo4j.directories.home}/import"
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
|
services.neo4j.directories.pluginsPath of the database plugin directory. Compiled Java JAR files that contain database procedures will be loaded if they are placed in this directory.
When setting this directory to something other than its default,
ensure the directory's existence, and that read permission is
given to the Neo4j daemon user neo4j.
Type: path
Default: "${config.services.neo4j.directories.home}/plugins"
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
|
services.neo4j.extraServerConfigExtra configuration for Neo4j Community server. Refer to the complete reference of Neo4j configuration settings.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
|
services.neo4j.http.enableEnable the HTTP connector for Neo4j. Setting this option to
false will stop Neo4j from listening for incoming
connections on the HTTPS port (7474 by default).
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
|
services.neo4j.http.listenAddressNeo4j listen address for HTTP traffic. The listen address is
expressed in the format <ip-address>:<port-number>.
Type: string
Default: ":7474"
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
|
services.neo4j.https.enableEnable the HTTPS connector for Neo4j. Setting this option to
false will stop Neo4j from listening for incoming
connections on the HTTPS port (7473 by default).
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
|
services.neo4j.https.listenAddressNeo4j listen address for HTTPS traffic. The listen address is
expressed in the format <ip-address>:<port-number>.
Type: string
Default: ":7473"
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
|
services.neo4j.https.sslPolicyNeo4j SSL policy for HTTPS traffic.
The legacy policy is a special policy which is not defined in the
policy configuration section, but rather derives from
directories.certificates and
associated files (by default: neo4j.key and
neo4j.cert). Its use will be deprecated.
Type: string
Default: "legacy"
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
|
services.neo4j.readOnlyOnly allow read operations from this Neo4j instance.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
|
services.neo4j.shell.enableEnable a remote shell server which Neo4j Shell clients can log in to. Only applicable to neo4j-shell.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
|
services.neo4j.ssl.policiesDefines the SSL policies for use with Neo4j connectors. Each attribute of this set defines a policy, with the attribute name defining the name of the policy and its namespace. Refer to the operations manual section on Neo4j's SSL Framework for further details.
Type: attribute set of (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
|
services.neo4j.ssl.policies.<name>.allowKeyGenerationAllows the generation of a private key and associated self-signed certificate. Only performed when both objects cannot be found for this policy. It is recommended to turn this off again after keys have been generated.
The public certificate is required to be duplicated to the
directory holding trusted certificates as defined by the
trustedDir option.
Keys should in general be generated and distributed offline by a trusted certificate authority and not by utilizing this mode.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
|
services.neo4j.ssl.policies.<name>.baseDirectoryThe mandatory base directory for cryptographic objects of this
policy. This path is only automatically generated when this
option as well as directories.certificates are
left at their default. Ensure read/write permissions are given
to the Neo4j daemon user neo4j.
It is also possible to override each individual
configuration with absolute paths. See the
privateKey and publicCertificate
policy options.
Type: path
Default: "${config.services.neo4j.directories.certificates}/${name}"
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
|
services.neo4j.ssl.policies.<name>.ciphersRestrict the allowed ciphers of this policy to those defined here. The default ciphers are those of the JVM platform.
Type: null or (list of string)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
|
services.neo4j.ssl.policies.<name>.clientAuthThe client authentication stance for this policy.
Type: one of "NONE", "OPTIONAL", "REQUIRE"
Default: "REQUIRE"
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
|
services.neo4j.ssl.policies.<name>.privateKeyThe name of private PKCS #8 key file for this policy to be found
in the baseDirectory, or the absolute path to
the key file. It is mandatory that a key can be found or generated.
Type: string
Default: "private.key"
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
|
services.neo4j.ssl.policies.<name>.publicCertificateThe name of public X.509 certificate (chain) file in PEM format
for this policy to be found in the baseDirectory,
or the absolute path to the certificate file. It is mandatory
that a certificate can be found or generated.
The public certificate is required to be duplicated to the
directory holding trusted certificates as defined by the
trustedDir option.
Type: string
Default: "public.crt"
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
|
services.neo4j.ssl.policies.<name>.revokedDirPath to directory of CRLs (Certificate Revocation Lists) in
PEM format. Must be an absolute path. The existence of this
directory is mandatory and will need to be created manually when:
setting this option to something other than its default; setting
either this policy's baseDirectory or
directories.certificates to something other than
their default. Ensure read/write permissions are given to the
Neo4j daemon user neo4j.
Type: path
Default: "${config.services.neo4j.ssl.policies.<name>.baseDirectory}/revoked"
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
|
services.neo4j.ssl.policies.<name>.tlsVersionsRestrict the TLS protocol versions of this policy to those defined here.
Type: list of string
Default:
[ "TLSv1.2" ]
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
|
services.neo4j.ssl.policies.<name>.trustAllMakes this policy trust all remote parties. Enabling this is not recommended and the policy's trusted directory will be ignored. Use of this mode is discouraged. It would offer encryption but no security.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
|
services.neo4j.ssl.policies.<name>.trustedDirPath to directory of X.509 certificates in PEM format for
trusted parties. Must be an absolute path. The existence of this
directory is mandatory and will need to be created manually when:
setting this option to something other than its default; setting
either this policy's baseDirectory or
directories.certificates to something other than
their default. Ensure read/write permissions are given to the
Neo4j daemon user neo4j.
The public certificate as defined by
publicCertificate is required to be duplicated
to this directory.
Type: path
Default: "${config.services.neo4j.ssl.policies.<name>.baseDirectory}/trusted"
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
|
services.neo4j.workerCountNumber of Neo4j worker threads, where the default of
0 indicates a worker count equal to the number of
available processors.
Type: integer between 0 and 44738 (both inclusive)
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/databases/neo4j.nix>
|
services.netatalk.enableWhether to enable the Netatalk AFP fileserver.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/netatalk.nix>
|
services.netatalk.extmapFile name extension mappings. See extmap.conf(5). for more information.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/netatalk.nix>
|
services.netatalk.portTCP port to be used for AFP.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 548
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/netatalk.nix>
|
services.netatalk.settingsConfiguration for Netatalk. See afp.conf(5).
Type: attribute set of attribute set of (INI atom (null, bool, int, float or string))
Default: { }
Example:
{
Global = {
"uam list" = "uams_guest.so";
};
Homes = {
"basedir regex" = "/home";
path = "afp-data";
};
example-volume = {
path = "/srv/volume";
"read only" = true;
};
}Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/netatalk.nix>
|
services.netbird.enableWhether to enable Netbird daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/netbird.nix>
|
services.netbird.packageThe package to use for netbird
Type: package
Default: pkgs.netbird
Declared by:
<nixpkgs/nixos/modules/services/networking/netbird.nix>
|
services.netbox.enableEnable Netbox.
This module requires a reverse proxy that serves /static separately.
See this example on how to configure this.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/netbox.nix>
|
services.netbox.enableLdapEnable LDAP-Authentication for Netbox.
This requires a configuration file being pass through ldapConfigPath.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/netbox.nix>
|
services.netbox.dataDirStorage path of netbox.
Type: string
Default: "/var/lib/netbox"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/netbox.nix>
|
services.netbox.extraConfigAdditional lines of configuration appended to the configuration.py.
See the documentation for more possible options.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/netbox.nix>
|
services.netbox.ldapConfigPathPath to the Configuration-File for LDAP-Authentication, will be loaded as ldap_config.py.
See the documentation for possible options.
Type: path
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/netbox.nix>
|
services.netbox.listenAddressAddress the server will listen on.
Type: string
Default: "[::1]"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/netbox.nix>
|
services.netbox.pluginsList of plugin packages to install.
Type: function that evaluates to a(n) list of package
Default:
python3Packages: with python3Packages; [];
Declared by:
<nixpkgs/nixos/modules/services/web-apps/netbox.nix>
|
services.netbox.portPort the server will listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8001
Declared by:
<nixpkgs/nixos/modules/services/web-apps/netbox.nix>
|
services.netbox.secretKeyFilePath to a file containing the secret key.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/web-apps/netbox.nix>
|
services.netdata.enableWhether to enable netdata.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/netdata.nix>
|
services.netdata.enableAnalyticsReportingEnable reporting of anonymous usage statistics to Netdata Inc. via either Google Analytics (in versions prior to 1.29.4), or Netdata Inc.'s self-hosted PostHog (in versions 1.29.4 and later). See: https://learn.netdata.cloud/docs/agent/anonymous-statistics
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/netdata.nix>
|
services.netdata.packageNetdata package to use.
Type: package
Default: pkgs.netdata
Declared by:
<nixpkgs/nixos/modules/services/monitoring/netdata.nix>
|
services.netdata.confignetdata.conf configuration as nix attributes. cannot be combined with configText.
Type: attribute set of (attribute set)
Default: { }
Example:
global = {
"debug log" = "syslog";
"access log" = "syslog";
"error log" = "syslog";
};
Declared by:
<nixpkgs/nixos/modules/services/monitoring/netdata.nix>
|
services.netdata.configDirComplete netdata config directory except netdata.conf. The default configuration is merged with changes defined in this option. Each top-level attribute denotes a path in the configuration directory as in environment.etc. Its value is the absolute path and must be readable by netdata. Cannot be combined with configText.
Type: attribute set of path
Default: { }
Example:
"health_alarm_notify.conf" = pkgs.writeText "health_alarm_notify.conf" '' sendmail="/path/to/sendmail" ''; "health.d" = "/run/secrets/netdata/health.d";
Declared by:
<nixpkgs/nixos/modules/services/monitoring/netdata.nix>
|
services.netdata.configTextVerbatim netdata.conf, cannot be combined with config.
Type: null or strings concatenated with "\n"
Default: null
Example:
'' [global] debug log = syslog access log = syslog error log = syslog ''
Declared by:
<nixpkgs/nixos/modules/services/monitoring/netdata.nix>
|
services.netdata.extraPluginPathsExtra paths to add to the netdata global "plugins directory" option. Useful for when you want to include your own collection scripts.
Details about writing a custom netdata plugin are available at: https://docs.netdata.cloud/collectors/plugins.d/
Cannot be combined with configText.
Type: list of path
Default: [ ]
Example:
[ "/path/to/plugins.d" ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/netdata.nix>
|
services.netdata.groupGroup under which netdata runs.
Type: string
Default: "netdata"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/netdata.nix>
|
services.netdata.python.enableWhether to enable python-based plugins
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/netdata.nix>
|
services.netdata.python.extraPackagesExtra python packages available at runtime to enable additional python plugins.
Type: function that evaluates to a(n) list of package
Default: ps: []
Example:
ps: [ ps.psycopg2 ps.docker ps.dnspython ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/netdata.nix>
|
services.netdata.userUser account under which netdata runs.
Type: string
Default: "netdata"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/netdata.nix>
|
services.networkaudiod.enableWhether to enable Networkaudiod (NAA).
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/audio/networkaudiod.nix>
|
services.networking.websockify.enableWhether to enable websockify to forward websocket connections to TCP connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/websockify.nix>
|
services.networking.websockify.portMapPorts to map by default.
Type: attribute set of signed integer
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/websockify.nix>
|
services.networking.websockify.sslCertPath to the SSL certificate.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/networking/websockify.nix>
|
services.networking.websockify.sslKeyPath to the SSL key.
Type: path
Default: config.services.networking.websockify.sslCert
Declared by:
<nixpkgs/nixos/modules/services/networking/websockify.nix>
|
services.nextcloud.enableWhether to enable nextcloud.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
|
services.nextcloud.enableBrokenCiphersForSSEThis option enables using the OpenSSL PHP extension linked against OpenSSL 1.1 rather than latest OpenSSL (≥ 3), this is not recommended unless you need it for server-side encryption (SSE). SSE uses the legacy RC4 cipher which is considered broken for several years now. See also RFC7465.
This cipher has been disabled in OpenSSL ≥ 3 and requires a specific legacy profile to re-enable it.
If you deploy Nextcloud using OpenSSL ≥ 3 for PHP and have server-side encryption configured, you will not be able to access your files anymore. Enabling this option can restore access to your files. Upon testing we didn't encounter any data corruption when turning this on and off again, but this cannot be guaranteed for each Nextcloud installation.
It is true by default for systems with a system.stateVersion below
22.11 to make sure that existing installations won't break on update. On newer
NixOS systems you have to explicitly enable it on your own.
Please note that this only provides additional value when using
external storage such as S3 since it's not an end-to-end encryption.
If this is not the case,
it is advised to disable server-side encryption and set this to false.
In the future, Nextcloud may move to AES-256-GCM, by then, this option will be removed.
Type: boolean
Default: versionOlder system.stateVersion "22.11"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
|
services.nextcloud.enableImagemagickWhether to enable the ImageMagick module for PHP. This is used by the theming app and for generating previews of certain images (e.g. SVG and HEIF). You may want to disable it for increased security. In that case, previews will still be available for some images (e.g. JPEG and PNG). See https://github.com/nextcloud/server/issues/13099. .
Type: boolean
Default: true
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
|
services.nextcloud.packageWhich package to use for the Nextcloud instance.
Type: package
Related packages:
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
|
services.nextcloud.appstoreEnableAllow the installation of apps and app updates from the store.
Enabled by default unless there are packages in services.nextcloud.extraApps.
Set to true to force enable the store even if services.nextcloud.extraApps is used.
Set to false to disable the installation of apps from the global appstore. App management is always enabled regardless of this setting.
Type: null or boolean
Default: null
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
|
services.nextcloud.autoUpdateApps.enableRun regular auto update of all apps installed from the nextcloud app store.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
|
services.nextcloud.autoUpdateApps.startAtWhen to run the update. See systemd.services.<name>.startAt.
Type: string or list of string
Default: "05:00:00"
Example: "Sun 14:00:00"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
|
services.nextcloud.caching.apcuWhether to load the APCu module into PHP.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
|
services.nextcloud.caching.memcachedWhether to load the Memcached module into PHP. You still need to enable Memcached in your config.php. See https://docs.nextcloud.com/server/14/admin_manual/configuration_server/caching_configuration.html
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
|
services.nextcloud.caching.redisWhether to load the Redis module into PHP. You still need to enable Redis in your config.php. See https://docs.nextcloud.com/server/14/admin_manual/configuration_server/caching_configuration.html
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
|
services.nextcloud.config.adminpassFileThe full path to a file that contains the admin's password. Must be
readable by user nextcloud.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
|
services.nextcloud.config.adminuserAdmin username.
Type: string
Default: "root"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
|
services.nextcloud.config.dbhostDatabase host.
Note: for using Unix authentication with PostgreSQL, this should be
set to /run/postgresql.
Type: null or string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
|
services.nextcloud.config.dbnameDatabase name.
Type: null or string
Default: "nextcloud"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
|
services.nextcloud.config.dbpassFileThe full path to a file that contains the database password.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
|
services.nextcloud.config.dbportDatabase port.
Type: null or signed integer or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
|
services.nextcloud.config.dbtableprefixTable prefix in Nextcloud database.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
|
services.nextcloud.config.dbtypeDatabase type.
Type: one of "sqlite", "pgsql", "mysql"
Default: "sqlite"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
|
services.nextcloud.config.dbuserDatabase user.
Type: null or string
Default: "nextcloud"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
|
services.nextcloud.config.defaultPhoneRegionThis option exists since Nextcloud 21! If older versions are used, this will throw an eval-error!
ISO 3611-1 country codes for automatic phone-number detection without a country code.
With e.g. DE set, the +49 can be omitted for
phone-numbers.
Type: null or string
Default: null
Example: "DE"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
|
services.nextcloud.config.extraTrustedDomainsTrusted domains, from which the nextcloud installation will be
accessible. You don't need to add
services.nextcloud.hostname here.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
|
services.nextcloud.config.objectstore.s3.enableWhether to enable S3 object storage as primary storage.
This mounts a bucket on an Amazon S3 object storage or compatible implementation into the virtual filesystem.
Further details about this feature can be found in the upstream documentation. .
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
|
services.nextcloud.config.objectstore.s3.autocreateCreate the objectstore if it does not exist.
Type: boolean
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
|
services.nextcloud.config.objectstore.s3.bucketThe name of the S3 bucket.
Type: string
Example: "nextcloud"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
|
services.nextcloud.config.objectstore.s3.hostnameRequired for some non-Amazon implementations.
Type: null or string
Default: null
Example: "example.com"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
|
services.nextcloud.config.objectstore.s3.keyThe access key for the S3 bucket.
Type: string
Example: "EJ39ITYZEUH5BGWDRUFY"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
|
services.nextcloud.config.objectstore.s3.portRequired for some non-Amazon implementations.
Type: null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
|
services.nextcloud.config.objectstore.s3.regionRequired for some non-Amazon implementations.
Type: null or string
Default: null
Example: "REGION"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
|
services.nextcloud.config.objectstore.s3.secretFileThe full path to a file that contains the access secret. Must be
readable by user nextcloud.
Type: string
Example: "/var/nextcloud-objectstore-s3-secret"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
|
services.nextcloud.config.objectstore.s3.usePathStyleRequired for some non-Amazon S3 implementations.
Ordinarily, requests will be made with
http://bucket.hostname.domain/, but with path style
enabled requests are made with
http://hostname.domain/bucket instead.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
|
services.nextcloud.config.objectstore.s3.useSslUse SSL for objectstore access.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
|
services.nextcloud.config.overwriteProtocolForce Nextcloud to always use HTTPS i.e. for link generation. Nextcloud
uses the currently used protocol by default, but when behind a reverse-proxy,
it may use http for everything although Nextcloud
may be served via HTTPS.
Type: null or one of "http", "https"
Default: null
Example: "https"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
|
services.nextcloud.config.trustedProxiesTrusted proxies, to provide if the nextcloud installation is being proxied to secure against e.g. spoofing.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
|
services.nextcloud.database.createLocallyCreate the database and database user locally. Only available for mysql database. Note that this option will use the latest version of MariaDB which is not officially supported by Nextcloud. As for now a workaround is used to also support MariaDB version >= 10.6.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
|
services.nextcloud.datadirData storage path of nextcloud. Will be services.nextcloud.home by default.
This folder will be populated with a config.php and data folder which contains the state of the instance (excl the database).";
Type: string
Default: config.services.nextcloud.home
Example: "/mnt/nextcloud-file"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
|
services.nextcloud.extraAppsExtra apps to install. Should be an attrSet of appid to packages generated by fetchNextcloudApp.
The appid must be identical to the "id" value in the apps appinfo/info.xml.
Using this will disable the appstore to prevent Nextcloud from updating these apps (see services.nextcloud.appstoreEnable).
Type: attribute set of package
Default: { }
Example:
{
maps = pkgs.fetchNextcloudApp {
name = "maps";
sha256 = "007y80idqg6b6zk6kjxg4vgw0z8fsxs9lajnv49vv1zjy6jx2i1i";
url = "https://github.com/nextcloud/maps/releases/download/v0.1.9/maps-0.1.9.tar.gz";
version = "0.1.9";
};
phonetrack = pkgs.fetchNextcloudApp {
name = "phonetrack";
sha256 = "0qf366vbahyl27p9mshfma1as4nvql6w75zy2zk5xwwbp343vsbc";
url = "https://gitlab.com/eneiluj/phonetrack-oc/-/wikis/uploads/931aaaf8dca24bf31a7e169a83c17235/phonetrack-0.6.9.tar.gz";
version = "0.6.9";
};
}
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
|
services.nextcloud.extraAppsEnableAutomatically enable the apps in services.nextcloud.extraApps every time nextcloud starts.
If set to false, apps need to be enabled in the Nextcloud user interface or with nextcloud-occ app:enable.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
|
services.nextcloud.extraOptionsExtra options which should be appended to nextcloud's config.php file.
Type: JSON value
Default: { }
Example:
{
redis = {
host = "/run/redis/redis.sock";
port = 0;
dbindex = 0;
password = "secret";
timeout = 1.5;
};
} Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
|
services.nextcloud.fastcgiTimeoutFastCGI timeout for database connection in seconds.
Type: signed integer
Default: 120
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
|
services.nextcloud.globalProfilesMakes user-profiles globally available under nextcloud.tld/u/user.name.
Even though it's enabled by default in Nextcloud, it must be explicitly enabled
here because it has the side-effect that personal information is even accessible to
unauthenticated users by default.
By default, the following properties are set to “Show to everyone” if this flag is enabled:
About
Full name
Headline
Organisation
Profile picture
Role
Website
Only has an effect in Nextcloud 23 and later.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
|
services.nextcloud.homeStorage path of nextcloud.
Type: string
Default: "/var/lib/nextcloud"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
|
services.nextcloud.hostNameFQDN for the nextcloud instance.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
|
services.nextcloud.httpsUse https for generated links.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
|
services.nextcloud.logLevelLog level value between 0 (DEBUG) and 4 (FATAL).
Type: integer between 0 and 4 (both inclusive)
Default: 2
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
|
services.nextcloud.logTypeLogging backend to use. systemd requires the php-systemd package to be added to services.nextcloud.phpExtraExtensions. See the nextcloud documentation for details.
Type: one of "errorlog", "file", "syslog", "systemd"
Default: "syslog"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
|
services.nextcloud.maxUploadSizeDefines the upload limit for files. This changes the relevant options in php.ini and nginx if enabled.
Type: string
Default: "512M"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
|
services.nextcloud.nginx.hstsMaxAgeValue for the max-age directive of the HTTP
Strict-Transport-Security header.
See section 6.1.1 of IETF RFC 6797 for detailed information on this directive and header.
Type: positive integer, meaning >0
Default: 15552000
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
|
services.nextcloud.nginx.recommendedHttpHeadersEnable additional recommended HTTP response headers
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
|
services.nextcloud.phpExtraExtensionsAdditional PHP extensions to use for nextcloud. By default, only extensions necessary for a vanilla nextcloud installation are enabled, but you may choose from the list of available extensions and add further ones. This is sometimes necessary to be able to install a certain nextcloud app that has additional requirements.
Type: function that evaluates to a(n) list of package
Default: all: []
Example:
all: [ all.pdlib all.bz2 ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
|
services.nextcloud.phpOptionsOptions for PHP's php.ini file for nextcloud.
Type: attribute set of string
Default:
{
catch_workers_output = "yes";
display_errors = "stderr";
error_reporting = "E_ALL & ~E_DEPRECATED & ~E_STRICT";
expose_php = "Off";
"opcache.enable_cli" = "1";
"opcache.fast_shutdown" = "1";
"opcache.interned_strings_buffer" = "8";
"opcache.max_accelerated_files" = "10000";
"opcache.memory_consumption" = "128";
"opcache.revalidate_freq" = "1";
"openssl.cafile" = "/etc/ssl/certs/ca-certificates.crt";
short_open_tag = "Off";
}Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
|
services.nextcloud.phpPackagePHP package to use for Nextcloud.
Type: package
Related packages:
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
|
services.nextcloud.poolConfigOptions for nextcloud's PHP pool. See the documentation on php-fpm.conf for details on configuration directives.
Type: null or strings concatenated with "\n"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
|
services.nextcloud.poolSettingsOptions for nextcloud's PHP pool. See the documentation on php-fpm.conf for details on configuration directives.
Type: attribute set of (string or signed integer or boolean)
Default:
{
pm = "dynamic";
"pm.max_children" = "32";
"pm.max_requests" = "500";
"pm.max_spare_servers" = "4";
"pm.min_spare_servers" = "2";
"pm.start_servers" = "2";
}Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
|
services.nextcloud.secretFileSecret options which will be appended to nextcloud's config.php file (written as JSON, in the same
form as the services.nextcloud.extraOptions option), for example
{"redis":{"password":"secret"}}.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
|
services.nextcloud.skeletonDirectoryThe directory where the skeleton files are located. These files will be copied to the data directory of new users. Leave empty to not copy any skeleton files.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
|
services.nextcloud.webfingerEnable this option if you plan on using the webfinger plugin. The appropriate nginx rewrite rules will be added to your configuration.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nextcloud.nix>
|
services.nextdns.enableWhether to enable the NextDNS DNS/53 to DoH Proxy service.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/nextdns.nix>
|
services.nextdns.argumentsAdditional arguments to be passed to nextdns run.
Type: list of string
Default: [ ]
Example:
[ "-config" "10.0.3.0/24=abcdef" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/nextdns.nix>
|
services.nexus.enableWhether to enable Sonatype Nexus3 OSS service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nexus.nix>
|
services.nexus.packagePackage which runs Nexus3
Type: package
Default: pkgs.nexus
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nexus.nix>
|
services.nexus.groupGroup which runs Nexus3.
Type: string
Default: "nexus"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nexus.nix>
|
services.nexus.homeHome directory of the Nexus3 instance.
Type: string
Default: "/var/lib/sonatype-work"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nexus.nix>
|
services.nexus.jvmOptsOptions for the JVM written to nexus.jvmopts.
Please refer to the docs (https://help.sonatype.com/repomanager3/installation/configuring-the-runtime-environment)
for further information.
Type: strings concatenated with "\n"
Default:
''
-Xms1200M
-Xmx1200M
-XX:MaxDirectMemorySize=2G
-XX:+UnlockDiagnosticVMOptions
-XX:+UnsyncloadClass
-XX:+LogVMOutput
-XX:LogFile=${home}/nexus3/log/jvm.log
-XX:-OmitStackTraceInFastThrow
-Djava.net.preferIPv4Stack=true
-Dkaraf.home=${package}
-Dkaraf.base=${package}
-Dkaraf.etc=${package}/etc/karaf
-Djava.util.logging.config.file=${package}/etc/karaf/java.util.logging.properties
-Dkaraf.data=${home}/nexus3
-Djava.io.tmpdir=${home}/nexus3/tmp
-Dkaraf.startLocalConsole=false
-Djava.endorsed.dirs=${package}/lib/endorsed
''
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nexus.nix>
|
services.nexus.listenAddressAddress to listen on.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nexus.nix>
|
services.nexus.listenPortPort to listen on.
Type: signed integer
Default: 8081
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nexus.nix>
|
services.nexus.userUser which runs Nexus3.
Type: string
Default: "nexus"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nexus.nix>
|
services.nfs.extraConfigExtra nfs-utils configuration.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/nfs.nix>
|
services.nfs.idmapd.settingslibnfsidmap configuration. Refer to https://linux.die.net/man/5/idmapd.conf for details.
Type: attribute set of attribute set of (INI atom (null, bool, int, float or string))
Default: { }
Example:
{
Translation = {
GSS-Methods = "static,nsswitch";
};
Static = {
"root/hostname.domain.com@REALM.COM" = "root";
};
}
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/nfs.nix>
|
services.nfs.server.enableWhether to enable the kernel's NFS server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/nfsd.nix>
|
services.nfs.server.createMountPointsWhether to create the mount points in the exports file at startup time.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/nfsd.nix>
|
services.nfs.server.exportsContents of the /etc/exports file. See exports(5) for the format.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/nfsd.nix>
|
services.nfs.server.extraNfsdConfigExtra configuration options for the [nfsd] section of /etc/nfs.conf.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/nfsd.nix>
|
services.nfs.server.hostNameHostname or address on which NFS requests will be accepted.
Default is all. See the -H option in
nfsd(8).
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/nfsd.nix>
|
services.nfs.server.lockdPortUse a fixed port for the NFS lock manager kernel module
(lockd/nlockmgr). This is useful if the
NFS server is behind a firewall.
Type: null or signed integer
Default: null
Example: 4001
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/nfsd.nix>
|
services.nfs.server.mountdPortUse fixed port for rpc.mountd, useful if server is behind firewall.
Type: null or signed integer
Default: null
Example: 4002
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/nfsd.nix>
|
services.nfs.server.nprocNumber of NFS server threads. Defaults to the recommended value of 8.
Type: signed integer
Default: 8
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/nfsd.nix>
|
services.nfs.server.statdPortUse a fixed port for rpc.statd. This is useful if the NFS server is behind a firewall.
Type: null or signed integer
Default: null
Example: 4000
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/nfsd.nix>
|
services.nghttpx.enableWhether to enable nghttpx.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix>
|
services.nghttpx.backend-address-familySpecify address family of backend connections. If "auto" is given, both IPv4 and IPv6 are considered. If "IPv4" is given, only IPv4 address is considered. If "IPv6" is given, only IPv6 address is considered.
Please see https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx--backend-address-family
Type: one of "auto", "IPv4", "IPv6"
Default: "auto"
Declared by:
<nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix>
|
services.nghttpx.backendsA list of backend specifications.
Type: list of (submodule)
Example:
[
{
params = {
proto = "http/1.1";
redirect-if-not-tls = true;
};
patterns = [
"/"
];
server = {
host = "172.16.0.22";
port = 8443;
};
}
]Declared by:
<nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix>
|
services.nghttpx.backends.*.paramsParameters to configure a backend.
Type: null or (submodule)
Default: null
Example:
{
proto = "h2";
tls = true;
}Declared by:
<nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix>
|
services.nghttpx.backends.*.params.affinityIf "ip" is given, client IP based session affinity is enabled. If "none" is given, session affinity is disabled.
Session affinity is enabled (by nghttpx) per-backend pattern. If at least one backend has a non-"none" affinity, then session affinity is enabled for all backend servers sharing the same pattern.
It is advised to set affinity on all backends explicitly if session affinity is desired. The session affinity may break if one of the backend gets unreachable, or backend settings are reloaded or replaced by API.
Please see https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx-b for more detail.
Type: one of "ip", "none"
Default: "none"
Declared by:
<nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix>
|
services.nghttpx.backends.*.params.dnsName resolution of a backends host name is done at start up, or configuration reload. If "dns" is true, name resolution takes place dynamically.
This is useful if a backends address changes frequently. If "dns" is true, name resolution of a backend's host name at start up, or configuration reload is skipped.
Please see https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx-b for more detail.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix>
|
services.nghttpx.backends.*.params.fallIf nghttpx cannot connect to the backend N times in a row, the backend is assumed to be offline and is excluded from load balancing. If N is 0 the backend is never excluded from load balancing.
Please see https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx-b for more detail.
Type: signed integer
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix>
|
services.nghttpx.backends.*.params.protoThis option configures the protocol the backend server expects to use.
Please see https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx-b for more detail.
Type: one of "h2", "http/1.1"
Default: "http/1.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix>
|
services.nghttpx.backends.*.params.redirect-if-not-tlsIf true, a backend match requires the frontend connection be TLS encrypted. If it is not, nghttpx responds to the request with a 308 status code and https URI the client should use instead in the Location header.
The port number in the redirect URI is 443 by default and can be changed using 'services.nghttpx.redirect-https-port' option.
If at least one backend has "redirect-if-not-tls" set to true, this feature is enabled for all backend servers with the same pattern. It is advised to set "redirect-if-no-tls" parameter to all backends explicitly if this feature is desired.
Please see https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx-b for more detail.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix>
|
services.nghttpx.backends.*.params.riseIf the backend is excluded from load balancing, nghttpx will periodically attempt to make a connection to the backend. If the connection is successful N times in a row the backend is re-included in load balancing. If N is 0 a backend is never reconsidered for load balancing once it falls.
Please see https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx-b for more detail.
Type: signed integer
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix>
|
services.nghttpx.backends.*.params.sniOverride the TLS SNI field value. This value (in nghttpx) defaults to the host value of the backend configuration.
Please see https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx-b for more detail.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix>
|
services.nghttpx.backends.*.params.tlsThis option determines whether nghttpx will negotiate its connection with a backend server using TLS or not. The burden is on the backend server to provide the TLS certificate!
Please see https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx-b for more detail.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix>
|
services.nghttpx.backends.*.patternsList of nghttpx backend patterns.
Please see https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx-b for more information on the pattern syntax and nghttpxs behavior.
Type: list of string
Default: [ ]
Example:
[ "*.host.net/v1/" "host.org/v2/mypath" "/somepath" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix>
|
services.nghttpx.backends.*.serverBackend server location specified as either a host:port pair or a unix domain docket.
Type: (submodule) or path
Default:
{
host = "127.0.0.1";
port = 80;
}Example:
{
host = "127.0.0.1";
port = 8888;
}Declared by:
<nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix>
|
services.nghttpx.backlogListen backlog size.
Please see https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx--backlog
Type: signed integer
Default: 65536
Declared by:
<nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix>
|
services.nghttpx.extraConfigExtra configuration options to be appended to the generated configuration file.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix>
|
services.nghttpx.frontendsA list of frontend listener specifications.
Type: list of (submodule)
Example:
[
{
params = {
tls = "no-tls";
};
server = {
host = "*";
port = 80;
};
}
]Declared by:
<nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix>
|
services.nghttpx.frontends.*.paramsParameters to configure a backend.
Type: null or (submodule)
Default: null
Example:
{
tls = "tls";
}Declared by:
<nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix>
|
services.nghttpx.frontends.*.params.apiEnable API access for this frontend. This enables you to dynamically modify nghttpx at run-time therefore this feature is disabled by default and should be turned on with care.
Please see https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx-f for more detail.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix>
|
services.nghttpx.frontends.*.params.healthmonMake this frontend a health monitor endpoint. Any request received on this frontend is responded to with a 200 OK.
Please see https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx-f for more detail.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix>
|
services.nghttpx.frontends.*.params.proxyprotoAccept PROXY protocol version 1 on frontend connection.
Please see https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx-f for more detail.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix>
|
services.nghttpx.frontends.*.params.sni-fwdWhen performing a match to select a backend server, SNI host name received from the client is used instead of the request host. See --backend option about the pattern match.
Please see https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx-f for more detail.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix>
|
services.nghttpx.frontends.*.params.tlsEnable or disable TLS. If true (enabled) the key and certificate must be configured for nghttpx.
Please see https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx-f for more detail.
Type: one of "tls", "no-tls"
Default: "tls"
Declared by:
<nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix>
|
services.nghttpx.frontends.*.serverFrontend server interface binding specification as either a host:port pair or a unix domain docket.
NB: a host of "*" listens on all interfaces and includes IPv6 addresses.
Type: (submodule) or path
Default:
{
host = "127.0.0.1";
port = 80;
}Example:
{
host = "127.0.0.1";
port = 8888;
}Declared by:
<nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix>
|
services.nghttpx.rlimit-nofileSet maximum number of open files (RLIMIT_NOFILE) to <N>. If 0 is given, nghttpx does not set the limit.
Please see https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx--rlimit-nofile
Type: signed integer
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix>
|
services.nghttpx.single-processRun this program in a single process mode for debugging purpose. Without this option, nghttpx creates at least 2 processes: master and worker processes. If this option is used, master and worker are unified into a single process. nghttpx still spawns additional process if neverbleed is used. In the single process mode, the signal handling feature is disabled.
Please see https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx--single-process
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix>
|
services.nghttpx.single-threadRun everything in one thread inside the worker process. This feature is provided for better debugging experience, or for the platforms which lack thread support. If threading is disabled, this option is always enabled.
Please see https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx--single-thread
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix>
|
services.nghttpx.tlsTLS certificate and key paths. Note that this does not enable
TLS for a frontend listener, to do so, a frontend
specification must set params.tls to true.
Type: null or (submodule)
Default: null
Example:
{
crt = "/etc/ssl/certs/server.crt";
key = "/etc/ssl/keys/server.key";
}Declared by:
<nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix>
|
services.nghttpx.tls.crtPath to the TLS certificate file.
Type: string
Default: "/etc/ssl/certs/server.crt"
Example: "/etc/ssl/certs/mycert.crt"
Declared by:
<nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix>
|
services.nghttpx.tls.keyPath to the TLS key file.
Type: string
Default: "/etc/ssl/keys/server.key"
Example: "/etc/ssl/keys/mykeyfile.key"
Declared by:
<nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix>
|
services.nghttpx.workersSet the number of worker threads.
Please see https://nghttp2.org/documentation/nghttpx.1.html#cmdoption-nghttpx-n
Type: signed integer
Default: 1
Declared by:
<nixpkgs/nixos/modules/services/networking/nghttpx/nghttpx-options.nix>
|
services.nginx.enableWhether to enable Nginx Web Server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.enableReloadReload nginx when configuration file changes (instead of restart).
The configuration file is exposed at /etc/nginx/nginx.conf.
See also systemd.services.*.restartIfChanged.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.packageNginx package to use. This defaults to the stable version. Note
that the nginx team recommends to use the mainline version which
available in nixpkgs as nginxMainline.
Type: package
Default: pkgs.nginxStable
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.additionalModulesAdditional third-party nginx modules
to install. Packaged modules are available in
pkgs.nginxModules.
Type: list of attribute set of anything
Default: [ ]
Example: [ pkgs.nginxModules.brotli ]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.appendConfigConfiguration lines appended to the generated Nginx
configuration file. Commonly used by different modules
providing http snippets. appendConfig
can be specified more than once and it's value will be
concatenated (contrary to config which
can be set only once).
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.appendHttpConfigConfiguration lines to be appended to the generated http block. This is mutually exclusive with using config and httpConfig for specifying the whole http block verbatim.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.clientMaxBodySizeSet nginx global client_max_body_size.
Type: string
Default: "10m"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.commonHttpConfigWith nginx you must provide common http context definitions before they are used, e.g. log_format, resolver, etc. inside of server or location contexts. Use this attribute to set these definitions at the appropriate location.
Type: strings concatenated with "\n"
Default: ""
Example:
''
resolver 127.0.0.1 valid=5s;
log_format myformat '$remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"';
''Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.configVerbatim nginx.conf configuration.
This is mutually exclusive to any other config option for
nginx.conf except for
If additional verbatim config in addition to other options is needed,
services.nginx.appendConfig should be used instead.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.defaultHTTPListenPortIf vhosts do not specify listen.port, use these ports for HTTP by default.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 80
Example: 8080
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.defaultListenAddressesIf vhosts do not specify listenAddresses, use these addresses by default.
Type: list of string
Default: [ "0.0.0.0" ] ++ lib.optional config.networking.enableIPv6 "[::0]"
Example: [ "10.0.0.12" "[2002:a00:1::]" ]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.defaultSSLListenPortIf vhosts do not specify listen.port, use these ports for SSL by default.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 443
Example: 8443
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.eventsConfigConfiguration lines to be set inside the events block.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.gitweb.enableIf true, enable gitweb in nginx.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/gitweb.nix>
|
services.nginx.gitweb.groupGroup that the CGI process will belong to. (Set to config.services.gitolite.group if you are using gitolite.)
Type: string
Default: "nginx"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/gitweb.nix>
|
services.nginx.gitweb.locationLocation to serve gitweb on.
Type: string
Default: "/gitweb"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/gitweb.nix>
|
services.nginx.gitweb.userExisting user that the CGI process will belong to. (Default almost surely will do.)
Type: string
Default: "nginx"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/gitweb.nix>
|
services.nginx.gitweb.virtualHostVirtualHost to serve gitweb on. Default is catch-all.
Type: string
Default: "_"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/gitweb.nix>
|
services.nginx.groupGroup account under which nginx runs.
Type: string
Default: "nginx"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.httpConfigConfiguration lines to be set inside the http block. This is mutually exclusive with the structured configuration via virtualHosts and the recommendedXyzSettings configuration options. See appendHttpConfig for appending to the generated http block.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.logErrorConfigures logging. The first parameter defines a file that will store the log. The special value stderr selects the standard error file. Logging to syslog can be configured by specifying the “syslog:” prefix. The second parameter determines the level of logging, and can be one of the following: debug, info, notice, warn, error, crit, alert, or emerg. Log levels above are listed in the order of increasing severity. Setting a certain log level will cause all messages of the specified and more severe log levels to be logged. If this parameter is omitted then error is used.
Type: string
Default: "stderr"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.mapHashBucketSizeSets the bucket size for the map variables hash tables. Default value depends on the processor’s cache line size.
Type: null or one of 32, 64, 128
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.mapHashMaxSizeSets the maximum size of the map variables hash tables.
Type: null or positive integer, meaning >0
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.preStartShell commands executed before the service's nginx is started.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.proxyCacheConfigure proxy cache
Type: submodule
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.proxyCache.enableWhether to enable Enable proxy cache.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.proxyCache.inactiveCached data that has not been accessed for the time specified by the inactive parameter is removed from the cache, regardless of its freshness.
Type: string
Default: "10m"
Example: "1d"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.proxyCache.keysZoneNameSet name to shared memory zone.
Type: string
Default: "cache"
Example: "my_cache"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.proxyCache.keysZoneSizeSet size to shared memory zone.
Type: string
Default: "10m"
Example: "32m"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.proxyCache.levelsThe levels parameter defines structure of subdirectories in cache: from 1 to 3, each level accepts values 1 or 2. Сan be used any combination of 1 and 2 in these formats: x, x:x and x:x:x.
Type: string
Default: "1:2"
Example: "1:2:2"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.proxyCache.maxSizeSet maximum cache size
Type: string
Default: "1g"
Example: "2048m"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.proxyCache.useTempPathNginx first writes files that are destined for the cache to a temporary storage area, and the use_temp_path=off directive instructs Nginx to write them to the same directories where they will be cached. Recommended that you set this parameter to off to avoid unnecessary copying of data between file systems.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.proxyResolveWhileRunningResolves domains of proxyPass targets at runtime and not only at start, you have to set services.nginx.resolver, too.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.proxyTimeoutChange the proxy related timeouts in recommendedProxySettings.
Type: string
Default: "60s"
Example: "20s"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.recommendedGzipSettingsEnable recommended gzip settings.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.recommendedOptimisationEnable recommended optimisation settings.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.recommendedProxySettingsWhether to enable recommended proxy settings if a vhost does not specify the option manually.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.recommendedTlsSettingsEnable recommended TLS settings.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.resolverConfigures name servers used to resolve names of upstream servers into addresses
Type: submodule
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.resolver.addressesList of resolvers to use
Type: list of string
Default: [ ]
Example: [ "[::1]" "127.0.0.1:5353" ]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.resolver.ipv6By default, nginx will look up both IPv4 and IPv6 addresses while resolving. If looking up of IPv6 addresses is not desired, the ipv6=off parameter can be specified.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.resolver.validBy default, nginx caches answers using the TTL value of a response. An optional valid parameter allows overriding it
Type: string
Default: ""
Example: "30s"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.serverNamesHashBucketSizeSets the bucket size for the server names hash tables. Default value depends on the processor’s cache line size.
Type: null or positive integer, meaning >0
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.serverNamesHashMaxSizeSets the maximum size of the server names hash tables.
Type: null or positive integer, meaning >0
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.serverTokensShow nginx version in headers and error pages.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.sslCiphersCiphers to choose from when negotiating TLS handshakes.
Type: null or string
Default: "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.sslDhparamPath to DH parameters file.
Type: null or path
Default: null
Example: "/path/to/dhparams.pem"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.sslProtocolsAllowed TLS protocol versions.
Type: string
Default: "TLSv1.2 TLSv1.3"
Example: "TLSv1 TLSv1.1 TLSv1.2 TLSv1.3"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.sso.enableWhether to enable nginx-sso service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/security/nginx-sso.nix>
|
services.nginx.sso.packageThe nginx-sso package that should be used.
Type: package
Default: pkgs.nginx-sso
Declared by:
<nixpkgs/nixos/modules/services/security/nginx-sso.nix>
|
services.nginx.sso.configurationnginx-sso configuration (documentation) as a Nix attribute set.
Type: attribute set of unspecified value
Default: { }
Example:
{
listen = { addr = "127.0.0.1"; port = 8080; };
providers.token.tokens = {
myuser = "MyToken";
};
acl = {
rule_sets = [
{
rules = [ { field = "x-application"; equals = "MyApp"; } ];
allow = [ "myuser" ];
}
];
};
}
Declared by:
<nixpkgs/nixos/modules/services/security/nginx-sso.nix>
|
services.nginx.statusPageEnable status page reachable from localhost on http://127.0.0.1/nginx_status.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.streamConfigConfiguration lines to be set inside the stream block.
Type: strings concatenated with "\n"
Default: ""
Example:
''
server {
listen 127.0.0.1:53 udp reuseport;
proxy_timeout 20s;
proxy_pass 192.168.0.1:53535;
}
''Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.upstreamsDefines a group of servers to use as proxy target.
Type: attribute set of (submodule)
Default: { }
Example:
"backend_server" = {
servers = { "127.0.0.1:8000" = {}; };
extraConfig = '''
keepalive 16;
''';
};
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.upstreams.<name>.extraConfigThese lines go to the end of the upstream verbatim.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.upstreams.<name>.serversDefines the address and other parameters of the upstream servers.
Type: attribute set of (submodule)
Default: { }
Example:
{
"127.0.0.1:8000" = { };
}Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.upstreams.<name>.servers.<name>.backupMarks the server as a backup server. It will be passed requests when the primary servers are unavailable.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.userUser account under which nginx runs.
Type: string
Default: "nginx"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.virtualHostsDeclarative vhost config
Type: attribute set of (submodule)
Default:
{
localhost = { };
}Example:
{
"hydra.example.com" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:3000";
};
};
};
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.virtualHosts.<name>.enableACMEWhether to ask Let's Encrypt to sign a certificate for this vhost.
Alternately, you can use an existing certificate through useACMEHost.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.virtualHosts.<name>.acmeFallbackHostHost which to proxy requests to if ACME challenge is not found. Useful if you want multiple hosts to be able to verify the same domain name.
With this option, you could request certificates for the present domain with an ACME client that is running on another host, which you would specify here.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.virtualHosts.<name>.acmeRootDirectory for the ACME challenge, which is public. Don't put certs or keys in here. Set to null to inherit from config.security.acme.
Type: null or string
Default: "/var/lib/acme/acme-challenge"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.virtualHosts.<name>.addSSLWhether to enable HTTPS in addition to plain HTTP. This will set defaults for
listen to listen on all interfaces on the respective default
ports (80, 443).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.virtualHosts.<name>.basicAuthBasic Auth protection for a vhost.
WARNING: This is implemented to store the password in plain text in the Nix store.
Type: attribute set of string
Default: { }
Example:
{
user = "password";
};
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.virtualHosts.<name>.basicAuthFileBasic Auth password file for a vhost. Can be created via: htpasswd -c <filename> <username>.
WARNING: The generate file contains the users' passwords in a non-cryptographically-securely hashed way.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.virtualHosts.<name>.defaultMakes this vhost the default.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.virtualHosts.<name>.extraConfigThese lines go to the end of the vhost verbatim.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.virtualHosts.<name>.forceSSLWhether to add a separate nginx server block that permanently redirects (301)
all plain HTTP traffic to HTTPS. This will set defaults for
listen to listen on all interfaces on the respective default
ports (80, 443), where the non-SSL listens are used for the redirect vhosts.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.virtualHosts.<name>.globalRedirectIf set, all requests for this host are redirected permanently to the given hostname.
Type: null or string
Default: null
Example: "newserver.example.org"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.virtualHosts.<name>.http2Whether to enable HTTP 2. Note that (as of writing) due to nginx's implementation, to disable HTTP 2 you have to disable it on all vhosts that use a given IP address / port. If there is one server block configured to enable http2,then it is enabled for all server blocks on this IP. See https://stackoverflow.com/a/39466948/263061.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.virtualHosts.<name>.http3Whether to enable HTTP 3.
This requires using pkgs.nginxQuic package
which can be achieved by setting services.nginx.package = pkgs.nginxQuic;.
Note that HTTP 3 support is experimental and
not yet recommended for production.
Read more at https://quic.nginx.org/
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.virtualHosts.<name>.kTLSWhether to enable kTLS support. Implementing TLS in the kernel (kTLS) improves performance by significantly reducing the need for copying operations between user space and the kernel. Required Nginx version 1.21.4 or later.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.virtualHosts.<name>.listenListen addresses and ports for this virtual host.
IPv6 addresses must be enclosed in square brackets.
Note: this option overrides addSSL
and onlySSL.
If you only want to set the addresses manually and not
the ports, take a look at listenAddresses
Type: list of (submodule)
Default: [ ]
Example:
[
{
addr = "195.154.1.1";
port = 443;
ssl = true;
}
{
addr = "192.154.1.1";
port = 80;
}
]Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.virtualHosts.<name>.listen.*.addrIP address.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.virtualHosts.<name>.listen.*.extraParametersExtra parameters of this listen directive.
Type: list of string
Default: [ ]
Example:
[ "backlog=1024" "deferred" ]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.virtualHosts.<name>.listen.*.portPort number.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 80
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.virtualHosts.<name>.listen.*.sslEnable SSL.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.virtualHosts.<name>.listenAddressesListen addresses for this virtual host.
Compared to listen this only sets the addresses
and the ports are chosen automatically.
Note: This option overrides enableIPv6
Type: list of string
Default: [ ]
Example:
[ "127.0.0.1" "[::1]" ]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.virtualHosts.<name>.locationsDeclarative location config
Type: attribute set of (submodule)
Default: { }
Example:
{
"/" = {
proxyPass = "http://localhost:3000";
};
};
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.virtualHosts.<name>.locations.<name>.aliasAlias directory for requests.
Type: null or path
Default: null
Example: "/your/alias/directory"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.virtualHosts.<name>.locations.<name>.basicAuthBasic Auth protection for a vhost.
WARNING: This is implemented to store the password in plain text in the Nix store.
Type: attribute set of string
Default: { }
Example:
{
user = "password";
};
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.virtualHosts.<name>.locations.<name>.basicAuthFileBasic Auth password file for a vhost. Can be created via: htpasswd -c <filename> <username>.
WARNING: The generate file contains the users' passwords in a non-cryptographically-securely hashed way.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.virtualHosts.<name>.locations.<name>.extraConfigThese lines go to the end of the location verbatim.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.virtualHosts.<name>.locations.<name>.fastcgiParamsFastCGI parameters to override. Unlike in the Nginx configuration file, overriding only some default parameters won't unset the default values for other parameters.
Type: attribute set of (string or path)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.virtualHosts.<name>.locations.<name>.indexAdds index directive.
Type: null or string
Default: null
Example: "index.php index.html"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.virtualHosts.<name>.locations.<name>.priorityOrder of this location block in relation to the others in the vhost.
The semantics are the same as with lib.mkOrder. Smaller values have
a greater priority.
Type: signed integer
Default: 1000
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.virtualHosts.<name>.locations.<name>.proxyPassAdds proxy_pass directive and sets recommended proxy headers if recommendedProxySettings is enabled.
Type: null or string
Default: null
Example: "http://www.example.org/"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.virtualHosts.<name>.locations.<name>.proxyWebsocketsWhether to support proxying websocket connections with HTTP/1.1.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.virtualHosts.<name>.locations.<name>.recommendedProxySettingsEnable recommended proxy settings.
Type: boolean
Default: config.services.nginx.recommendedProxySettings
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.virtualHosts.<name>.locations.<name>.returnAdds a return directive, for e.g. redirections.
Type: null or string
Default: null
Example: "301 http://example.com$request_uri"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.virtualHosts.<name>.locations.<name>.rootRoot directory for requests.
Type: null or path
Default: null
Example: "/your/root/directory"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.virtualHosts.<name>.locations.<name>.tryFilesAdds try_files directive.
Type: null or string
Default: null
Example: "$uri =404"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.virtualHosts.<name>.onlySSLWhether to enable HTTPS and reject plain HTTP connections. This will set
defaults for listen to listen on all interfaces on port 443.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.virtualHosts.<name>.rejectSSLWhether to listen for and reject all HTTPS connections to this vhost. Useful in
default
server blocks to avoid serving the certificate for another vhost. Uses the
ssl_reject_handshake directive available in nginx versions
1.19.4 and above.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.virtualHosts.<name>.reuseportCreate an individual listening socket . It is required to specify only once on one of the hosts.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.virtualHosts.<name>.rootThe path of the web root directory.
Type: null or path
Default: null
Example: "/data/webserver/docs"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.virtualHosts.<name>.serverAliasesAdditional names of virtual hosts served by this virtual host configuration.
Type: list of string
Default: [ ]
Example:
[ "www.example.org" "example.org" ]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.virtualHosts.<name>.serverNameName of this virtual host. Defaults to attribute name in virtualHosts.
Type: null or string
Default: null
Example: "example.org"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.virtualHosts.<name>.sslCertificatePath to server SSL certificate.
Type: path
Example: "/var/host.cert"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.virtualHosts.<name>.sslCertificateKeyPath to server SSL certificate key.
Type: path
Example: "/var/host.key"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.virtualHosts.<name>.sslTrustedCertificatePath to root SSL certificate for stapling and client certificates.
Type: null or path
Default: null
Example: "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.nginx.virtualHosts.<name>.useACMEHostA host of an existing Let's Encrypt certificate to use.
This is useful if you have many subdomains and want to avoid hitting the
rate limit.
Alternately, you can generate a certificate through enableACME.
Note that this option does not create any certificates, nor it does add subdomains to existing ones – you will need to create them manually using security.acme.certs.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-servers/nginx/default.nix>
|
services.ngircd.enableWhether to enable the ngircd IRC server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/ngircd.nix>
|
services.ngircd.packageThe ngircd package.
Type: package
Default: pkgs.ngircd
Declared by:
<nixpkgs/nixos/modules/services/networking/ngircd.nix>
|
services.ngircd.configThe ngircd configuration (see ngircd.conf(5)).
Type: strings concatenated with "\n"
Declared by:
<nixpkgs/nixos/modules/services/networking/ngircd.nix>
|
services.nifi.enableWhether to enable Apache NiFi.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nifi.nix>
|
services.nifi.enableHTTPSEnable HTTPS protocol. Don`t use in production.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nifi.nix>
|
services.nifi.packageApache NiFi package to use.
Type: package
Default: pkgs.nifi
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nifi.nix>
|
services.nifi.groupGroup account where Apache NiFi runs.
Type: string
Default: "nifi"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nifi.nix>
|
services.nifi.initJavaHeapSizeSet the initial heap size for the JVM in MB.
Type: null or signed integer
Default: null
Example: 1024
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nifi.nix>
|
services.nifi.initPasswordFilenitial password for Apache NiFi. Password must be at least 12 characters.
Type: null or path
Default: null
Example: "/run/keys/nifi/password-nifi"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nifi.nix>
|
services.nifi.initUserInitial user account for Apache NiFi. Username must be at least 4 characters.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nifi.nix>
|
services.nifi.listenHostBind to an ip for Apache NiFi web-ui.
Type: string
Default:
if config.services.nifi.enableHTTPS then "0.0.0.0" else "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nifi.nix>
|
services.nifi.listenPortBind to a port for Apache NiFi web-ui.
Type: signed integer
Default:
if config.services.nifi.enableHTTPS then "8443" else "8000"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nifi.nix>
|
services.nifi.maxJavaHeapSizeSet the initial heap size for the JVM in MB.
Type: null or signed integer
Default: null
Example: 2048
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nifi.nix>
|
services.nifi.proxyHostAllow requests from a specific host.
Type: null or string
Default:
if config.services.nifi.enableHTTPS then "0.0.0.0" else null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nifi.nix>
|
services.nifi.proxyPortAllow requests from a specific port.
Type: null or signed integer
Default:
if config.services.nifi.enableHTTPS then "8443" else null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nifi.nix>
|
services.nifi.userUser account where Apache NiFi runs.
Type: string
Default: "nifi"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/nifi.nix>
|
services.nitter.enableWhether to enable If enabled, start Nitter..
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/nitter.nix>
|
services.nitter.packageThe nitter derivation to use.
Type: package
Default: pkgs.nitter
Declared by:
<nixpkgs/nixos/modules/services/misc/nitter.nix>
|
services.nitter.cache.listMinutesHow long to cache list info (not the tweets, so keep it high).
Type: signed integer
Default: 240
Declared by:
<nixpkgs/nixos/modules/services/misc/nitter.nix>
|
services.nitter.cache.redisConnectionsRedis connection pool size.
Type: signed integer
Default: 20
Declared by:
<nixpkgs/nixos/modules/services/misc/nitter.nix>
|
services.nitter.cache.redisHostRedis host.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/misc/nitter.nix>
|
services.nitter.cache.redisMaxConnectionsMaximum number of connections to Redis.
New connections are opened when none are available, but if the pool size goes above this, they are closed when released, do not worry about this unless you receive tons of requests per second.
Type: signed integer
Default: 30
Declared by:
<nixpkgs/nixos/modules/services/misc/nitter.nix>
|
services.nitter.cache.redisPortRedis port.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 6379
Declared by:
<nixpkgs/nixos/modules/services/misc/nitter.nix>
|
services.nitter.cache.rssMinutesHow long to cache RSS queries.
Type: signed integer
Default: 10
Declared by:
<nixpkgs/nixos/modules/services/misc/nitter.nix>
|
services.nitter.config.base64MediaUse base64 encoding for proxied media URLs.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/nitter.nix>
|
services.nitter.config.tokenCountMinimum amount of usable tokens.
Tokens are used to authorize API requests, but they expire after ~1 hour, and have a limit of 187 requests. The limit gets reset every 15 minutes, and the pool is filled up so there is always at least tokenCount usable tokens. Only increase this if you receive major bursts all the time.
Type: signed integer
Default: 10
Declared by:
<nixpkgs/nixos/modules/services/misc/nitter.nix>
|
services.nitter.openFirewallOpen ports in the firewall for Nitter web interface.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/nitter.nix>
|
services.nitter.preferences.autoplayGifsAutoplay GIFs.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/misc/nitter.nix>
|
services.nitter.preferences.bidiSupportSupport bidirectional text (makes clicking on tweets harder).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/nitter.nix>
|
services.nitter.preferences.hideBannerHide profile banner.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/nitter.nix>
|
services.nitter.preferences.hidePinsHide pinned tweets.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/nitter.nix>
|
services.nitter.preferences.hideRepliesHide tweet replies.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/nitter.nix>
|
services.nitter.preferences.hideTweetStatsHide tweet stats (replies, retweets, likes).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/nitter.nix>
|
services.nitter.preferences.hlsPlaybackEnable HLS video streaming (requires JavaScript).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/nitter.nix>
|
services.nitter.preferences.infiniteScrollInfinite scrolling (requires JavaScript, experimental!).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/nitter.nix>
|
services.nitter.preferences.mp4PlaybackEnable MP4 video playback.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/misc/nitter.nix>
|
services.nitter.preferences.muteVideosMute videos by default.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/nitter.nix>
|
services.nitter.preferences.proxyVideosProxy video streaming through the server (might be slow).
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/misc/nitter.nix>
|
services.nitter.preferences.replaceInstagramReplace Instagram links with links to this instance (blank to disable).
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/misc/nitter.nix>
|
services.nitter.preferences.replaceTwitterReplace Twitter links with links to this instance (blank to disable).
Type: string
Default: ""
Example: "nitter.net"
Declared by:
<nixpkgs/nixos/modules/services/misc/nitter.nix>
|
services.nitter.preferences.replaceYouTubeReplace YouTube links with links to this instance (blank to disable).
Type: string
Default: ""
Example: "piped.kavin.rocks"
Declared by:
<nixpkgs/nixos/modules/services/misc/nitter.nix>
|
services.nitter.preferences.stickyProfileMake profile sidebar stick to top.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/misc/nitter.nix>
|
services.nitter.preferences.themeInstance theme.
Type: string
Default: "Nitter"
Declared by:
<nixpkgs/nixos/modules/services/misc/nitter.nix>
|
services.nitter.redisCreateLocallyConfigure local Redis server for Nitter.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/misc/nitter.nix>
|
services.nitter.server.addressThe address to listen on.
Type: string
Default: "0.0.0.0"
Example: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/misc/nitter.nix>
|
services.nitter.server.hostnameHostname of the instance.
Type: string
Default: "localhost"
Example: "nitter.net"
Declared by:
<nixpkgs/nixos/modules/services/misc/nitter.nix>
|
services.nitter.server.httpMaxConnectionsMaximum number of HTTP connections.
Type: signed integer
Default: 100
Declared by:
<nixpkgs/nixos/modules/services/misc/nitter.nix>
|
services.nitter.server.httpsSet secure attribute on cookies. Keep it disabled to enable cookies when not using HTTPS.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/nitter.nix>
|
services.nitter.server.portThe port to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8080
Example: 8000
Declared by:
<nixpkgs/nixos/modules/services/misc/nitter.nix>
|
services.nitter.server.staticDirPath to the static files directory.
Type: path
Default: "${config.services.nitter.package}/share/nitter/public"
Declared by:
<nixpkgs/nixos/modules/services/misc/nitter.nix>
|
services.nitter.server.titleTitle of the instance.
Type: string
Default: "nitter"
Declared by:
<nixpkgs/nixos/modules/services/misc/nitter.nix>
|
services.nitter.settingsAdd settings here to override NixOS module generated settings.
Check the official repository for the available settings: https://github.com/zedeus/nitter/blob/master/nitter.example.conf
Type: attribute set
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/misc/nitter.nix>
|
services.nix-serve.enableWhether to enable nix-serve, the standalone Nix binary cache server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/nix-serve.nix>
|
services.nix-serve.packagenix-serve package to use.
Type: package
Default: pkgs.nix-serve
Declared by:
<nixpkgs/nixos/modules/services/networking/nix-serve.nix>
|
services.nix-serve.bindAddressIP address where nix-serve will bind its listening socket.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/networking/nix-serve.nix>
|
services.nix-serve.extraParamsExtra command line parameters for nix-serve.
Type: strings concatenated with " "
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/nix-serve.nix>
|
services.nix-serve.openFirewallOpen ports in the firewall for nix-serve.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/nix-serve.nix>
|
services.nix-serve.portPort number where nix-serve will listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 5000
Declared by:
<nixpkgs/nixos/modules/services/networking/nix-serve.nix>
|
services.nix-serve.secretKeyFileThe path to the file used for signing derivation data. Generate with:
nix-store --generate-binary-cache-key key-name secret-key-file public-key-file
For more details see nix-store(1).
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/nix-serve.nix>
|
services.nix-store-gcs-proxyAn attribute set describing an HTTP to GCS proxy that allows us to use GCS bucket via HTTP protocol.
Type: attribute set of (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/nix-store-gcs-proxy.nix>
|
services.nix-store-gcs-proxy.<name>.enableWhether to enable proxy for this bucket
Type: boolean
Default: true
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/nix-store-gcs-proxy.nix>
|
services.nix-store-gcs-proxy.<name>.addressThe address of the proxy.
Type: string
Example: "localhost:3000"
Declared by:
<nixpkgs/nixos/modules/services/networking/nix-store-gcs-proxy.nix>
|
services.nix-store-gcs-proxy.<name>.bucketNameName of Google storage bucket
Type: string
Default: "‹name›"
Example: "my-bucket-name"
Declared by:
<nixpkgs/nixos/modules/services/networking/nix-store-gcs-proxy.nix>
|
services.nixops-dns.enableWhether to enable the nixops-dns resolution of NixOps virtual machines via dnsmasq and fake domain name.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/nixops-dns.nix>
|
services.nixops-dns.dnsmasqEnable dnsmasq forwarding to nixops-dns. This allows to use
nixops-dns for services.nixops-dns.domain resolution
while forwarding the rest of the queries to original resolvers.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/nixops-dns.nix>
|
services.nixops-dns.domainFake domain name to resolve to NixOps virtual machines.
For example "ops" will resolve "vm.ops".
Type: string
Default: "ops"
Declared by:
<nixpkgs/nixos/modules/services/networking/nixops-dns.nix>
|
services.nixops-dns.userThe user the nixops-dns daemon should run as. This should be the user, which is also used for nixops and have the .nixops directory in its home.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/nixops-dns.nix>
|
services.nntp-proxy.enableWhether to enable NNTP-Proxy.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/nntp-proxy.nix>
|
services.nntp-proxy.listenAddressProxy listen address (IPv6 literal addresses need to be enclosed in "[" and "]" characters)
Type: string
Default: "127.0.0.1"
Example: "[::]"
Declared by:
<nixpkgs/nixos/modules/services/networking/nntp-proxy.nix>
|
services.nntp-proxy.portProxy listen port
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 5555
Declared by:
<nixpkgs/nixos/modules/services/networking/nntp-proxy.nix>
|
services.nntp-proxy.prohibitPostingWhether to prohibit posting to the upstream server
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/nntp-proxy.nix>
|
services.nntp-proxy.sslCertProxy ssl certificate path
Type: string
Default: "cert.pem"
Example: "/path/to/your/cert.file"
Declared by:
<nixpkgs/nixos/modules/services/networking/nntp-proxy.nix>
|
services.nntp-proxy.sslKeyProxy ssl key path
Type: string
Default: "key.pem"
Example: "/path/to/your/key.file"
Declared by:
<nixpkgs/nixos/modules/services/networking/nntp-proxy.nix>
|
services.nntp-proxy.upstreamMaxConnectionsUpstream server maximum allowed concurrent connections
Type: signed integer
Default: 20
Declared by:
<nixpkgs/nixos/modules/services/networking/nntp-proxy.nix>
|
services.nntp-proxy.upstreamPasswordUpstream server password
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/nntp-proxy.nix>
|
services.nntp-proxy.upstreamPortUpstream server port
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 563
Declared by:
<nixpkgs/nixos/modules/services/networking/nntp-proxy.nix>
|
services.nntp-proxy.upstreamServerUpstream server address
Type: string
Default: ""
Example: "ssl-eu.astraweb.com"
Declared by:
<nixpkgs/nixos/modules/services/networking/nntp-proxy.nix>
|
services.nntp-proxy.upstreamUserUpstream server username
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/nntp-proxy.nix>
|
services.nntp-proxy.usersNNTP-Proxy user configuration
Type: attribute set of (submodule)
Default: { }
Example:
{
"user1" = {
passwordHash = "$6$1l0t5Kn2Dk$appzivc./9l/kjq57eg5UCsBKlcfyCr0zNWYNerKoPsI1d7eAwiT0SVsOVx/CTgaBNT/u4fi2vN.iGlPfv1ek0";
maxConnections = 5;
};
"anotheruser" = {
passwordHash = "$6$6lwEsWB.TmsS$W7m1riUx4QrA8pKJz8hvff0dnF1NwtZXgdjmGqA1Dx2MDPj07tI9GNcb0SWlMglE.2/hBgynDdAd/XqqtRqVQ0";
maxConnections = 7;
};
}
Declared by:
<nixpkgs/nixos/modules/services/networking/nntp-proxy.nix>
|
services.nntp-proxy.users.<name>.maxConnectionsMaximum number of concurrent connections to the proxy for this user
Type: signed integer
Default: 1
Declared by:
<nixpkgs/nixos/modules/services/networking/nntp-proxy.nix>
|
services.nntp-proxy.users.<name>.passwordHashSHA-512 password hash (can be generated by
mkpasswd -m sha-512 <password>)
Type: string
Example: "$6$GtzE7FrpE$wwuVgFYU.TZH4Rz.Snjxk9XGua89IeVwPQ/fEUD8eujr40q5Y021yhn0aNcsQ2Ifw.BLclyzvzgegopgKcneL0"
Declared by:
<nixpkgs/nixos/modules/services/networking/nntp-proxy.nix>
|
services.nntp-proxy.users.<name>.usernameUsername
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/nntp-proxy.nix>
|
services.nntp-proxy.verbosityVerbosity level
Type: one of "error", "warning", "notice", "info", "debug"
Default: "info"
Example: "error"
Declared by:
<nixpkgs/nixos/modules/services/networking/nntp-proxy.nix>
|
services.node-red.enableWhether to enable the Node-RED service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/node-red.nix>
|
services.node-red.packageNode-RED package to use.
Type: package
Default: pkgs.nodePackages.node-red
Declared by:
<nixpkgs/nixos/modules/services/web-apps/node-red.nix>
|
services.node-red.configFilePath to the JavaScript configuration file. See https://github.com/node-red/node-red/blob/master/packages/node_modules/node-red/settings.js for a configuration example.
Type: path
Default: "${package}/lib/node_modules/node-red/settings.js"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/node-red.nix>
|
services.node-red.defineList of settings.js overrides to pass via -D to Node-RED.
Type: attribute set
Default: { }
Example:
{
"logging.console.level" = "trace";
}
Declared by:
<nixpkgs/nixos/modules/services/web-apps/node-red.nix>
|
services.node-red.groupGroup under which Node-RED runs.If left as the default value this group will automatically be created on system activation, otherwise the sysadmin is responsible for ensuring the group exists.
Type: string
Default: "node-red"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/node-red.nix>
|
services.node-red.openFirewallOpen ports in the firewall for the server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/node-red.nix>
|
services.node-red.portListening port.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 1880
Declared by:
<nixpkgs/nixos/modules/services/web-apps/node-red.nix>
|
services.node-red.safeWhether to launch Node-RED in --safe mode.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/node-red.nix>
|
services.node-red.userUser under which Node-RED runs.If left as the default value this user will automatically be created on system activation, otherwise the sysadmin is responsible for ensuring the user exists.
Type: string
Default: "node-red"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/node-red.nix>
|
services.node-red.userDirThe directory to store all user data, such as flow and credential files and all library data. If left as the default value this directory will automatically be created before the node-red service starts, otherwise the sysadmin is responsible for ensuring the directory exists with appropriate ownership and permissions.
Type: path
Default: "/var/lib/node-red"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/node-red.nix>
|
services.node-red.withNpmAndGccGive Node-RED access to NPM and GCC at runtime, so 'Nodes' can be downloaded and managed imperatively via the 'Palette Manager'.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/node-red.nix>
|
services.nomad.enableWhether to enable Nomad, a distributed, highly available, datacenter-aware scheduler.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/nomad.nix>
|
services.nomad.enableDockerEnable Docker support. Needed for Nomad's docker driver.
Note that the docker group membership is effectively equivalent to being root, see https://github.com/moby/moby/issues/9976.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/nomad.nix>
|
services.nomad.packageThe package used for the Nomad agent and CLI.
Type: package
Default: pkgs.nomad
Declared by:
<nixpkgs/nixos/modules/services/networking/nomad.nix>
|
services.nomad.dropPrivilegesWhether the nomad agent should be run as a non-root nomad user.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/nomad.nix>
|
services.nomad.extraPackagesExtra packages to add to PATH for the Nomad agent process.
Type: list of package
Default: [ ]
Example:
with pkgs; [ cni-plugins ]
Declared by:
<nixpkgs/nixos/modules/services/networking/nomad.nix>
|
services.nomad.extraSettingsPathsAdditional settings paths used to configure nomad. These can be files or directories.
Type: list of path
Default: [ ]
Example:
[ "/etc/nomad-mutable.json" "/run/keys/nomad-with-secrets.json" "/etc/nomad/config.d" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/nomad.nix>
|
services.nomad.extraSettingsPluginsAdditional plugins dir used to configure nomad.
Type: list of (package or path)
Default: [ ]
Example:
[ "<pluginDir>" pkgs.<plugins-name> ]
Declared by:
<nixpkgs/nixos/modules/services/networking/nomad.nix>
|
services.nomad.settingsConfiguration for Nomad. See the documentation for supported values.
Notes about data_dir:
If data_dir is set to a value other than the
default value of "/var/lib/nomad" it is the Nomad
cluster manager's responsibility to make sure that this directory
exists and has the appropriate permissions.
Additionally, if dropPrivileges is
true then data_dir
cannot be customized. Setting
dropPrivileges to true enables
the DynamicUser feature of systemd which directly
manages and operates on StateDirectory.
Type: JSON value
Default: { }
Example:
{
# A minimal config example:
server = {
enabled = true;
bootstrap_expect = 1; # for demo; no fault tolerance
};
client = {
enabled = true;
};
}
Declared by:
<nixpkgs/nixos/modules/services/networking/nomad.nix>
|
services.novacomd.enableWhether to enable Novacom service for connecting to WebOS devices.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/novacomd.nix>
|
services.nscd.enableWhether to enable the Name Service Cache Daemon. Disabling this is strongly discouraged, as this effectively disables NSS Lookups from all non-glibc NSS modules, including the ones provided by systemd.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/system/nscd.nix>
|
services.nscd.enableNsncdWhether to use nsncd instead of nscd. This is a nscd-compatible daemon, that proxies lookups, without any caching.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/system/nscd.nix>
|
services.nscd.packagepackage containing the nscd binary to be used by the service. Ignored when enableNsncd is set to true.
Type: package
Default:
if pkgs.stdenv.hostPlatform.libc == "glibc" then pkgs.stdenv.cc.libc.bin else pkgs.glibc.bin;
Declared by:
<nixpkgs/nixos/modules/services/system/nscd.nix>
|
services.nscd.configConfiguration to use for Name Service Cache Daemon.
Type: strings concatenated with "\n"
Default:
'' # We basically use nscd as a proxy for forwarding nss requests to appropriate # nss modules, as we run nscd with LD_LIBRARY_PATH set to the directory # containing all such modules # Note that we can not use `enable-cache no` As this will actually cause nscd # to just reject the nss requests it receives, which then causes glibc to # fallback to trying to handle the request by itself. Which won't work as glibc # is not aware of the path in which the nss modules live. As a workaround, we # have `enable-cache yes` with an explicit ttl of 0 server-user nscd enable-cache passwd yes positive-time-to-live passwd 0 negative-time-to-live passwd 0 shared passwd yes enable-cache group yes positive-time-to-live group 0 negative-time-to-live group 0 shared group yes enable-cache netgroup yes positive-time-to-live netgroup 0 negative-time-to-live netgroup 0 shared netgroup yes enable-cache hosts yes positive-time-to-live hosts 0 negative-time-to-live hosts 0 shared hosts yes enable-cache services yes positive-time-to-live services 0 negative-time-to-live services 0 shared services yes ''
Declared by:
<nixpkgs/nixos/modules/services/system/nscd.nix>
|
services.nscd.groupUser group under which nscd runs.
Type: string
Default: "nscd"
Declared by:
<nixpkgs/nixos/modules/services/system/nscd.nix>
|
services.nscd.userUser account under which nscd runs.
Type: string
Default: "nscd"
Declared by:
<nixpkgs/nixos/modules/services/system/nscd.nix>
|
services.nsd.enableWhether to enable NSD authoritative DNS server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.bind8StatsWhether to enable BIND8 like statistics.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.dnssecIntervalHow often to check whether dnssec key rollover is required
Type: string
Default: "1h"
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.extraConfigExtra nsd config.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.hideVersionWhether NSD should answer VERSION.BIND and VERSION.SERVER CHAOS class queries.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.identityIdentify the server (CH TXT ID.SERVER entry).
Type: string
Default: "unidentified server"
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.interfacesWhat addresses the server should listen to.
Type: list of string
Default:
[ "127.0.0.0" "::1" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.ipFreebindWhether to bind to nonlocal addresses and interfaces that are down. Similar to ip-transparent.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.ipTransparentAllow binding to non local addresses.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.ipv4Whether to listen on IPv4 connections.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.ipv4EDNSSizePreferred EDNS buffer size for IPv4.
Type: signed integer
Default: 4096
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.ipv6Whether to listen on IPv6 connections.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.ipv6EDNSSizePreferred EDNS buffer size for IPv6.
Type: signed integer
Default: 4096
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.keysDefine your TSIG keys here.
Type: attribute set of (submodule)
Default: { }
Example:
{ "tsig.example.org" = {
algorithm = "hmac-md5";
keyFile = "/path/to/my/key";
};
}
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.keys.<name>.algorithmAuthentication algorithm for this key.
Type: string
Default: "hmac-sha256"
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.keys.<name>.keyFilePath to the file which contains the actual base64 encoded key. The key will be copied into "/var/lib/nsd/private" before NSD starts. The copied file is only accessibly by the NSD user.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.logTimeAsciiLog time in ascii, if false then in unix epoch seconds.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.nsidNSID identity (hex string, or "ascii_somestring").
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.portPort the service should bind do.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 53
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.ratelimit.enableWhether to enable ratelimit capabilities.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.ratelimit.ipv4PrefixLengthIPv4 prefix length. Addresses are grouped by netblock.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.ratelimit.ipv6PrefixLengthIPv6 prefix length. Addresses are grouped by netblock.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.ratelimit.ratelimitMax qps allowed from any query source. 0 means unlimited. With an verbosity of 2 blocked and unblocked subnets will be logged.
Type: signed integer
Default: 200
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.ratelimit.sizeSize of the hashtable. More buckets use more memory but lower the chance of hash hash collisions.
Type: signed integer
Default: 1000000
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.ratelimit.slipNumber of packets that get discarded before replying a SLIP response. 0 disables SLIP responses. 1 will make every response a SLIP response.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.ratelimit.whitelistRatelimitMax qps allowed from whitelisted sources. 0 means unlimited. Set the rrl-whitelist option for specific queries to apply this limit instead of the default to them.
Type: signed integer
Default: 2000
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.remoteControl.enableWhether to enable remote control via nsd-control.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.remoteControl.controlCertFilePath to the client certificate signed with the server certificate. This file is used by nsd-control and generated by nsd-control-setup.
Type: path
Default: "/etc/nsd/nsd_control.pem"
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.remoteControl.controlKeyFilePath to the client private key, which is used by nsd-control but not by the server. This file is generated by nsd-control-setup.
Type: path
Default: "/etc/nsd/nsd_control.key"
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.remoteControl.interfacesWhich interfaces NSD should bind to for remote control.
Type: list of string
Default:
[ "127.0.0.1" "::1" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.remoteControl.portPort number for remote control operations (uses TLS over TCP).
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8952
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.remoteControl.serverCertFilePath to the server self signed certificate, which is used by the server but and by nsd-control. This file is generated by nsd-control-setup.
Type: path
Default: "/etc/nsd/nsd_server.pem"
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.remoteControl.serverKeyFilePath to the server private key, which is used by the server but not by nsd-control. This file is generated by nsd-control-setup.
Type: path
Default: "/etc/nsd/nsd_server.key"
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.reuseportWhether to enable SO_REUSEPORT on all used sockets. This lets multiple processes bind to the same port. This speeds up operation especially if the server count is greater than one and makes fast restarts less prone to fail
Type: boolean
Default: pkgs.stdenv.isLinux
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.rootServerWhether this server will be a root server (a DNS root server, you usually don't want that).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.roundRobinWhether to enable round robin rotation of records.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.serverCountNumber of NSD servers to fork. Put the number of CPUs to use here.
Type: signed integer
Default: 1
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.statisticsStatistics are produced every number of seconds. Prints to log. If null no statistics are logged.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.tcpCountMaximum number of concurrent TCP connections per server.
Type: signed integer
Default: 100
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.tcpQueryCountMaximum number of queries served on a single TCP connection. 0 means no maximum.
Type: signed integer
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.tcpTimeoutTCP timeout in seconds.
Type: signed integer
Default: 120
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.verbosityVerbosity level.
Type: signed integer
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.versionThe version string replied for CH TXT version.server and version.bind queries. Will use the compiled package version on null. See hideVersion for enabling/disabling this responses.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.xfrdReloadTimeoutNumber of seconds between reloads triggered by xfrd.
Type: signed integer
Default: 1
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.zonefilesCheckWhether to check mtime of all zone files on start and sighup.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.zonesDefine your zones here. Zones can cascade other zones and therefore inherit settings from parent zones. Look at the definition of children to learn about inheritance and child zones. The given example will define 3 zones (example.(com|org|net).). Both example.com. and example.org. inherit their configuration from serverGroup1.
Type: attribute set of (submodule)
Default: { }
Example:
{ "serverGroup1" = {
provideXFR = [ "10.1.2.3 NOKEY" ];
children = {
"example.com." = {
data = ''
$ORIGIN example.com.
$TTL 86400
@ IN SOA a.ns.example.com. admin.example.com. (
...
'';
};
"example.org." = {
data = ''
$ORIGIN example.org.
$TTL 86400
@ IN SOA a.ns.example.com. admin.example.com. (
...
'';
};
};
};
"example.net." = {
provideXFR = [ "10.3.2.1 NOKEY" ];
data = ''
...
'';
};
}
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.zones.<name>.allowAXFRFallbackIf NSD as secondary server should be allowed to AXFR if the primary server does not allow IXFR.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.zones.<name>.allowNotifyListed primary servers are allowed to notify this secondary server.
Format: <ip> <key-name | NOKEY | BLOCKED>
<ip> either a plain IPv4/IPv6 address or range.
Valid patters for ranges:
10.0.0.0/24: via subnet size
10.0.0.0&255.255.255.0: via subnet mask
10.0.0.1-10.0.0.254: via range
A optional port number could be added with a '@':
2001:1234::1@1234
<key-name | NOKEY | BLOCKED>
<key-name> will use the specified TSIG key
NOKEY no TSIG signature is required
BLOCKEDnotifies from non-listed or blocked IPs will be ignored
Type: list of string
Default: [ ]
Example:
[ "192.0.2.0/24 NOKEY" "10.0.0.1-10.0.0.5 my_tsig_key_name" "10.0.3.4&255.255.0.0 BLOCKED" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.zones.<name>.childrenChildren zones inherit all options of their parents. Attributes defined in a child will overwrite the ones of its parent. Only leaf zones will be actually served. This way it's possible to define maybe zones which share most attributes without duplicating everything. This mechanism replaces nsd's patterns in a save and functional way.
Type: attribute set of anything
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.zones.<name>.dataThe actual zone data. This is the content of your zone file. Use imports or pkgs.lib.readFile if you don't want this data in your config file.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.zones.<name>.dnssecWhether to enable DNSSEC.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.zones.<name>.dnssecPolicy.algorithmWhich algorithm to use for DNSSEC
Type: string
Default: "RSASHA256"
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.zones.<name>.dnssecPolicy.coverageThe length of time to ensure that keys will be correct; no action will be taken to create new keys to be activated after this time.
Type: string
Default: "1y"
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.zones.<name>.dnssecPolicy.keyttlTTL for dnssec records
Type: string
Default: "1h"
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.zones.<name>.dnssecPolicy.kskKey policy for key signing keys
Type: submodule
Default:
{
keySize = 4096;
postPublish = "1mo";
prePublish = "1mo";
rollPeriod = "0";
}Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.zones.<name>.dnssecPolicy.ksk.keySizeKey size in bits
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.zones.<name>.dnssecPolicy.ksk.postPublishHow long after deactivation to keep a key in the zone
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.zones.<name>.dnssecPolicy.ksk.prePublishHow long in advance to publish new keys
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.zones.<name>.dnssecPolicy.ksk.rollPeriodHow frequently to change keys
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.zones.<name>.dnssecPolicy.zskKey policy for zone signing keys
Type: submodule
Default:
{
keySize = 2048;
postPublish = "1w";
prePublish = "1w";
rollPeriod = "1mo";
}Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.zones.<name>.dnssecPolicy.zsk.keySizeKey size in bits
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.zones.<name>.dnssecPolicy.zsk.postPublishHow long after deactivation to keep a key in the zone
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.zones.<name>.dnssecPolicy.zsk.prePublishHow long in advance to publish new keys
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.zones.<name>.dnssecPolicy.zsk.rollPeriodHow frequently to change keys
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.zones.<name>.maxRefreshSecsLimit refresh time for secondary zones. This is the timer which checks to see if the zone has to be refetched when it expires. Normally the value from the SOA record is used, but this option restricts that value.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.zones.<name>.maxRetrySecsLimit retry time for secondary zones. This is the timeout after a failed fetch attempt for the zone. Normally the value from the SOA record is used, but this option restricts that value.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.zones.<name>.minRefreshSecsLimit refresh time for secondary zones.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.zones.<name>.minRetrySecsLimit retry time for secondary zones.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.zones.<name>.notifyThis primary server will notify all given secondary servers about zone changes.
Format: <ip> <key-name | NOKEY>
<ip> a plain IPv4/IPv6 address with on optional port number (ip@port)
<key-name | NOKEY>
<key-name> sign notifies with the specified key
NOKEY don't sign notifies
Type: list of string
Default: [ ]
Example:
[ "10.0.0.1@3721 my_key" "::5 NOKEY" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.zones.<name>.notifyRetrySpecifies the number of retries for failed notifies. Set this along with notify.
Type: signed integer
Default: 5
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.zones.<name>.outgoingInterfaceThis address will be used for zone-transfer requests if configured as a secondary server or notifications in case of a primary server. Supply either a plain IPv4 or IPv6 address with an optional port number (ip@port).
Type: null or string
Default: null
Example: "2000::1@1234"
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.zones.<name>.provideXFRAllow these IPs and TSIG to transfer zones, addr TSIG|NOKEY|BLOCKED address range 192.0.2.0/24, 1.2.3.4&255.255.0.0, 3.0.2.20-3.0.2.40
Type: list of string
Default: [ ]
Example:
[ "192.0.2.0/24 NOKEY" "192.0.2.0/24 my_tsig_key_name" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.zones.<name>.requestXFRFormat: [AXFR|UDP] <ip-address> <key-name | NOKEY>
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.zones.<name>.rrlWhitelistWhitelists the given rrl-types.
Type: list of (one of "nxdomain", "error", "referral", "any", "rrsig", "wildcard", "nodata", "dnskey", "positive", "all")
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.nsd.zones.<name>.zoneStatsWhen set to something distinct to null NSD is able to collect statistics per zone. All statistics of this zone(s) will be added to the group specified by this given name. Use "%s" to use the zones name as the group. The groups are output from nsd-control stats and stats_noreset.
Type: null or string
Default: null
Example: "%s"
Declared by:
<nixpkgs/nixos/modules/services/networking/nsd.nix>
|
services.ntfy-sh.enableWhether to enable ntfy-sh, a push notification service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/ntfy-sh.nix>
|
services.ntfy-sh.packageThe ntfy.sh package to use.
Type: package
Default: pkgs.ntfy-sh
Declared by:
<nixpkgs/nixos/modules/services/misc/ntfy-sh.nix>
|
services.ntfy-sh.groupPrimary group of ntfy-sh user.
Type: string
Default: "ntfy-sh"
Declared by:
<nixpkgs/nixos/modules/services/misc/ntfy-sh.nix>
|
services.ntfy-sh.settingsConfiguration for ntfy.sh, supported values are here.
Type: YAML value
Default: { }
Example:
{
listen-http = ":8080";
}
Declared by:
<nixpkgs/nixos/modules/services/misc/ntfy-sh.nix>
|
services.ntfy-sh.userUser the ntfy-sh server runs under.
Type: string
Default: "ntfy-sh"
Declared by:
<nixpkgs/nixos/modules/services/misc/ntfy-sh.nix>
|
services.ntopng.enableEnable ntopng, a high-speed web-based traffic analysis and flow collection tool.
With the default configuration, ntopng monitors all network interfaces and displays its findings at http://localhost:${toString config.services.ntopng.http-port}. Default username and password is admin/admin.
See the ntopng(8) manual page and http://www.ntop.org/products/ntop/ for more info.
Note that enabling ntopng will also enable redis (key-value database server) for persistent data storage.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/ntopng.nix>
|
services.ntopng.configTextOverridable configuration file contents to use for ntopng. By default, use the contents automatically generated by NixOS.
Type: strings concatenated with "\n"
Default: ""
Example:
'' --interface=any --http-port=3000 --disable-login ''
Declared by:
<nixpkgs/nixos/modules/services/networking/ntopng.nix>
|
services.ntopng.extraConfigConfiguration lines that will be appended to the generated ntopng
configuration file. Note that this mechanism does not work when the
manual configText option is used.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/ntopng.nix>
|
services.ntopng.httpPortSets the HTTP port of the embedded web server.
Type: signed integer
Default: 3000
Declared by:
<nixpkgs/nixos/modules/services/networking/ntopng.nix>
|
services.ntopng.interfacesList of interfaces to monitor. Use "any" to monitor all interfaces.
Type: list of string
Default:
[ "any" ]
Example:
[ "eth0" "wlan0" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/ntopng.nix>
|
services.ntopng.redis.addressRedis address - may be a Unix socket or a network host and port.
Type: string
Example: config.services.redis.ntopng.unixSocket
Declared by:
<nixpkgs/nixos/modules/services/networking/ntopng.nix>
|
services.ntopng.redis.createInstanceLocal Redis instance name. Set to null to disable
local Redis instance. Defaults to "" for
system.stateVersion older than 22.05.
Type: null or string
Default: "ntopng"
Declared by:
<nixpkgs/nixos/modules/services/networking/ntopng.nix>
|
services.ntp.enableWhether to synchronise your machine's time using ntpd, as a peer in the NTP network.
Disables systemd.timesyncd if enabled.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/ntp/ntpd.nix>
|
services.ntp.extraConfigAdditional text appended to ntp.conf.
Type: strings concatenated with "\n"
Default: ""
Example:
'' fudge 127.127.1.0 stratum 10 ''
Declared by:
<nixpkgs/nixos/modules/services/networking/ntp/ntpd.nix>
|
services.ntp.extraFlagsExtra flags passed to the ntpd command.
Type: list of string
Default: [ ]
Example: [ "--interface=eth0" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/ntp/ntpd.nix>
|
services.ntp.restrictDefaultThe restriction flags to be set by default.
The default flags prevent external hosts from using ntpd as a DDoS reflector, setting system time, and querying OS/ntpd version. As recommended in section 6.5.1.1.3, answer "No" of http://support.ntp.org/bin/view/Support/AccessRestrictions
Type: list of string
Default:
[ "limited" "kod" "nomodify" "notrap" "noquery" "nopeer" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/ntp/ntpd.nix>
|
services.ntp.restrictSourceThe restriction flags to be set on source.
The default flags allow peers to be added by ntpd from configured pool(s), but not by other means.
Type: list of string
Default:
[ "limited" "kod" "nomodify" "notrap" "noquery" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/ntp/ntpd.nix>
|
services.ntp.serversThe set of NTP servers from which to synchronise.
Type: list of string
Default: config.networking.timeServers
Declared by:
<nixpkgs/nixos/modules/services/networking/ntp/ntpd.nix>
|
services.nullidentdmod.enableWhether to enable the nullidentdmod identd daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/nullidentdmod.nix>
|
services.nullidentdmod.useridUser ID to return. Set to null to return a random string each time.
Type: null or string
Default: null
Example: "alice"
Declared by:
<nixpkgs/nixos/modules/services/networking/nullidentdmod.nix>
|
services.nullmailer.enableWhether to enable nullmailer daemon.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/mail/nullmailer.nix>
|
services.nullmailer.config.adminaddrIf set, all recipients to users at either "localhost" (the literal string) or the canonical host name (from the me control attribute) are remapped to this address. This is provided to allow local daemons to be able to send email to "somebody@localhost" and have it go somewhere sensible instead of being bounced by your relay host. To send to multiple addresses, put them all on one line separated by a comma.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/mail/nullmailer.nix>
|
services.nullmailer.config.allmailfromIf set, content will override the envelope sender on all messages.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/mail/nullmailer.nix>
|
services.nullmailer.config.defaultdomainThe content of this attribute is appended to any host name that does not contain a period (except localhost), including defaulthost and idhost. Defaults to the value of the me attribute, if it exists, otherwise the literal name defauldomain.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/mail/nullmailer.nix>
|
services.nullmailer.config.defaulthostThe content of this attribute is appended to any address that is missing a host name. Defaults to the value of the me control attribute, if it exists, otherwise the literal name defaulthost.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/mail/nullmailer.nix>
|
services.nullmailer.config.doublebouncetoIf the original sender was empty (the original message was a delivery status or disposition notification), the double bounce is sent to the address in this attribute.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/mail/nullmailer.nix>
|
services.nullmailer.config.helohostSets the environment variable $HELOHOST which is used by the SMTP protocol module to set the parameter given to the HELO command. Defaults to the value of the me configuration attribute.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/mail/nullmailer.nix>
|
services.nullmailer.config.idhostThe content of this attribute is used when building the message-id string for the message. Defaults to the canonicalized value of defaulthost.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/mail/nullmailer.nix>
|
services.nullmailer.config.maxpauseThe maximum time to pause between successive queue runs, in seconds. Defaults to 24 hours (86400).
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/mail/nullmailer.nix>
|
services.nullmailer.config.meThe fully-qualifiled host name of the computer running nullmailer. Defaults to the literal name me.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/mail/nullmailer.nix>
|
services.nullmailer.config.pausetimeThe minimum time to pause between successive queue runs when there are messages in the queue, in seconds. Defaults to 1 minute (60). Each time this timeout is reached, the timeout is doubled to a maximum of maxpause. After new messages are injected, the timeout is reset. If this is set to 0, nullmailer-send will exit immediately after going through the queue once (one-shot mode).
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/mail/nullmailer.nix>
|
services.nullmailer.config.remotesA list of remote servers to which to send each message. Each line contains a remote host name or address followed by an optional protocol string, separated by white space.
See man 8 nullmailer-send for syntax and available
options.
WARNING: This is stored world-readable in the nix store. If you need
to specify any secret credentials here, consider using the
remotesFile option instead.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/mail/nullmailer.nix>
|
services.nullmailer.config.sendtimeoutThe time to wait for a remote module listed above to complete sending a message before killing it and trying again, in seconds. Defaults to 1 hour (3600). If this is set to 0, nullmailer-send will wait forever for messages to complete sending.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/mail/nullmailer.nix>
|
services.nullmailer.groupGroup to use to run nullmailer-send.
Type: string
Default: "nullmailer"
Declared by:
<nixpkgs/nixos/modules/services/mail/nullmailer.nix>
|
services.nullmailer.remotesFilePath to the remotes control file. This file contains a
list of remote servers to which to send each message.
See man 8 nullmailer-send for syntax and available
options.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/mail/nullmailer.nix>
|
services.nullmailer.setSendmailWhether to set the system sendmail to nullmailer's.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/mail/nullmailer.nix>
|
services.nullmailer.userUser to use to run nullmailer-send.
Type: string
Default: "nullmailer"
Declared by:
<nixpkgs/nixos/modules/services/mail/nullmailer.nix>
|
services.nylon.<name>.enableEnables nylon as a running service upon activation.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/nylon.nix>
|
services.nylon.<name>.acceptInterfaceTell nylon which interface to listen for client requests on, default is "lo".
Type: string
Default: "lo"
Declared by:
<nixpkgs/nixos/modules/services/networking/nylon.nix>
|
services.nylon.<name>.allowedIPRangesAllowed client IP ranges are evaluated first, defaults to ARIN IPv4 private ranges: [ "192.168.0.0/16" "127.0.0.0/8" "172.16.0.0/12" "10.0.0.0/8" ]
Type: list of string
Default:
[ "192.168.0.0/16" "127.0.0.1/8" "172.16.0.1/12" "10.0.0.0/8" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/nylon.nix>
|
services.nylon.<name>.bindInterfaceTell nylon which interface to use as an uplink, default is "enp3s0f0".
Type: string
Default: "enp3s0f0"
Declared by:
<nixpkgs/nixos/modules/services/networking/nylon.nix>
|
services.nylon.<name>.deniedIPRangesDenied client IP ranges, these gets evaluated after the allowed IP ranges, defaults to all IPv4 addresses: [ "0.0.0.0/0" ] To block all other access than the allowed.
Type: list of string
Default:
[ "0.0.0.0/0" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/nylon.nix>
|
services.nylon.<name>.loggingEnable logging, default is no logging.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/nylon.nix>
|
services.nylon.<name>.nameThe name of this nylon instance.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/nylon.nix>
|
services.nylon.<name>.nrConnectionsThe number of allowed simultaneous connections to the daemon, default 10.
Type: signed integer
Default: 10
Declared by:
<nixpkgs/nixos/modules/services/networking/nylon.nix>
|
services.nylon.<name>.portWhat port to listen for client requests, default is 1080.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 1080
Declared by:
<nixpkgs/nixos/modules/services/networking/nylon.nix>
|
services.nylon.<name>.verbosityEnable verbose output, default is to not be verbose.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/nylon.nix>
|
services.nzbget.enableWhether to enable NZBGet.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/nzbget.nix>
|
services.nzbget.groupGroup under which NZBGet runs
Type: string
Default: "nzbget"
Declared by:
<nixpkgs/nixos/modules/services/misc/nzbget.nix>
|
services.nzbget.settingsNZBGet configuration, passed via command line using switch -o. Refer to https://github.com/nzbget/nzbget/blob/master/nzbget.conf for details on supported values.
Type: attribute set of (boolean or signed integer or string)
Default: { }
Example:
{
MainDir = "/data";
}Declared by:
<nixpkgs/nixos/modules/services/misc/nzbget.nix>
|
services.nzbget.userUser account under which NZBGet runs
Type: string
Default: "nzbget"
Declared by:
<nixpkgs/nixos/modules/services/misc/nzbget.nix>
|
services.nzbhydra2.enableWhether to enable NZBHydra2.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/nzbhydra2.nix>
|
services.nzbhydra2.packageNZBHydra2 package to use.
Type: package
Default: pkgs.nzbhydra2
Declared by:
<nixpkgs/nixos/modules/services/misc/nzbhydra2.nix>
|
services.nzbhydra2.dataDirThe directory where NZBHydra2 stores its data files.
Type: string
Default: "/var/lib/nzbhydra2"
Declared by:
<nixpkgs/nixos/modules/services/misc/nzbhydra2.nix>
|
services.nzbhydra2.openFirewallOpen ports in the firewall for the NZBHydra2 web interface.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/nzbhydra2.nix>
|
services.oauth2_proxy.enableWhether to enable oauth2_proxy.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.packageThe package that provides oauth2-proxy.
Type: package
Default: pkgs.oauth2-proxy
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.approvalPromptOAuth approval_prompt.
Type: one of "force", "auto"
Default: "force"
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.azure.resourceThe resource that is protected.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.azure.tenantGo to a tenant-specific or common (tenant-independent) endpoint.
Type: string
Default: "common"
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.basicAuthPasswordThe password to set when passing the HTTP Basic Auth header.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.clientIDThe OAuth Client ID.
Type: null or string
Example: "123456.apps.googleusercontent.com"
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.clientSecretThe OAuth Client Secret.
Type: null or string
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.cookie.domainOptional cookie domains to force cookies to (ie: .yourcompany.com).
The longest domain matching the request's host will be used (or the shortest
cookie domain if there is no match).
Type: null or string
Default: null
Example: ".yourcompany.com"
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.cookie.expireExpire timeframe for cookie.
Type: string
Default: "168h0m0s"
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.cookie.httpOnlySet HttpOnly cookie flag.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.cookie.nameThe name of the cookie that the oauth_proxy creates.
Type: string
Default: "_oauth2_proxy"
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.cookie.refreshRefresh the cookie after this duration; 0 to disable.
Type: null or string
Default: null
Example: "168h0m0s"
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.cookie.secretThe seed string for secure cookies.
Type: null or string
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.cookie.secureSet secure (HTTPS) cookie flag.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.customTemplatesDirPath to custom HTML templates.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.email.addressesLine-separated email addresses that are allowed to authenticate.
Type: null or strings concatenated with "\n"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.email.domainsAuthenticate emails with the specified domains. Use
* to authenticate any email.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.extraConfigExtra config to pass to oauth2-proxy.
Type: attribute set of anything
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.github.orgRestrict logins to members of this organisation.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.github.teamRestrict logins to members of this team.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.google.adminEmailThe Google Admin to impersonate for API calls.
Only users with access to the Admin APIs can access the Admin SDK Directory API, thus the service account needs to impersonate one of those users to access the Admin SDK Directory API.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.google.groupsRestrict logins to members of these Google groups.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.google.serviceAccountJSONThe path to the service account JSON credentials.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.htpasswd.displayFormDisplay username / password login form if an htpasswd file is provided.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.htpasswd.fileAdditionally authenticate against a htpasswd file. Entries must be
created with htpasswd -s for SHA encryption.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.httpAddressHTTPS listening address. This module does not expose the port by
default. If you want this URL to be accessible to other machines, please
add the port to networking.firewall.allowedTCPPorts.
Type: string
Default: "http://127.0.0.1:4180"
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.keyFileoauth2-proxy allows passing sensitive configuration via environment variables. Make a file that contains lines like OAUTH2_PROXY_CLIENT_SECRET=asdfasdfasdf.apps.googleuserscontent.com and specify the path here.
Type: null or path
Default: null
Example: "/run/keys/oauth2_proxy"
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.loginURLAuthentication endpoint.
You only need to set this if you are using a self-hosted provider (e.g. Github Enterprise). If you're using a publicly hosted provider (e.g github.com), then the default works.
Type: null or string
Default: null
Example: "https://provider.example.com/oauth/authorize"
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.nginx.proxyThe address of the reverse proxy endpoint for oauth2_proxy
Type: string
Default: config.services.oauth2_proxy.httpAddress
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy_nginx.nix>
|
services.oauth2_proxy.nginx.virtualHostsA list of nginx virtual hosts to put behind the oauth2 proxy
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy_nginx.nix>
|
services.oauth2_proxy.passAccessTokenPass OAuth access_token to upstream via X-Forwarded-Access-Token header.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.passBasicAuthPass HTTP Basic Auth, X-Forwarded-User and X-Forwarded-Email information to upstream.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.passHostHeaderPass the request Host Header to upstream.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.profileURLProfile access endpoint.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.providerOAuth provider.
Type: one of "adfs", "azure", "bitbucket", "digitalocean", "facebook", "github", "gitlab", "google", "keycloak", "keycloak-oidc", "linkedin", "login.gov", "nextcloud", "oidc"
Default: "google"
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.proxyPrefixThe url root path that this proxy should be nested under.
Type: string
Default: "/oauth2"
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.redeemURLToken redemption endpoint.
You only need to set this if you are using a self-hosted provider (e.g. Github Enterprise). If you're using a publicly hosted provider (e.g github.com), then the default works.
Type: null or string
Default: null
Example: "https://provider.example.com/oauth/token"
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.redirectURLThe OAuth2 redirect URL.
Type: null or string
Default: null
Example: "https://internalapp.yourcompany.com/oauth2/callback"
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.requestLoggingLog requests to stdout.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.reverseProxyIn case when running behind a reverse proxy, controls whether headers
like X-Real-Ip are accepted. Usage behind a reverse
proxy will require this flag to be set to avoid logging the reverse
proxy IP address.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.scopeOAuth scope specification.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.setXauthrequestSet X-Auth-Request-User and X-Auth-Request-Email response headers (useful in Nginx auth_request mode). Setting this to 'null' means using the upstream default (false).
Type: null or boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.signatureKeyGAP-Signature request signature key.
Type: null or string
Default: null
Example: "sha1:secret0"
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.skipAuthRegexesSkip authentication for requests matching any of these regular expressions.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.tls.enableWhether to serve over TLS.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.tls.certificatePath to certificate file.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.tls.httpsAddressaddr:port to listen on for HTTPS clients.
Remember to add port to
allowedTCPPorts if you want other machines to be
able to connect to it.
Type: string
Default: ":443"
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.tls.keyPath to private key file.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.upstreamThe http url(s) of the upstream endpoint or file://
paths for static files. Routing is based on the path.
Type: (list of string) or string convertible to it
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.oauth2_proxy.validateURLAccess token validation endpoint.
You only need to set this if you are using a self-hosted provider (e.g. Github Enterprise). If you're using a publicly hosted provider (e.g github.com), then the default works.
Type: null or string
Default: null
Example: "https://provider.example.com/user/emails"
Declared by:
<nixpkgs/nixos/modules/services/security/oauth2_proxy.nix>
|
services.ocserv.enableWhether to enable ocserv.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/ocserv.nix>
|
services.ocserv.configConfiguration content to start an OCServ server.
For a full configuration reference,please refer to the online documentation
(https://ocserv.gitlab.io/www/manual.html), the openconnect
recipes (https://github.com/openconnect/recipes) or man ocserv.
Type: strings concatenated with "\n"
Example:
'' # configuration examples from $out/doc without explanatory comments. # for a full reference please look at the installed man pages. auth = "plain[passwd=./sample.passwd]" tcp-port = 443 udp-port = 443 run-as-user = nobody run-as-group = nogroup socket-file = /run/ocserv-socket server-cert = certs/server-cert.pem server-key = certs/server-key.pem keepalive = 32400 dpd = 90 mobile-dpd = 1800 switch-to-tcp-timeout = 25 try-mtu-discovery = false cert-user-oid = 0.9.2342.19200300.100.1.1 tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT:-VERS-SSL3.0" auth-timeout = 240 min-reauth-time = 300 max-ban-score = 80 ban-reset-time = 1200 cookie-timeout = 300 deny-roaming = false rekey-time = 172800 rekey-method = ssl use-occtl = true pid-file = /run/ocserv.pid device = vpns predictable-ips = true default-domain = example.com ipv4-network = 192.168.1.0 ipv4-netmask = 255.255.255.0 dns = 192.168.1.2 ping-leases = false route = 10.10.10.0/255.255.255.0 route = 192.168.0.0/255.255.0.0 no-route = 192.168.5.0/255.255.255.0 cisco-client-compat = true dtls-legacy = true [vhost:www.example.com] auth = "certificate" ca-cert = certs/ca.pem server-cert = certs/server-cert-secp521r1.pem server-key = cersts/certs/server-key-secp521r1.pem ipv4-network = 192.168.2.0 ipv4-netmask = 255.255.255.0 cert-user-oid = 0.9.2342.19200300.100.1.1 ''
Declared by:
<nixpkgs/nixos/modules/services/networking/ocserv.nix>
|
services.octoprint.enableWhether to enable OctoPrint, web interface for 3D printers.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/octoprint.nix>
|
services.octoprint.extraConfigExtra options which are added to OctoPrint's YAML configuration file.
Type: attribute set
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/misc/octoprint.nix>
|
services.octoprint.groupGroup for the daemon.
Type: string
Default: "octoprint"
Declared by:
<nixpkgs/nixos/modules/services/misc/octoprint.nix>
|
services.octoprint.hostHost to bind OctoPrint to.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/misc/octoprint.nix>
|
services.octoprint.openFirewallOpen ports in the firewall for OctoPrint.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/octoprint.nix>
|
services.octoprint.pluginsAdditional plugins to be used. Available plugins are passed through the plugins input.
Type: function that evaluates to a(n) list of package
Default: plugins: []
Example: plugins: with plugins; [ themeify stlviewer ]
Declared by:
<nixpkgs/nixos/modules/services/misc/octoprint.nix>
|
services.octoprint.portPort to bind OctoPrint to.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 5000
Declared by:
<nixpkgs/nixos/modules/services/misc/octoprint.nix>
|
services.octoprint.stateDirState directory of the daemon.
Type: path
Default: "/var/lib/octoprint"
Declared by:
<nixpkgs/nixos/modules/services/misc/octoprint.nix>
|
services.octoprint.userUser for the daemon.
Type: string
Default: "octoprint"
Declared by:
<nixpkgs/nixos/modules/services/misc/octoprint.nix>
|
services.odoo.enableWhether to enable odoo.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/finance/odoo.nix>
|
services.odoo.packageOdoo package to use.
Type: package
Default: pkgs.odoo
Declared by:
<nixpkgs/nixos/modules/services/finance/odoo.nix>
|
services.odoo.addonsOdoo addons.
Type: list of package
Default: [ ]
Example: [ pkgs.odoo_enterprise ]
Declared by:
<nixpkgs/nixos/modules/services/finance/odoo.nix>
|
services.odoo.domainDomain to host Odoo with nginx
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/finance/odoo.nix>
|
services.odoo.settingsOdoo configuration settings. For more details see https://www.odoo.com/documentation/15.0/administration/install/deploy.html
Type: attribute set of attribute set of (INI atom (null, bool, int, float or string))
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/finance/odoo.nix>
|
services.offlineimap.enableWhether to enable OfflineIMAP, a software to dispose your mailbox(es) as a local Maildir(s).
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/mail/offlineimap.nix>
|
services.offlineimap.packageOfflineimap derivation to use.
Type: package
Default: pkgs.offlineimap
Declared by:
<nixpkgs/nixos/modules/services/mail/offlineimap.nix>
|
services.offlineimap.installWhether to install a user service for Offlineimap. Once the service is started, emails will be fetched automatically.
The service must be manually started for each user with
"systemctl --user start offlineimap" or globally through
services.offlineimap.enable.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/mail/offlineimap.nix>
|
services.offlineimap.onCalendarHow often is offlineimap started. Default is '*:0/3' meaning every 3 minutes. See systemd.time(7) for more information about the format.
Type: string
Default: "*:0/3"
Declared by:
<nixpkgs/nixos/modules/services/mail/offlineimap.nix>
|
services.offlineimap.pathList of derivations to put in Offlineimap's path.
Type: list of path
Default: [ ]
Example: [ pkgs.pass pkgs.bash pkgs.notmuch ]
Declared by:
<nixpkgs/nixos/modules/services/mail/offlineimap.nix>
|
services.offlineimap.timeoutStartSecHow long waiting for offlineimap before killing it. Default is '120sec' meaning every 2 minutes. See systemd.time(7) for more information about the format.
Type: string
Default: "120sec"
Declared by:
<nixpkgs/nixos/modules/services/mail/offlineimap.nix>
|
services.ofono.enableWhether to enable Ofono.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/ofono.nix>
|
services.ofono.pluginsThe list of plugins to install.
Type: list of package
Default: [ ]
Example: [ pkgs.modem-manager-gui ]
Declared by:
<nixpkgs/nixos/modules/services/networking/ofono.nix>
|
services.oidentd.enableWhether to enable ‘oidentd’, an implementation of the Ident protocol (RFC 1413). It allows remote systems to identify the name of the user associated with a TCP connection.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/oidentd.nix>
|
services.ombi.enableWhether to enable Ombi. Optionally see https://docs.ombi.app/info/reverse-proxy on how to set up a reverse proxy .
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/ombi.nix>
|
services.ombi.dataDirThe directory where Ombi stores its data files.
Type: string
Default: "/var/lib/ombi"
Declared by:
<nixpkgs/nixos/modules/services/misc/ombi.nix>
|
services.ombi.groupGroup under which Ombi runs.
Type: string
Default: "ombi"
Declared by:
<nixpkgs/nixos/modules/services/misc/ombi.nix>
|
services.ombi.openFirewallOpen ports in the firewall for the Ombi web interface.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/ombi.nix>
|
services.ombi.portThe port for the Ombi web interface.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 5000
Declared by:
<nixpkgs/nixos/modules/services/misc/ombi.nix>
|
services.ombi.userUser account under which Ombi runs.
Type: string
Default: "ombi"
Declared by:
<nixpkgs/nixos/modules/services/misc/ombi.nix>
|
services.onedrive.enableWhether to enable OneDrive service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/onedrive.nix>
|
services.onedrive.packageOneDrive package to use.
Type: package
Default: pkgs.onedrive
Declared by:
<nixpkgs/nixos/modules/services/networking/onedrive.nix>
|
services.onlyoffice.enableWhether to enable OnlyOffice DocumentServer.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/onlyoffice.nix>
|
services.onlyoffice.enableExampleServerWhether to enable OnlyOffice example server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/onlyoffice.nix>
|
services.onlyoffice.packageWhich package to use for the OnlyOffice instance.
Type: package
Default: pkgs.onlyoffice-documentserver
Declared by:
<nixpkgs/nixos/modules/services/web-apps/onlyoffice.nix>
|
services.onlyoffice.examplePortPort the OnlyOffice Example server should listens on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/onlyoffice.nix>
|
services.onlyoffice.hostnameFQDN for the onlyoffice instance.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/onlyoffice.nix>
|
services.onlyoffice.jwtSecretFilePath to a file that contains the secret to sign web requests using JSON Web Tokens. If left at the default value null signing is disabled.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/onlyoffice.nix>
|
services.onlyoffice.portPort the OnlyOffice DocumentServer should listens on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8000
Declared by:
<nixpkgs/nixos/modules/services/web-apps/onlyoffice.nix>
|
services.onlyoffice.postgresHostThe Postgresql hostname or socket path OnlyOffice should connect to.
Type: string
Default: "/run/postgresql"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/onlyoffice.nix>
|
services.onlyoffice.postgresNameThe name of database OnlyOffice should user.
Type: string
Default: "onlyoffice"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/onlyoffice.nix>
|
services.onlyoffice.postgresPasswordFilePath to a file that contains the password OnlyOffice should use to connect to Postgresql. Unused when using socket authentication.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/onlyoffice.nix>
|
services.onlyoffice.postgresUserThe username OnlyOffice should use to connect to Postgresql. Unused when using socket authentication.
Type: string
Default: "onlyoffice"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/onlyoffice.nix>
|
services.onlyoffice.rabbitmqUrlThe Rabbitmq in amqp URI style OnlyOffice should connect to.
Type: string
Default: "amqp://guest:guest@localhost:5672"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/onlyoffice.nix>
|
services.openafsClient.enableWhether to enable the OpenAFS client.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/client.nix>
|
services.openafsClient.packages.moduleOpenAFS kernel module package. MUST match the userland package!
Type: package
Default: config.boot.kernelPackages.openafs
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/client.nix>
|
services.openafsClient.packages.programsOpenAFS programs package. MUST match the kernel module package!
Type: package
Default: getBin pkgs.openafs
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/client.nix>
|
services.openafsClient.afsdbResolve cells via AFSDB DNS records.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/client.nix>
|
services.openafsClient.cache.blocksCache size in 1KB blocks.
Type: signed integer
Default: 100000
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/client.nix>
|
services.openafsClient.cache.chunksizeSize of each cache chunk given in powers of
2. 0 resets the chunk size to its default
values (13 (8 KB) for memcache, 18-20 (256 KB to 1 MB) for
diskcache). Maximum value is 30. Important performance
parameter. Set to higher values when dealing with large files.
Type: integer between 0 and 30 (both inclusive)
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/client.nix>
|
services.openafsClient.cache.directoryCache directory.
Type: string
Default: "/var/cache/openafs"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/client.nix>
|
services.openafsClient.cache.disklessUse in-memory cache for diskless machines. Has no real performance benefit anymore.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/client.nix>
|
services.openafsClient.cellNameCell name.
Type: string
Default: ""
Example: "grand.central.org"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/client.nix>
|
services.openafsClient.cellServDBThis cell's database server records, added to the global
CellServDB. See CellServDB(5) man page for syntax. Ignored when
afsdb is set to true.
Type: list of (submodule)
Default: [ ]
Example:
[
{
dnsname = "first.afsdb.server.dns.fqdn.org";
ip = "1.2.3.4";
}
{
dnsname = "second.afsdb.server.dns.fqdn.org";
ip = "2.3.4.5";
}
]Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/client.nix>
|
services.openafsClient.cellServDB.*.dnsnameDNS full-qualified domain name of a database server
Type: string
Default: ""
Example: "afs.example.org"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/client.nix>
|
services.openafsClient.cellServDB.*.ipIP Address of a database server
Type: string
Default: ""
Example: "1.2.3.4"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/client.nix>
|
services.openafsClient.cryptWhether to enable (weak) protocol encryption.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/client.nix>
|
services.openafsClient.daemonsNumber of daemons to serve user requests. Numbers higher than 6 usually do no increase performance. Default is sufficient for up to five concurrent users.
Type: signed integer
Default: 2
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/client.nix>
|
services.openafsClient.fakestatReturn fake data on stat() calls. If true,
always do so. If false, only do so for
cross-cell mounts (as these are potentially expensive).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/client.nix>
|
services.openafsClient.inumcalcInode calculation method. compat is
computationally less expensive, but md5 greatly
reduces the likelihood of inode collisions in larger scenarios
involving multiple cells mounted into one AFS space.
Type: string matching the pattern compat|md5
Default: "compat"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/client.nix>
|
services.openafsClient.mountPointMountpoint of the AFS file tree, conventionally
/afs. When set to a different value, only
cross-cells that use the same value can be accessed.
Type: string
Default: "/afs"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/client.nix>
|
services.openafsClient.sparseMinimal cell list in /afs.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/client.nix>
|
services.openafsClient.startDisconnectedStart up in disconnected mode. You need to execute
fs disco online (as root) to switch to
connected mode. Useful for roaming devices.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/client.nix>
|
services.openafsServer.enableWhether to enable the OpenAFS server. An OpenAFS server needs a
complex setup. So, be aware that enabling this service and setting
some options does not give you a turn-key-ready solution. You need
at least a running Kerberos 5 setup, as OpenAFS relies on it for
authentication. See the Guide "QuickStartUnix" coming with
pkgs.openafs.doc for complete setup
instructions.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/server.nix>
|
services.openafsServer.packageOpenAFS package for the server binaries
Type: package
Default: pkgs.openafs.server or pkgs.openafs
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/server.nix>
|
services.openafsServer.advertisedAddressesList of IP addresses this server is advertised under. See NetInfo(5)
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/server.nix>
|
services.openafsServer.cellNameCell name, this server will serve.
Type: string
Default: ""
Example: "grand.central.org"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/server.nix>
|
services.openafsServer.cellServDBDefinition of all cell-local database server machines.
Type: list of (submodule)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/server.nix>
|
services.openafsServer.cellServDB.*.dnsnameDNS full-qualified domain name of a database server
Type: string
Default: ""
Example: "afs.example.org"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/server.nix>
|
services.openafsServer.cellServDB.*.ipIP Address of a database server
Type: string
Default: ""
Example: "1.2.3.4"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/server.nix>
|
services.openafsServer.dottedPrincipalsIf enabled, allow principal names containing (.) dots. Enabling this has security implications!
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/server.nix>
|
services.openafsServer.roles.backup.enableBackup server role. Use in conjunction with the
database role to maintain the Backup
Database. Normally only used in conjunction with tape storage
or IBM's Tivoli Storage Manager.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/server.nix>
|
services.openafsServer.roles.backup.buserverArgsArguments to the buserver process. See its man page.
Type: string
Default: ""
Example: "-p 8"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/server.nix>
|
services.openafsServer.roles.backup.cellServDBDefinition of all cell-local backup database server machines. Use this when your cell uses less backup database servers than other database server machines.
Type: list of (submodule)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/server.nix>
|
services.openafsServer.roles.backup.cellServDB.*.dnsnameDNS full-qualified domain name of a database server
Type: string
Default: ""
Example: "afs.example.org"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/server.nix>
|
services.openafsServer.roles.backup.cellServDB.*.ipIP Address of a database server
Type: string
Default: ""
Example: "1.2.3.4"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/server.nix>
|
services.openafsServer.roles.database.enableDatabase server role, maintains the Volume Location Database,
Protection Database (and Backup Database, see
backup role). There can be multiple
servers in the database role for replication, which then need
reliable network connection to each other.
Servers in this role appear in AFSDB DNS records or the CellServDB.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/server.nix>
|
services.openafsServer.roles.database.ptserverArgsArguments to the ptserver process. See its man page.
Type: string
Default: ""
Example: "-restricted -default_access S---- S-M---"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/server.nix>
|
services.openafsServer.roles.database.vlserverArgsArguments to the vlserver process. See its man page.
Type: string
Default: ""
Example: "-rxbind"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/server.nix>
|
services.openafsServer.roles.fileserver.enableFileserver role, serves files and volumes from its local storage.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/server.nix>
|
services.openafsServer.roles.fileserver.fileserverArgsArguments to the dafileserver process. See its man page.
Type: string
Default: "-vattachpar 128 -vhashsize 11 -L -rxpck 400 -cb 1000000"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/server.nix>
|
services.openafsServer.roles.fileserver.salvagerArgsArguments to the dasalvager process. See its man page.
Type: string
Default: ""
Example: "-showlog -showmounts"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/server.nix>
|
services.openafsServer.roles.fileserver.salvageserverArgsArguments to the salvageserver process. See its man page.
Type: string
Default: ""
Example: "-showlog"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/server.nix>
|
services.openafsServer.roles.fileserver.volserverArgsArguments to the davolserver process. See its man page.
Type: string
Default: ""
Example: "-sync never"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/server.nix>
|
services.openafsServer.udpPacketSizeUDP packet size to use in Bytes. Higher values can speed up
communications. The default of 1 MB is a sufficient in most
cases. Make sure to increase the kernel's UDP buffer size
accordingly via net.core(w|r|opt)mem_max
sysctl.
Type: signed integer
Default: 1310720
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/openafs/server.nix>
|
services.openarena.enableWhether to enable OpenArena.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/games/openarena.nix>
|
services.openarena.extraFlagsExtra flags to pass to oa_ded
Type: list of string
Default: [ ]
Example:
[ "+set dedicated 2" "+set sv_hostname 'My NixOS OpenArena Server'" "+map oa_dm1" ]
Declared by:
<nixpkgs/nixos/modules/services/games/openarena.nix>
|
services.openarena.openPortsWhether to open firewall ports for OpenArena
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/games/openarena.nix>
|
services.opendkim.enableWhether to enable the OpenDKIM sender authentication system.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/mail/opendkim.nix>
|
services.opendkim.configFileAdditional opendkim configuration.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/mail/opendkim.nix>
|
services.opendkim.domainsLocal domains set (see opendkim(8) for more information on datasets).
Messages from them are signed, not verified.
Type: string
Default: "csl:${config.networking.hostName}"
Example: "csl:example.com,mydomain.net"
Declared by:
<nixpkgs/nixos/modules/services/mail/opendkim.nix>
|
services.opendkim.groupGroup for the daemon.
Type: string
Default: "opendkim"
Declared by:
<nixpkgs/nixos/modules/services/mail/opendkim.nix>
|
services.opendkim.keyPathThe path that opendkim should put its generated private keys into. The DNS settings will be found in this directory with the name selector.txt.
Type: path
Default: "/var/lib/opendkim/keys"
Declared by:
<nixpkgs/nixos/modules/services/mail/opendkim.nix>
|
services.opendkim.selectorSelector to use when signing.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/mail/opendkim.nix>
|
services.opendkim.socketSocket which is used for communication with OpenDKIM.
Type: string
Default: "local:/run/opendkim/opendkim.sock"
Declared by:
<nixpkgs/nixos/modules/services/mail/opendkim.nix>
|
services.opendkim.userUser for the daemon.
Type: string
Default: "opendkim"
Declared by:
<nixpkgs/nixos/modules/services/mail/opendkim.nix>
|
services.openiscsi.enableWhether to enable the openiscsi iscsi daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/iscsi/initiator.nix>
|
services.openiscsi.enableAutoLoginOutWhether to enable automatic login and logout of all automatic targets. You probably do not want this. .
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/iscsi/initiator.nix>
|
services.openiscsi.packageopeniscsi package to use
Type: package
Default: pkgs.openiscsi
Declared by:
<nixpkgs/nixos/modules/services/networking/iscsi/initiator.nix>
|
services.openiscsi.discoverPortalPortal to discover targets on
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/iscsi/initiator.nix>
|
services.openiscsi.extraConfigLines to append to default iscsid.conf
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/iscsi/initiator.nix>
|
services.openiscsi.extraConfigFileAppend an additional file's contents to /etc/iscsid.conf. Use a non-store path and store passwords in this file.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/iscsi/initiator.nix>
|
services.openiscsi.nameName of this iscsi initiator
Type: string
Example: "iqn.2020-08.org.linux-iscsi.initiatorhost:example"
Declared by:
<nixpkgs/nixos/modules/services/networking/iscsi/initiator.nix>
|
services.openldap.enableWhether to enable the ldap server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/databases/openldap.nix>
|
services.openldap.packageOpenLDAP package to use.
This can be used to, for example, set an OpenLDAP package with custom overrides to enable modules or other functionality.
Type: package
Default: pkgs.openldap
Declared by:
<nixpkgs/nixos/modules/services/databases/openldap.nix>
|
services.openldap.configDirUse this config directory instead of generating one from the
settings option. Overrides all NixOS settings.
Type: null or path
Default: null
Example: "/var/lib/openldap/slapd.d"
Declared by:
<nixpkgs/nixos/modules/services/databases/openldap.nix>
|
services.openldap.declarativeContentsDeclarative contents for the LDAP database, in LDIF format by suffix.
All data will be erased when starting the LDAP server. Modifications to the database are not prevented, they are just dropped on the next reboot of the server. Performance-wise the database and indexes are rebuilt on each server startup, so this will slow down server startup, especially with large databases.
Note that the root of the DB must be defined in
services.openldap.settings and the
olcDbDirectory must begin with
"/var/lib/openldap".
Type: attribute set of strings concatenated with "\n"
Default: { }
Example:
{
"dc=example,dc=org" = ''
dn= dn: dc=example,dc=org
objectClass: domain
dc: example
dn: ou=users,dc=example,dc=org
objectClass = organizationalUnit
ou: users
# ...
'';
}
Declared by:
<nixpkgs/nixos/modules/services/databases/openldap.nix>
|
services.openldap.groupGroup account under which slapd runs.
Type: string
Default: "openldap"
Declared by:
<nixpkgs/nixos/modules/services/databases/openldap.nix>
|
services.openldap.mutableConfigWhether to allow writable on-line configuration. If
true, the NixOS settings will only be used to
initialize the OpenLDAP configuration if it does not exist, and are
subsequently ignored.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/databases/openldap.nix>
|
services.openldap.settingsConfiguration for OpenLDAP, in OLC format
Type: submodule
Example:
{
attrs.olcLogLevel = [ "stats" ];
children = {
"cn=schema".includes = [
"${pkgs.openldap}/etc/schema/core.ldif"
"${pkgs.openldap}/etc/schema/cosine.ldif"
"${pkgs.openldap}/etc/schema/inetorgperson.ldif"
];
"olcDatabase={-1}frontend" = {
attrs = {
objectClass = "olcDatabaseConfig";
olcDatabase = "{-1}frontend";
olcAccess = [ "{0}to * by dn.exact=uidNumber=0+gidNumber=0,cn=peercred,cn=external,cn=auth manage stop by * none stop" ];
};
};
"olcDatabase={0}config" = {
attrs = {
objectClass = "olcDatabaseConfig";
olcDatabase = "{0}config";
olcAccess = [ "{0}to * by * none break" ];
};
};
"olcDatabase={1}mdb" = {
attrs = {
objectClass = [ "olcDatabaseConfig" "olcMdbConfig" ];
olcDatabase = "{1}mdb";
olcDbDirectory = "/var/lib/openldap/ldap";
olcDbIndex = [
"objectClass eq"
"cn pres,eq"
"uid pres,eq"
"sn pres,eq,subany"
];
olcSuffix = "dc=example,dc=com";
olcAccess = [ "{0}to * by * read break" ];
};
};
};
};
Declared by:
<nixpkgs/nixos/modules/services/databases/openldap.nix>
|
services.openldap.settings.attrsAttributes of the parent entry.
Type: attribute set of ((LDAP value - either a string, or an attrset containing `path` or `base64` for included values or base-64 encoded values respectively. ) or list of (LDAP value - either a string, or an attrset containing `path` or `base64` for included values or base-64 encoded values respectively. ))
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/databases/openldap.nix>
|
services.openldap.settings.childrenChild entries of the current entry, with recursively the same structure.
Type: attribute set of (submodule)
Default: { }
Example:
{
"cn=schema" = {
# The attribute used in the DN must be defined
attrs = { cn = "schema"; };
children = {
# This entry's DN is expanded to "cn=foo,cn=schema"
"cn=foo" = { ... };
};
# These includes are inserted after "cn=schema", but before "cn=foo,cn=schema"
includes = [ ... ];
};
}
Declared by:
<nixpkgs/nixos/modules/services/databases/openldap.nix>
|
services.openldap.settings.includesLDIF files to include after the parent's attributes but before its children.
Type: list of path
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/databases/openldap.nix>
|
services.openldap.urlListURL list slapd should listen on.
Type: list of string
Default:
[ "ldap:///" ]
Example:
[ "ldaps:///" ]
Declared by:
<nixpkgs/nixos/modules/services/databases/openldap.nix>
|
services.openldap.userUser account under which slapd runs.
Type: string
Default: "openldap"
Declared by:
<nixpkgs/nixos/modules/services/databases/openldap.nix>
|
services.openntpd.enableWhether to enable OpenNTP time synchronization server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/ntp/openntpd.nix>
|
services.openntpd.extraConfigAdditional text appended to openntpd.conf.
Type: strings concatenated with "\n"
Default: ""
Example:
'' listen on 127.0.0.1 listen on ::1 ''
Declared by:
<nixpkgs/nixos/modules/services/networking/ntp/openntpd.nix>
|
services.openntpd.extraOptionsExtra options used when launching openntpd.
Type: strings concatenated with " "
Default: ""
Example: "-s"
Declared by:
<nixpkgs/nixos/modules/services/networking/ntp/openntpd.nix>
|
services.openntpd.serversThe set of NTP servers from which to synchronise.
Type: list of string
Default: config.services.ntp.servers
Declared by:
<nixpkgs/nixos/modules/services/networking/ntp/openntpd.nix>
|
services.opensmtpd.enableWhether to enable the OpenSMTPD server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/mail/opensmtpd.nix>
|
services.opensmtpd.packageThe OpenSMTPD package to use.
Type: package
Default: pkgs.opensmtpd
Declared by:
<nixpkgs/nixos/modules/services/mail/opensmtpd.nix>
|
services.opensmtpd.extraServerArgsExtra command line arguments provided when the smtpd process is started.
Type: list of string
Default: [ ]
Example:
[ "-v" "-P mta" ]
Declared by:
<nixpkgs/nixos/modules/services/mail/opensmtpd.nix>
|
services.opensmtpd.procPackagesPackages to search for filters, tables, queues, and schedulers.
Add OpenSMTPD-extras here if you want to use the filters, etc. from that package.
Type: list of package
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/mail/opensmtpd.nix>
|
services.opensmtpd.serverConfigurationThe contents of the smtpd.conf configuration file. See the OpenSMTPD documentation for syntax information.
Type: strings concatenated with "\n"
Example:
'' listen on lo accept for any deliver to lmtp localhost:24 ''
Declared by:
<nixpkgs/nixos/modules/services/mail/opensmtpd.nix>
|
services.opensmtpd.setSendmailWhether to set the system sendmail to OpenSMTPD's.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/mail/opensmtpd.nix>
|
services.opensnitch.enableWhether to enable Opensnitch application firewall.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/security/opensnitch.nix>
|
services.opensnitch.rulesDeclarative configuration of firewall rules.
All rules will be stored in /var/lib/opensnitch/rules.
See upstream documentation
for available options.
Type: JSON value
Default: { }
Example:
{
"tor" = {
"name" = "tor";
"enabled" = true;
"action" = "allow";
"duration" = "always";
"operator" = {
"type" ="simple";
"sensitive" = false;
"operand" = "process.path";
"data" = "${lib.getBin pkgs.tor}/bin/tor";
};
};
};
Declared by:
<nixpkgs/nixos/modules/services/security/opensnitch.nix>
|
services.opensnitch.settingsopensnitchd configuration. Refer to upstream documentation for details on supported values.
Type: JSON value
Declared by:
<nixpkgs/nixos/modules/services/security/opensnitch.nix>
|
services.opensnitch.settings.DefaultActionDefault action whether to block or allow application internet access.
Type: one of "allow", "deny"
Declared by:
<nixpkgs/nixos/modules/services/security/opensnitch.nix>
|
services.opensnitch.settings.DefaultDurationDefault duration of firewall rule.
Type: one of "once", "always", "until restart", "30s", "5m", "15m", "30m", "1h"
Declared by:
<nixpkgs/nixos/modules/services/security/opensnitch.nix>
|
services.opensnitch.settings.FirewallWhich firewall backend to use.
Type: one of "iptables", "nftables"
Declared by:
<nixpkgs/nixos/modules/services/security/opensnitch.nix>
|
services.opensnitch.settings.InterceptUnknownWhether to intercept spare connections.
Type: boolean
Declared by:
<nixpkgs/nixos/modules/services/security/opensnitch.nix>
|
services.opensnitch.settings.LogLevelDefault log level from 0 to 4 (debug, info, important, warning, error).
Type: one of 0, 1, 2, 3, 4
Declared by:
<nixpkgs/nixos/modules/services/security/opensnitch.nix>
|
services.opensnitch.settings.ProcMonitorMethodWhich process monitoring method to use.
Type: one of "ebpf", "proc", "ftrace", "audit"
Declared by:
<nixpkgs/nixos/modules/services/security/opensnitch.nix>
|
services.opensnitch.settings.Server.AddressUnix socket path (unix:///tmp/osui.sock, the "unix:///" part is mandatory) or TCP socket (192.168.1.100:50051).
Type: string
Declared by:
<nixpkgs/nixos/modules/services/security/opensnitch.nix>
|
services.opensnitch.settings.Server.LogFileFile to write logs to (use /dev/stdout to write logs to standard output).
Type: path
Declared by:
<nixpkgs/nixos/modules/services/security/opensnitch.nix>
|
services.opensnitch.settings.Stats.MaxEventsMax events to send to the GUI.
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/services/security/opensnitch.nix>
|
services.opensnitch.settings.Stats.MaxStatsMax stats per item to keep in backlog.
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/services/security/opensnitch.nix>
|
services.openssh.enableWhether to enable the OpenSSH secure shell daemon, which allows secure remote logins.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
|
services.openssh.allowSFTPWhether to enable the SFTP subsystem in the SSH daemon. This enables the use of commands such as sftp and sshfs.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
|
services.openssh.authorizedKeysCommandSpecifies a program to be used to look up the user's public keys. The program must be owned by root, not writable by group or others and specified by an absolute path.
Type: string
Default: "none"
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
|
services.openssh.authorizedKeysCommandUserSpecifies the user under whose account the AuthorizedKeysCommand is run. It is recommended to use a dedicated user that has no other role on the host than running authorized keys commands.
Type: string
Default: "nobody"
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
|
services.openssh.authorizedKeysFilesSpecify the rules for which files to read on the host.
This is an advanced option. If you're looking to configure user
keys, you can generally use users.users.<name>.openssh.authorizedKeys.keys
or users.users.<name>.openssh.authorizedKeys.keyFiles.
These are paths relative to the host root file system or home directories and they are subject to certain token expansion rules. See AuthorizedKeysFile in man sshd_config for details.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
|
services.openssh.bannerMessage to display to the remote user before authentication is allowed.
Type: null or strings concatenated with "\n"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
|
services.openssh.ciphersAllowed ciphers
Defaults to recommended settings from both https://stribika.github.io/2015/01/04/secure-secure-shell.html and https://infosec.mozilla.org/guidelines/openssh#modern-openssh-67
Type: list of string
Default:
[ "chacha20-poly1305@openssh.com" "aes256-gcm@openssh.com" "aes128-gcm@openssh.com" "aes256-ctr" "aes192-ctr" "aes128-ctr" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
|
services.openssh.extraConfigVerbatim contents of sshd_config.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
|
services.openssh.forwardX11Whether to allow X11 connections to be forwarded.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
|
services.openssh.gatewayPortsSpecifies whether remote hosts are allowed to connect to ports forwarded for the client. See sshd_config(5).
Type: string
Default: "no"
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
|
services.openssh.hostKeysNixOS can automatically generate SSH host keys. This option specifies the path, type and size of each key. See ssh-keygen(1) for supported types and sizes.
Type: list of (attribute set)
Default:
[
{
bits = 4096;
path = "/etc/ssh/ssh_host_rsa_key";
type = "rsa";
}
{
path = "/etc/ssh/ssh_host_ed25519_key";
type = "ed25519";
}
]Example:
[
{
bits = 4096;
openSSHFormat = true;
path = "/etc/ssh/ssh_host_rsa_key";
rounds = 100;
type = "rsa";
}
{
comment = "key comment";
path = "/etc/ssh/ssh_host_ed25519_key";
rounds = 100;
type = "ed25519";
}
]Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
|
services.openssh.kbdInteractiveAuthenticationSpecifies whether keyboard-interactive authentication is allowed.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
|
services.openssh.kexAlgorithmsAllowed key exchange algorithms
Uses the lower bound recommended in both https://stribika.github.io/2015/01/04/secure-secure-shell.html and https://infosec.mozilla.org/guidelines/openssh#modern-openssh-67
Type: list of string
Default:
[ "sntrup761x25519-sha512@openssh.com" "curve25519-sha256" "curve25519-sha256@libssh.org" "diffie-hellman-group-exchange-sha256" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
|
services.openssh.knownHostsAlias of programs.ssh.knownHosts.
Type: attribute set of (submodule)
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
|
services.openssh.knownHosts.<name>.certAuthorityThis public key is an SSH certificate authority, rather than an individual host's key.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/programs/ssh.nix>
|
services.openssh.knownHosts.<name>.extraHostNamesA list of additional host names and/or IP numbers used for
accessing the host's ssh service. This list is ignored if
hostNames is set explicitly.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/programs/ssh.nix>
|
services.openssh.knownHosts.<name>.hostNamesA list of host names and/or IP numbers used for accessing
the host's ssh service. This list includes the name of the
containing knownHosts attribute by default
for convenience. If you wish to configure multiple host keys
for the same host use multiple knownHosts
entries with different attribute names and the same
hostNames list.
Type: list of string
Default: [ ‹name› ] ++ config.services.openssh.knownHosts.<name>.extraHostNames
Declared by:
<nixpkgs/nixos/modules/programs/ssh.nix>
|
services.openssh.knownHosts.<name>.publicKeyThe public key data for the host. You can fetch a public key from a running SSH server with the ssh-keyscan command. The public key should not include any host names, only the key type and the key itself.
Type: null or string
Default: null
Example: "ecdsa-sha2-nistp521 AAAAE2VjZHN...UEPg=="
Declared by:
<nixpkgs/nixos/modules/programs/ssh.nix>
|
services.openssh.knownHosts.<name>.publicKeyFileThe path to the public key file for the host. The public
key file is read at build time and saved in the Nix store.
You can fetch a public key file from a running SSH server
with the ssh-keyscan command. The content
of the file should follow the same format as described for
the publicKey option. Only a single key
is supported. If a host has multiple keys, use
programs.ssh.knownHostsFiles instead.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/programs/ssh.nix>
|
services.openssh.listenAddressesList of addresses and ports to listen on (ListenAddress directive
in config). If port is not specified for address sshd will listen
on all ports specified by ports option.
NOTE: this will override default listening on all local addresses and port 22.
NOTE: setting this option won't automatically enable given ports
in firewall configuration.
Type: list of (submodule)
Default: [ ]
Example:
[
{
addr = "192.168.3.1";
port = 22;
}
{
addr = "0.0.0.0";
port = 64022;
}
]Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
|
services.openssh.listenAddresses.*.addrHost, IPv4 or IPv6 address to listen to.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
|
services.openssh.listenAddresses.*.portPort to listen to.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
|
services.openssh.logLevelGives the verbosity level that is used when logging messages from sshd(8). The possible values are: QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3. The default is INFO. DEBUG and DEBUG1 are equivalent. DEBUG2 and DEBUG3 each specify higher levels of debugging output. Logging with a DEBUG level violates the privacy of users and is not recommended.
Type: one of "QUIET", "FATAL", "ERROR", "INFO", "VERBOSE", "DEBUG", "DEBUG1", "DEBUG2", "DEBUG3"
Default: "INFO"
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
|
services.openssh.macsAllowed MACs
Defaults to recommended settings from both https://stribika.github.io/2015/01/04/secure-secure-shell.html and https://infosec.mozilla.org/guidelines/openssh#modern-openssh-67
Type: list of string
Default:
[ "hmac-sha2-512-etm@openssh.com" "hmac-sha2-256-etm@openssh.com" "umac-128-etm@openssh.com" "hmac-sha2-512" "hmac-sha2-256" "umac-128@openssh.com" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
|
services.openssh.moduliFilePath to moduli file to install in
/etc/ssh/moduli. If this option is unset, then
the moduli file shipped with OpenSSH will be used.
Type: path
Example: "/etc/my-local-ssh-moduli;"
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
|
services.openssh.openFirewallWhether to automatically open the specified ports in the firewall.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
|
services.openssh.passwordAuthenticationSpecifies whether password authentication is allowed.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
|
services.openssh.permitRootLoginWhether the root user can login using ssh.
Type: one of "yes", "without-password", "prohibit-password", "forced-commands-only", "no"
Default: "prohibit-password"
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
|
services.openssh.portsSpecifies on which ports the SSH daemon listens.
Type: list of 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
[ 22 ]
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
|
services.openssh.sftpFlagsCommandline flags to add to sftp-server.
Type: list of string
Default: [ ]
Example:
[ "-f AUTHPRIV" "-l INFO" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
|
services.openssh.sftpServerExecutableThe sftp server executable. Can be a path or "internal-sftp" to use the sftp server built into the sshd binary.
Type: string
Example: "internal-sftp"
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
|
services.openssh.startWhenNeededIf set, sshd is socket-activated; that is, instead of having it permanently running as a daemon, systemd will start an instance for each incoming connection.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
|
services.openssh.useDnsSpecifies whether sshd(8) should look up the remote host name, and to check that the resolved host name for the remote IP address maps back to the very same IP address. If this option is set to no (the default) then only addresses and not host names may be used in ~/.ssh/authorized_keys from and sshd_config Match Host directives.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
|
services.opentracker.enableWhether to enable opentracker.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/torrent/opentracker.nix>
|
services.opentracker.packageopentracker package to use
Type: package
Default: pkgs.opentracker
Declared by:
<nixpkgs/nixos/modules/services/torrent/opentracker.nix>
|
services.opentracker.extraOptionsConfiguration Arguments for opentracker See https://erdgeist.org/arts/software/opentracker/ for all params
Type: strings concatenated with " "
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/torrent/opentracker.nix>
|
services.opentsdb.enableWhether to enable OpenTSDB.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/databases/opentsdb.nix>
|
services.opentsdb.packageOpenTSDB package to use.
Type: package
Default: pkgs.opentsdb
Declared by:
<nixpkgs/nixos/modules/services/databases/opentsdb.nix>
|
services.opentsdb.configThe contents of OpenTSDB's configuration file
Type: strings concatenated with "\n"
Default:
'' tsd.core.auto_create_metrics = true tsd.http.request.enable_chunked = true ''
Declared by:
<nixpkgs/nixos/modules/services/databases/opentsdb.nix>
|
services.opentsdb.groupGroup account under which OpenTSDB runs.
Type: string
Default: "opentsdb"
Declared by:
<nixpkgs/nixos/modules/services/databases/opentsdb.nix>
|
services.opentsdb.portWhich port OpenTSDB listens on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 4242
Declared by:
<nixpkgs/nixos/modules/services/databases/opentsdb.nix>
|
services.opentsdb.userUser account under which OpenTSDB runs.
Type: string
Default: "opentsdb"
Declared by:
<nixpkgs/nixos/modules/services/databases/opentsdb.nix>
|
services.openvpn.serversEach attribute of this option defines a systemd service that
runs an OpenVPN instance. These can be OpenVPN servers or
clients. The name of each systemd service is
openvpn-«name».service,
where «name» is the corresponding
attribute name.
Type: attribute set of (submodule)
Default: { }
Example:
{
server = {
config = ''
# Simplest server configuration: https://community.openvpn.net/openvpn/wiki/StaticKeyMiniHowto
# server :
dev tun
ifconfig 10.8.0.1 10.8.0.2
secret /root/static.key
'';
up = "ip route add ...";
down = "ip route del ...";
};
client = {
config = ''
client
remote vpn.example.org
dev tun
proto tcp-client
port 8080
ca /root/.vpn/ca.crt
cert /root/.vpn/alice.crt
key /root/.vpn/alice.key
'';
up = "echo nameserver $nameserver | ${pkgs.openresolv}/sbin/resolvconf -m 0 -a $dev";
down = "${pkgs.openresolv}/sbin/resolvconf -d $dev";
};
}
Declared by:
<nixpkgs/nixos/modules/services/networking/openvpn.nix>
|
services.openvpn.servers.<name>.authUserPassThis option can be used to store the username / password credentials with the "auth-user-pass" authentication method.
WARNING: Using this option will put the credentials WORLD-READABLE in the Nix store!
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/openvpn.nix>
|
services.openvpn.servers.<name>.authUserPass.passwordThe password to store inside the credentials file.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/openvpn.nix>
|
services.openvpn.servers.<name>.authUserPass.usernameThe username to store inside the credentials file.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/openvpn.nix>
|
services.openvpn.servers.<name>.autoStartWhether this OpenVPN instance should be started automatically.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/openvpn.nix>
|
services.openvpn.servers.<name>.configConfiguration of this OpenVPN instance. See openvpn(8) for details.
To import an external config file, use the following definition:
config = "config /path/to/config.ovpn"
Type: strings concatenated with "\n"
Declared by:
<nixpkgs/nixos/modules/services/networking/openvpn.nix>
|
services.openvpn.servers.<name>.downShell commands executed when the instance is shutting down.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/openvpn.nix>
|
services.openvpn.servers.<name>.upShell commands executed when the instance is starting.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/openvpn.nix>
|
services.openvpn.servers.<name>.updateResolvConfUse the script from the update-resolv-conf package to automatically update resolv.conf with the DNS information provided by openvpn. The script will be run after the "up" commands and before the "down" commands.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/openvpn.nix>
|
services.openwebrx.enableWhether to enable OpenWebRX Web interface for Software-Defined Radios on http://localhost:8073.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/openwebrx.nix>
|
services.openwebrx.packageOpenWebRX package to use for the service
Type: package
Default: pkgs.openwebrx
Declared by:
<nixpkgs/nixos/modules/services/web-apps/openwebrx.nix>
|
services.orangefs.client.enableWhether to enable OrangeFS client daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/orangefs/client.nix>
|
services.orangefs.client.extraOptionsExtra command line options for pvfs2-client.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/orangefs/client.nix>
|
services.orangefs.client.fileSystemsThe orangefs file systems to be mounted.
This option is preferred over using fileSystems directly since
the pvfs client service needs to be running for it to be mounted.
Type: list of (submodule)
Example:
[
{
mountPoint = "/orangefs";
target = "tcp://server:3334/orangefs";
}
]Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/orangefs/client.nix>
|
services.orangefs.client.fileSystems.*.mountPointMount point.
Type: string
Default: "/orangefs"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/orangefs/client.nix>
|
services.orangefs.client.fileSystems.*.optionsMount options
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/orangefs/client.nix>
|
services.orangefs.client.fileSystems.*.targetTarget URL
Type: string
Example: "tcp://server:3334/orangefs"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/orangefs/client.nix>
|
services.orangefs.server.enableWhether to enable OrangeFS server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/orangefs/server.nix>
|
services.orangefs.server.BMIModulesList of BMI modules to load.
Type: list of string
Default:
[ "bmi_tcp" ]
Example:
[ "bmi_tcp" "bmi_ib" ]
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/orangefs/server.nix>
|
services.orangefs.server.dataStorageSpaceDirectory for data storage.
Type: null or string
Default: null
Example: "/data/storage"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/orangefs/server.nix>
|
services.orangefs.server.extraConfigExtra config for the global section.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/orangefs/server.nix>
|
services.orangefs.server.extraDefaultsExtra config for <Defaults> section.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/orangefs/server.nix>
|
services.orangefs.server.fileSystemsThese options will create the <FileSystem> sections of config file.
Type: attribute set of (submodule)
Default:
{
orangefs = { };
}Example:
{
fs1 = {
id = 101;
};
fs2 = {
id = 102;
};
}
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/orangefs/server.nix>
|
services.orangefs.server.fileSystems.<name>.extraConfigExtra config for <FileSystem> section.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/orangefs/server.nix>
|
services.orangefs.server.fileSystems.<name>.extraStorageHintsExtra config for <StorageHints> section.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/orangefs/server.nix>
|
services.orangefs.server.fileSystems.<name>.idFile system ID (must be unique within configuration).
Type: signed integer
Default: 1
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/orangefs/server.nix>
|
services.orangefs.server.fileSystems.<name>.rootHandleFile system root ID.
Type: signed integer
Default: 3
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/orangefs/server.nix>
|
services.orangefs.server.fileSystems.<name>.troveSyncDataSync data.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/orangefs/server.nix>
|
services.orangefs.server.fileSystems.<name>.troveSyncMetaSync meta data.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/orangefs/server.nix>
|
services.orangefs.server.logTypeDestination for log messages.
Type: one of "file", "syslog"
Default: "syslog"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/orangefs/server.nix>
|
services.orangefs.server.metadataStorageSpaceDirectory for meta data storage.
Type: null or string
Default: null
Example: "/data/meta"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/orangefs/server.nix>
|
services.orangefs.server.serversURLs for storage server including port. The attribute names define the server alias.
Type: attribute set of string
Default: { }
Example:
{
node1 = "tcp://node1:3334";
node2 = "tcp://node2:3334";
}Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/orangefs/server.nix>
|
services.osrm.enableEnable the OSRM service.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/osrm.nix>
|
services.osrm.addressIP address on which the web server will listen.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/misc/osrm.nix>
|
services.osrm.algorithmAlgorithm to use for the data. Must be one of CH, CoreCH, MLD
Type: one of "CH", "CoreCH", "MLD"
Default: "MLD"
Declared by:
<nixpkgs/nixos/modules/services/misc/osrm.nix>
|
services.osrm.dataFileData file location
Type: path
Example: "/var/lib/osrm/berlin-latest.osrm"
Declared by:
<nixpkgs/nixos/modules/services/misc/osrm.nix>
|
services.osrm.extraFlagsExtra command line arguments passed to osrm-routed
Type: list of string
Default: [ ]
Example:
[ "--max-table-size 1000" "--max-matching-size 1000" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/osrm.nix>
|
services.osrm.portPort on which the web server will run.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 5000
Declared by:
<nixpkgs/nixos/modules/services/misc/osrm.nix>
|
services.osrm.threadsNumber of threads to use.
Type: signed integer
Default: 4
Declared by:
<nixpkgs/nixos/modules/services/misc/osrm.nix>
|
services.ostinato.enableWhether to enable Ostinato agent-controller (Drone).
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/ostinato.nix>
|
services.ostinato.portPort to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 7878
Declared by:
<nixpkgs/nixos/modules/services/networking/ostinato.nix>
|
services.ostinato.portList.excludeA list of ports does not appear on the port list managed by drone.
Type: list of string
Default: [ ]
Example:
[ "usbmon*" "eth0" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/ostinato.nix>
|
services.ostinato.portList.includeFor a port to pass the filter and appear on the port list managed by drone, it be allowed by this include list.
Type: list of string
Default: [ ]
Example:
[ "eth*" "lo*" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/ostinato.nix>
|
services.ostinato.rateAccuracyTo ensure that the actual transmit rate is as close as possible to the configured transmit rate, Drone runs a busy-wait loop. While this provides the maximum accuracy possible, the CPU utilization is 100% while the transmit is on. You can however, sacrifice the accuracy to reduce the CPU load.
Type: one of "High", "Low"
Default: "High"
Declared by:
<nixpkgs/nixos/modules/services/networking/ostinato.nix>
|
services.ostinato.rpcServer.addressBy default, the Drone RPC server will listen on all interfaces and local IPv4 addresses for incoming connections from clients. Specify a single IPv4 or IPv6 address if you want to restrict that. To listen on any IPv6 address, use ::
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/networking/ostinato.nix>
|
services.outline.enableWhether to enable outline.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/outline.nix>
|
services.outline.enableUpdateCheckHave the installation check for updates by sending anonymized statistics to the maintainers.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/outline.nix>
|
services.outline.packageOutline package to use.
Type: package
Default: pkgs.outline
Example:
pkgs.outline.overrideAttrs (super: {
# Ignore the domain part in emails that come from OIDC. This is might
# be helpful if you want multiple users with different email providers
# to still land in the same team. Note that this effectively makes
# Outline a single-team instance.
patchPhase = ''
sed -i 's/const domain = parts\.length && parts\[1\];/const domain = "example.com";/g' server/routes/auth/providers/oidc.ts
'';
})
Declared by:
<nixpkgs/nixos/modules/services/web-apps/outline.nix>
|
services.outline.azureAuthenticationTo configure Microsoft/Azure auth, you'll need to create an OAuth Client. See the guide for details on setting up your Azure App.
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/outline.nix>
|
services.outline.azureAuthentication.clientIdAuthentication client identifier.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/outline.nix>
|
services.outline.azureAuthentication.clientSecretFileFile path containing the authentication secret.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/outline.nix>
|
services.outline.azureAuthentication.resourceAppIdAuthentication application resource ID.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/outline.nix>
|
services.outline.cdnUrlIf using a Cloudfront/Cloudflare distribution or similar it can be set using this option. This will cause paths to JavaScript files, stylesheets and images to be updated to the hostname defined here. In your CDN configuration the origin server should be set to public URL.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/outline.nix>
|
services.outline.concurrencyHow many processes should be spawned. For a rough estimate, divide your server's available memory by 512.
Type: signed integer
Default: 1
Declared by:
<nixpkgs/nixos/modules/services/web-apps/outline.nix>
|
services.outline.databaseUrlURI to use for the main PostgreSQL database. If this needs to include
credentials that shouldn't be world-readable in the Nix store, set an
environment file on the systemd service and override the
DATABASE_URL entry. Pass the string
local to setup a database on the local server.
Type: string
Default: "local"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/outline.nix>
|
services.outline.debugOutputSet this to http log HTTP requests.
Type: null or value "http" (singular enum)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/outline.nix>
|
services.outline.defaultLanguageThe default interface language. See translate.getoutline.com for a list of available language codes and their rough percentage translated.
Type: one of "da_DK", "de_DE", "en_US", "es_ES", "fa_IR", "fr_FR", "it_IT", "ja_JP", "ko_KR", "nl_NL", "pl_PL", "pt_BR", "pt_PT", "ru_RU", "sv_SE", "th_TH", "vi_VN", "zh_CN", "zh_TW"
Default: "en_US"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/outline.nix>
|
services.outline.forceHttpsAuto-redirect to HTTPS in production. The default is
true but you may set this to false
if you can be sure that SSL is terminated at an external loadbalancer.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/outline.nix>
|
services.outline.googleAnalyticsIdOptionally enable Google Analytics to track page views in the knowledge base.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/outline.nix>
|
services.outline.googleAuthenticationTo configure Google auth, you'll need to create an OAuth Client ID at https://console.cloud.google.com/apis/credentials
When configuring the Client ID, add an Authorized redirect URI to
https://[publicUrl]/auth/google.callback.
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/outline.nix>
|
services.outline.googleAuthentication.clientIdAuthentication client identifier.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/outline.nix>
|
services.outline.googleAuthentication.clientSecretFileFile path containing the authentication secret.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/outline.nix>
|
services.outline.groupGroup under which the service should run. If this is the default value, the group will be created.
Type: string
Default: "outline"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/outline.nix>
|
services.outline.logoCustom logo displayed on the authentication screen. This will be scaled to a height of 60px.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/outline.nix>
|
services.outline.maximumImportSizeThe maximum size of document imports. Overriding this could be required if you have especially large Word documents with embedded imagery.
Type: signed integer
Default: 5120000
Declared by:
<nixpkgs/nixos/modules/services/web-apps/outline.nix>
|
services.outline.oidcAuthenticationTo configure generic OIDC auth, you'll need some kind of identity
provider. See the documentation for whichever IdP you use to fill out
all the fields. The redirect URL is
https://[publicUrl]/auth/oidc.callback.
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/outline.nix>
|
services.outline.oidcAuthentication.authUrlOIDC authentication URL endpoint.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/outline.nix>
|
services.outline.oidcAuthentication.clientIdAuthentication client identifier.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/outline.nix>
|
services.outline.oidcAuthentication.clientSecretFileFile path containing the authentication secret.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/outline.nix>
|
services.outline.oidcAuthentication.displayNameDisplay name for OIDC authentication.
Type: string
Default: "OpenID"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/outline.nix>
|
services.outline.oidcAuthentication.scopesOpenID authentication scopes.
Type: list of string
Default:
[ "openid" "profile" "email" ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/outline.nix>
|
services.outline.oidcAuthentication.tokenUrlOIDC token URL endpoint.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/outline.nix>
|
services.outline.oidcAuthentication.userinfoUrlOIDC userinfo URL endpoint.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/outline.nix>
|
services.outline.oidcAuthentication.usernameClaimSpecify which claims to derive user information from. Supports any valid JSON path with the JWT payload
Type: string
Default: "preferred_username"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/outline.nix>
|
services.outline.portListening port.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 3000
Declared by:
<nixpkgs/nixos/modules/services/web-apps/outline.nix>
|
services.outline.publicUrlThe fully qualified, publicly accessible URL
Type: string
Default: "http://localhost:3000"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/outline.nix>
|
services.outline.rateLimiter.enableWhether to enable rate limiter for the application web server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/outline.nix>
|
services.outline.rateLimiter.durationWindowLength of a throttling window.
Type: signed integer
Default: 60
Declared by:
<nixpkgs/nixos/modules/services/web-apps/outline.nix>
|
services.outline.rateLimiter.requestsMaximum number of requests in a throttling window.
Type: signed integer
Default: 5000
Declared by:
<nixpkgs/nixos/modules/services/web-apps/outline.nix>
|
services.outline.redisUrlConnection to a redis server. If this needs to include credentials
that shouldn't be world-readable in the Nix store, set an environment
file on the systemd service and override the
REDIS_URL entry. Pass the string
local to setup a local Redis database.
Type: string
Default: "local"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/outline.nix>
|
services.outline.secretKeyFileFile path that contains the application secret key. It must be 32 bytes long and hex-encoded. If the file does not exist, a new key will be generated and saved here.
Type: string
Default: "/var/lib/outline/secret_key"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/outline.nix>
|
services.outline.sentryDsnOptionally enable Sentry to track errors and performance.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/outline.nix>
|
services.outline.sentryTunnelOptionally add a Sentry proxy tunnel for bypassing ad blockers in the UI.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/outline.nix>
|
services.outline.sequelizeArgumentsOptional arguments to pass to sequelize calls.
Type: string
Default: ""
Example: "--env=production-ssl-disabled"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/outline.nix>
|
services.outline.slackAuthenticationTo configure Slack auth, you'll need to create an Application at https://api.slack.com/apps
When configuring the Client ID, add a redirect URL under "OAuth & Permissions"
to https://[publicUrl]/auth/slack.callback.
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/outline.nix>
|
services.outline.slackAuthentication.clientIdAuthentication key.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/outline.nix>
|
services.outline.slackAuthentication.secretFileFile path containing the authentication secret.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/outline.nix>
|
services.outline.slackIntegrationFor a complete Slack integration with search and posting to channels this configuration is also needed. See here for details: https://wiki.generaloutline.com/share/be25efd1-b3ef-4450-b8e5-c4a4fc11e02a
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/outline.nix>
|
services.outline.slackIntegration.appIdApplication ID.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/outline.nix>
|
services.outline.slackIntegration.messageActionsWhether to enable message actions.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/outline.nix>
|
services.outline.slackIntegration.verificationTokenFileFile path containing the verification token.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/outline.nix>
|
services.outline.smtpTo support sending outgoing transactional emails such as "document updated" or "you've been invited" you'll need to provide authentication for an SMTP server.
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/outline.nix>
|
services.outline.smtp.fromEmailSender email in outgoing mail.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/outline.nix>
|
services.outline.smtp.hostHost name or IP address of the SMTP server.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/outline.nix>
|
services.outline.smtp.passwordFileFile path containing the password to authenticate with.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/outline.nix>
|
services.outline.smtp.portTCP port of the SMTP server.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Declared by:
<nixpkgs/nixos/modules/services/web-apps/outline.nix>
|
services.outline.smtp.replyEmailReply address in outgoing mail.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/outline.nix>
|
services.outline.smtp.secureUse a secure SMTP connection.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/outline.nix>
|
services.outline.smtp.tlsCiphersOverride SMTP cipher configuration.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/outline.nix>
|
services.outline.smtp.usernameUsername to authenticate with.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/outline.nix>
|
services.outline.sslCertFileFile path that contains the Base64-encoded certificate for HTTPS termination. This is only required if you do not use an external reverse proxy. See the documentation.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/outline.nix>
|
services.outline.sslKeyFileFile path that contains the Base64-encoded private key for HTTPS termination. This is only required if you do not use an external reverse proxy. See the documentation.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/outline.nix>
|
services.outline.storageTo support uploading of images for avatars and document attachments an s3-compatible storage must be provided. AWS S3 is recommended for redundancy however if you want to keep all file storage local an alternative such as minio can be used.
A more detailed guide on setting up S3 is available here.
Type: submodule
Example:
{
accessKey = "...";
secretKeyFile = "/somewhere";
uploadBucketUrl = "https://minio.example.com";
uploadBucketName = "outline";
region = "us-east-1";
}
Declared by:
<nixpkgs/nixos/modules/services/web-apps/outline.nix>
|
services.outline.storage.accessKeyS3 access key.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/outline.nix>
|
services.outline.storage.aclACL setting.
Type: string
Default: "private"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/outline.nix>
|
services.outline.storage.forcePathStyleForce S3 path style.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/outline.nix>
|
services.outline.storage.regionAWS S3 region name.
Type: string
Default: "xx-xxxx-x"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/outline.nix>
|
services.outline.storage.secretKeyFileFile path that contains the S3 secret key.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/web-apps/outline.nix>
|
services.outline.storage.uploadBucketNameName of the bucket where uploads should be stored.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/outline.nix>
|
services.outline.storage.uploadBucketUrlURL endpoint of an S3-compatible API where uploads should be stored.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/outline.nix>
|
services.outline.storage.uploadMaxSizeMaxmium file size for uploads.
Type: signed integer
Default: 26214400
Declared by:
<nixpkgs/nixos/modules/services/web-apps/outline.nix>
|
services.outline.userUser under which the service should run. If this is the default value, the user will be created, with the specified group as the primary group.
Type: string
Default: "outline"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/outline.nix>
|
services.outline.utilsSecretFileFile path that contains the utility secret key. If the file does not exist, a new key will be generated and saved here.
Type: string
Default: "/var/lib/outline/utils_secret"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/outline.nix>
|
services.owamp.enableWhether to enable OWAMP server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/owamp.nix>
|
services.owncast.enableWhether to enable owncast.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/owncast.nix>
|
services.owncast.dataDirThe directory where owncast stores its data files. If left as the default value this directory will automatically be created before the owncast server starts, otherwise the sysadmin is responsible for ensuring the directory exists with appropriate ownership and permissions.
Type: string
Default: "/var/lib/owncast"
Declared by:
<nixpkgs/nixos/modules/services/misc/owncast.nix>
|
services.owncast.groupGroup under which owncast runs.
Type: string
Default: "owncast"
Declared by:
<nixpkgs/nixos/modules/services/misc/owncast.nix>
|
services.owncast.listenThe IP address to bind the owncast web server to.
Type: string
Default: "127.0.0.1"
Example: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/misc/owncast.nix>
|
services.owncast.openFirewallOpen the appropriate ports in the firewall for owncast.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/owncast.nix>
|
services.owncast.portTCP port where owncast web-gui listens.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8080
Declared by:
<nixpkgs/nixos/modules/services/misc/owncast.nix>
|
services.owncast.rtmp-portTCP port where owncast rtmp service listens.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 1935
Declared by:
<nixpkgs/nixos/modules/services/misc/owncast.nix>
|
services.owncast.userUser account under which owncast runs.
Type: string
Default: "owncast"
Declared by:
<nixpkgs/nixos/modules/services/misc/owncast.nix>
|
services.oxidized.enableWhether to enable the oxidized configuration backup service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/admin/oxidized.nix>
|
services.oxidized.configFilePath to the oxidized configuration file.
Type: path
Example:
pkgs.writeText "oxidized-config.yml" ''
---
debug: true
use_syslog: true
input:
default: ssh
ssh:
secure: true
interval: 3600
model_map:
dell: powerconnect
hp: procurve
source:
default: csv
csv:
delimiter: !ruby/regexp /:/
file: "/var/lib/oxidized/.config/oxidized/router.db"
map:
name: 0
model: 1
username: 2
password: 3
pid: "/var/lib/oxidized/.config/oxidized/pid"
rest: 127.0.0.1:8888
retries: 3
# ... additional config
'';
Declared by:
<nixpkgs/nixos/modules/services/admin/oxidized.nix>
|
services.oxidized.dataDirState directory for the oxidized service.
Type: path
Default: "/var/lib/oxidized"
Declared by:
<nixpkgs/nixos/modules/services/admin/oxidized.nix>
|
services.oxidized.groupGroup under which the oxidized service runs.
Type: string
Default: "oxidized"
Declared by:
<nixpkgs/nixos/modules/services/admin/oxidized.nix>
|
services.oxidized.routerDBPath to the file/database which contains the targets for oxidized.
Type: path
Example:
pkgs.writeText "oxidized-router.db" '' hostname-sw1:powerconnect:username1:password2 hostname-sw2:procurve:username2:password2 # ... additional hosts ''
Declared by:
<nixpkgs/nixos/modules/services/admin/oxidized.nix>
|
services.oxidized.userUser under which the oxidized service runs.
Type: string
Default: "oxidized"
Declared by:
<nixpkgs/nixos/modules/services/admin/oxidized.nix>
|
services.pacemaker.enableWhether to enable pacemaker.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/cluster/pacemaker/default.nix>
|
services.pacemaker.packagePackage that should be used for pacemaker.
Type: package
Default: pkgs.pacemaker
Declared by:
<nixpkgs/nixos/modules/services/cluster/pacemaker/default.nix>
|
services.pantalaimon-headless.instancesDeclarative instance config.
Note: to use pantalaimon interactively, e.g. for a Matrix client which does not
support End-to-end encryption (like fractal), refer to the home-manager module.
Type: attribute set of (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/matrix/pantalaimon.nix>
|
services.pantalaimon-headless.instances.<name>.dataPathThe directory where pantalaimon should store its state such as the database file.
Type: path
Default: "/var/lib/pantalaimon-‹name›"
Declared by:
<nixpkgs/nixos/modules/services/matrix/pantalaimon.nix>
|
services.pantalaimon-headless.instances.<name>.extraSettingsExtra configuration options. See pantalaimon(5) for available options.
Type: attribute set
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/matrix/pantalaimon.nix>
|
services.pantalaimon-headless.instances.<name>.homeserverThe URI of the homeserver that the pantalaimon proxy should
forward requests to, without the matrix API path but including
the http(s) schema.
Type: string
Example: "https://matrix.org"
Declared by:
<nixpkgs/nixos/modules/services/matrix/pantalaimon.nix>
|
services.pantalaimon-headless.instances.<name>.listenAddressThe address where the daemon will listen to client connections for this homeserver.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/matrix/pantalaimon.nix>
|
services.pantalaimon-headless.instances.<name>.listenPortThe port where the daemon will listen to client connections for this homeserver. Note that the listen address/port combination needs to be unique between different homeservers.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8009
Declared by:
<nixpkgs/nixos/modules/services/matrix/pantalaimon.nix>
|
services.pantalaimon-headless.instances.<name>.logLevelSet the log level of the daemon.
Type: one of "info", "warning", "error", "debug"
Default: "warning"
Declared by:
<nixpkgs/nixos/modules/services/matrix/pantalaimon.nix>
|
services.pantalaimon-headless.instances.<name>.sslWhether or not SSL verification should be enabled for outgoing connections to the homeserver.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/matrix/pantalaimon.nix>
|
services.pantheon.apps.enableWhether to enable Pantheon default applications.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/pantheon.nix>
|
services.pantheon.contractor.enableWhether to enable contractor, a desktop-wide extension service used by Pantheon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/pantheon.nix>
|
services.paperless.enableEnable Paperless.
When started, the Paperless database is automatically created if it doesn't exist and updated if the Paperless package has changed. Both tasks are achieved by running a Django migration.
A script to manage the Paperless instance (by wrapping Django's manage.py) is linked to
${dataDir}/paperless-manage.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/paperless.nix>
|
services.paperless.packageThe Paperless package to use.
Type: package
Default: pkgs.paperless-ngx
Declared by:
<nixpkgs/nixos/modules/services/misc/paperless.nix>
|
services.paperless.addressWeb interface address.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/misc/paperless.nix>
|
services.paperless.consumptionDirDirectory from which new documents are imported.
Type: string
Default: "${dataDir}/consume"
Declared by:
<nixpkgs/nixos/modules/services/misc/paperless.nix>
|
services.paperless.consumptionDirIsPublicWhether all users can write to the consumption dir.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/paperless.nix>
|
services.paperless.dataDirDirectory to store the Paperless data.
Type: string
Default: "/var/lib/paperless"
Declared by:
<nixpkgs/nixos/modules/services/misc/paperless.nix>
|
services.paperless.extraConfigExtra paperless config options.
See the documentation for available options.
Type: attribute set
Default: { }
Example:
{
PAPERLESS_DBHOST = "/run/postgresql";
PAPERLESS_OCR_LANGUAGE = "deu+eng";
}Declared by:
<nixpkgs/nixos/modules/services/misc/paperless.nix>
|
services.paperless.mediaDirDirectory to store the Paperless documents.
Type: string
Default: "${dataDir}/media"
Declared by:
<nixpkgs/nixos/modules/services/misc/paperless.nix>
|
services.paperless.passwordFileA file containing the superuser password.
A superuser is required to access the web interface.
If unset, you can create a superuser manually by running
${dataDir}/paperless-manage createsuperuser.
The default superuser name is admin. To change it, set
option extraConfig.PAPERLESS_ADMIN_USER.
WARNING: When changing the superuser name after the initial setup, the old superuser
will continue to exist.
To disable login for the web interface, set the following:
extraConfig.PAPERLESS_AUTO_LOGIN_USERNAME = "admin";.
WARNING: Only use this on a trusted system without internet access to Paperless.
Type: null or path
Default: null
Example: "/run/keys/paperless-password"
Declared by:
<nixpkgs/nixos/modules/services/misc/paperless.nix>
|
services.paperless.portWeb interface port.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 28981
Declared by:
<nixpkgs/nixos/modules/services/misc/paperless.nix>
|
services.paperless.userUser under which Paperless runs.
Type: string
Default: "paperless"
Declared by:
<nixpkgs/nixos/modules/services/misc/paperless.nix>
|
services.parsedmarc.enableWhether to enable parsedmarc, a DMARC report monitoring service .
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/parsedmarc.nix>
|
services.parsedmarc.provision.elasticsearchWhether to set up and use a local instance of Elasticsearch.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/parsedmarc.nix>
|
services.parsedmarc.provision.geoIpWhether to enable and configure the geoipupdate service to automatically fetch GeoIP databases. Not crucial, but recommended for full functionality.
To finish the setup, you need to manually set the services.geoipupdate.settings.AccountID and
services.geoipupdate.settings.LicenseKey
options.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/parsedmarc.nix>
|
services.parsedmarc.provision.grafana.dashboardWhether the official parsedmarc grafana dashboard should be provisioned to the local grafana instance.
Type: boolean
Default: config.services.grafana.enable
Declared by:
<nixpkgs/nixos/modules/services/monitoring/parsedmarc.nix>
|
services.parsedmarc.provision.grafana.datasourceWhether the automatically provisioned Elasticsearch
instance should be added as a grafana datasource. Has no
effect unless
services.parsedmarc.provision.elasticsearch
is also enabled.
Type: boolean
Default:
config.services.parsedmarc.provision.elasticsearch && config.services.grafana.enable
Declared by:
<nixpkgs/nixos/modules/services/monitoring/parsedmarc.nix>
|
services.parsedmarc.provision.localMail.enableWhether Postfix and Dovecot should be set up to receive
mail locally. parsedmarc will be configured to watch the
local inbox as the automatically created user specified in
services.parsedmarc.provision.localMail.recipientName
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/parsedmarc.nix>
|
services.parsedmarc.provision.localMail.hostnameThe hostname to use when configuring Postfix.
Should correspond to the host's fully qualified domain name and the domain part of the email address which receives DMARC reports. You also have to set up an MX record pointing to this domain name.
Type: string
Default: config.networking.fqdn
Example: "monitoring.example.com"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/parsedmarc.nix>
|
services.parsedmarc.provision.localMail.recipientNameThe DMARC mail recipient name, i.e. the name part of the email address which receives DMARC reports.
A local user with this name will be set up and assigned a randomized password on service start.
Type: string
Default: "dmarc"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/parsedmarc.nix>
|
services.parsedmarc.settingsConfiguration parameters to set in
parsedmarc.ini. For a full list of
available parameters, see
https://domainaware.github.io/parsedmarc/#configuration-file.
Settings containing secret data should be set to an attribute
set containing the attribute _secret - a
string pointing to a file containing the value the option
should be set to. See the example to get a better picture of
this: in the resulting parsedmarc.ini
file, the splunk_hec.token key will be set
to the contents of the
/run/keys/splunk_token file.
Type: attribute set of attribute set of (INI atom (null, bool, int, float or string))
Example:
{
imap = {
host = "imap.example.com";
user = "alice@example.com";
password = { _secret = "/run/keys/imap_password" };
watch = true;
};
splunk_hec = {
url = "https://splunkhec.example.com";
token = { _secret = "/run/keys/splunk_token" };
index = "email";
};
}
Declared by:
<nixpkgs/nixos/modules/services/monitoring/parsedmarc.nix>
|
services.parsedmarc.settings.elasticsearch.cert_pathThe path to a TLS certificate bundle used to verify the server's certificate.
Type: path
Default: "/etc/ssl/certs/ca-certificates.crt"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/parsedmarc.nix>
|
services.parsedmarc.settings.elasticsearch.hostsA list of Elasticsearch hosts to push parsed reports to.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/parsedmarc.nix>
|
services.parsedmarc.settings.elasticsearch.passwordThe password to use when connecting to Elasticsearch, if required.
Always handled as a secret whether the value is
wrapped in a { _secret = ...; }
attrset or not (refer to services.parsedmarc.settings for
details).
Type: null or path or attribute set of path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/parsedmarc.nix>
|
services.parsedmarc.settings.elasticsearch.sslWhether to use an encrypted SSL/TLS connection.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/parsedmarc.nix>
|
services.parsedmarc.settings.elasticsearch.userUsername to use when connecting to Elasticsearch, if required.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/parsedmarc.nix>
|
services.parsedmarc.settings.general.save_aggregateSave aggregate report data to Elasticsearch and/or Splunk.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/parsedmarc.nix>
|
services.parsedmarc.settings.general.save_forensicSave forensic report data to Elasticsearch and/or Splunk.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/parsedmarc.nix>
|
services.parsedmarc.settings.imap.deleteDelete messages after processing them, instead of archiving them.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/parsedmarc.nix>
|
services.parsedmarc.settings.imap.hostThe IMAP server hostname or IP address.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/parsedmarc.nix>
|
services.parsedmarc.settings.imap.passwordThe IMAP server password.
Always handled as a secret whether the value is
wrapped in a { _secret = ...; }
attrset or not (refer to services.parsedmarc.settings for
details).
Type: null or path or attribute set of path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/parsedmarc.nix>
|
services.parsedmarc.settings.imap.portThe IMAP server port.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 993
Declared by:
<nixpkgs/nixos/modules/services/monitoring/parsedmarc.nix>
|
services.parsedmarc.settings.imap.sslUse an encrypted SSL/TLS connection.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/parsedmarc.nix>
|
services.parsedmarc.settings.imap.userThe IMAP server username.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/parsedmarc.nix>
|
services.parsedmarc.settings.imap.watchUse the IMAP IDLE command to process messages as they arrive.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/parsedmarc.nix>
|
services.parsedmarc.settings.smtp.fromThe From address to use for the
outgoing mail.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/parsedmarc.nix>
|
services.parsedmarc.settings.smtp.hostThe SMTP server hostname or IP address.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/parsedmarc.nix>
|
services.parsedmarc.settings.smtp.passwordThe SMTP server password.
Always handled as a secret whether the value is
wrapped in a { _secret = ...; }
attrset or not (refer to services.parsedmarc.settings for
details).
Type: null or path or attribute set of path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/parsedmarc.nix>
|
services.parsedmarc.settings.smtp.portThe SMTP server port.
Type: null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/parsedmarc.nix>
|
services.parsedmarc.settings.smtp.sslUse an encrypted SSL/TLS connection.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/parsedmarc.nix>
|
services.parsedmarc.settings.smtp.toThe addresses to send outgoing mail to.
Type: null or (list of string)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/parsedmarc.nix>
|
services.parsedmarc.settings.smtp.userThe SMTP server username.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/parsedmarc.nix>
|
services.parsoid.enableWhether to enable Parsoid -- bidirectional wikitext parser.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/parsoid.nix>
|
services.parsoid.extraConfigExtra configuration to add to parsoid configuration.
Type: attribute set
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/misc/parsoid.nix>
|
services.parsoid.interfaceInterface to listen on.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/misc/parsoid.nix>
|
services.parsoid.portPort to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8000
Declared by:
<nixpkgs/nixos/modules/services/misc/parsoid.nix>
|
services.parsoid.wikisUsed MediaWiki API endpoints.
Type: list of (string or (attribute set))
Example:
[ "http://localhost/api.php" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/parsoid.nix>
|
services.parsoid.workersNumber of Parsoid workers.
Type: signed integer
Default: 2
Declared by:
<nixpkgs/nixos/modules/services/misc/parsoid.nix>
|
services.passSecretService.enableWhether to enable pass secret service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/security/pass-secret-service.nix>
|
services.passSecretService.packageWhich pass-secret-service package to use.
Type: package
Default: pkgs.pass-secret-service
Example: pkgs.pass-secret-service.override { python3 = pkgs.python310 }
Declared by:
<nixpkgs/nixos/modules/services/security/pass-secret-service.nix>
|
services.patroni.enableWhether to enable Patroni.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/cluster/patroni/default.nix>
|
services.patroni.dataDirFolder where Patroni data will be written, used by Raft as well if enabled.
Type: path
Default: "/var/lib/patroni"
Declared by:
<nixpkgs/nixos/modules/services/cluster/patroni/default.nix>
|
services.patroni.environmentFilesEnvironment variables made available to Patroni as files content, useful for providing secrets from files.
Type: attribute set of (null or string or path or package)
Default: { }
Example:
{
PATRONI_REPLICATION_PASSWORD = "/secret/file";
PATRONI_SUPERUSER_PASSWORD = "/secret/file";
}Declared by:
<nixpkgs/nixos/modules/services/cluster/patroni/default.nix>
|
services.patroni.groupThe group for the service. If left as the default value this group will automatically be created, otherwise the sysadmin is responsible for ensuring the group exists.
Type: string
Default: "patroni"
Example: "postgres"
Declared by:
<nixpkgs/nixos/modules/services/cluster/patroni/default.nix>
|
services.patroni.nameThe name of the host. Must be unique for the cluster.
Type: string
Example: "node1"
Declared by:
<nixpkgs/nixos/modules/services/cluster/patroni/default.nix>
|
services.patroni.namespacePath within the configuration store where Patroni will keep information about the cluster.
Type: string
Default: "/service"
Declared by:
<nixpkgs/nixos/modules/services/cluster/patroni/default.nix>
|
services.patroni.nodeIpIP address of this node.
Type: string
Example: "192.168.1.1"
Declared by:
<nixpkgs/nixos/modules/services/cluster/patroni/default.nix>
|
services.patroni.otherNodesIpsIP addresses of the other nodes.
Type: list of Concatenated string
Example:
[ "192.168.1.2" "192.168.1.3" ]
Declared by:
<nixpkgs/nixos/modules/services/cluster/patroni/default.nix>
|
services.patroni.postgresqlDataDirThe data directory for PostgreSQL. If left as the default value this directory will automatically be created before the PostgreSQL server starts, otherwise the sysadmin is responsible for ensuring the directory exists with appropriate ownership and permissions.
Type: path
Default: "/var/lib/postgresql/${config.services.patroni.postgresqlPackage.psqlSchema}"
Example: "/var/lib/postgresql/14"
Declared by:
<nixpkgs/nixos/modules/services/cluster/patroni/default.nix>
|
services.patroni.postgresqlPackagePostgreSQL package to use.
Plugins can be enabled like this pkgs.postgresql_14.withPackages (p: [ p.pg_safeupdate p.postgis ]).
Type: package
Example: pkgs.postgresql_14
Declared by:
<nixpkgs/nixos/modules/services/cluster/patroni/default.nix>
|
services.patroni.postgresqlPortThe port on which PostgreSQL listens.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 5432
Declared by:
<nixpkgs/nixos/modules/services/cluster/patroni/default.nix>
|
services.patroni.raftThis will configure Patroni to use its own RAFT implementation instead of using a dedicated DCS.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/cluster/patroni/default.nix>
|
services.patroni.raftPortThe port on which RAFT listens.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 5010
Declared by:
<nixpkgs/nixos/modules/services/cluster/patroni/default.nix>
|
services.patroni.restApiPortThe port on Patroni's REST api listens.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8008
Declared by:
<nixpkgs/nixos/modules/services/cluster/patroni/default.nix>
|
services.patroni.scopeCluster name.
Type: string
Example: "cluster1"
Declared by:
<nixpkgs/nixos/modules/services/cluster/patroni/default.nix>
|
services.patroni.settingsThe primary patroni configuration. See the documentation
for possible values.
Secrets should be passed in by using the environmentFiles option.
Type: YAML value
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/cluster/patroni/default.nix>
|
services.patroni.softwareWatchdogThis will configure Patroni to use the software watchdog built into the Linux kernel as described in the documentation.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/cluster/patroni/default.nix>
|
services.patroni.userThe user for the service. If left as the default value this user will automatically be created, otherwise the sysadmin is responsible for ensuring the user exists.
Type: string
Default: "patroni"
Example: "postgres"
Declared by:
<nixpkgs/nixos/modules/services/cluster/patroni/default.nix>
|
services.pcscd.enableWhether to enable PCSC-Lite daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/hardware/pcscd.nix>
|
services.pcscd.pluginsPlugin packages to be used for PCSC-Lite.
Type: list of package
Default: [ pkgs.ccid ]
Example: [ pkgs.pcsc-cyberjack ]
Declared by:
<nixpkgs/nixos/modules/services/hardware/pcscd.nix>
|
services.pcscd.readerConfigConfiguration for devices that aren't hotpluggable.
See reader.conf(5) for valid options.
Type: strings concatenated with "\n"
Default: ""
Example:
'' FRIENDLYNAME "Some serial reader" DEVICENAME /dev/ttyS0 LIBPATH /path/to/serial_reader.so CHANNELID 1 ''
Declared by:
<nixpkgs/nixos/modules/services/hardware/pcscd.nix>
|
services.pdns-recursor.enableWhether to enable PowerDNS Recursor, a recursive DNS server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/pdns-recursor.nix>
|
services.pdns-recursor.api.addressIP address Recursor REST API server will bind to.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/networking/pdns-recursor.nix>
|
services.pdns-recursor.api.allowFromIP address ranges of clients allowed to make API requests.
Type: list of string
Default:
[ "127.0.0.1" "::1" ]
Example:
[ "0.0.0.0/0" "::/0" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/pdns-recursor.nix>
|
services.pdns-recursor.api.portPort number Recursor REST API server will bind to.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8082
Declared by:
<nixpkgs/nixos/modules/services/networking/pdns-recursor.nix>
|
services.pdns-recursor.dns.addressIP addresses Recursor DNS server will bind to.
Type: string or list of string
Default:
[ "::" "0.0.0.0" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/pdns-recursor.nix>
|
services.pdns-recursor.dns.allowFromIP address ranges of clients allowed to make DNS queries.
Type: list of string
Default:
[ "127.0.0.0/8" "10.0.0.0/8" "100.64.0.0/10" "169.254.0.0/16" "192.168.0.0/16" "172.16.0.0/12" "::1/128" "fc00::/7" "fe80::/10" ]
Example:
[ "0.0.0.0/0" "::/0" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/pdns-recursor.nix>
|
services.pdns-recursor.dns.portPort number Recursor DNS server will bind to.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 53
Declared by:
<nixpkgs/nixos/modules/services/networking/pdns-recursor.nix>
|
services.pdns-recursor.dnssecValidationControls the level of DNSSEC processing done by the PowerDNS Recursor. See https://doc.powerdns.com/md/recursor/dnssec/ for a detailed explanation.
Type: one of "off", "process-no-validate", "process", "log-fail", "validate"
Default: "validate"
Declared by:
<nixpkgs/nixos/modules/services/networking/pdns-recursor.nix>
|
services.pdns-recursor.exportHostsWhether to export names and IP addresses defined in /etc/hosts.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/pdns-recursor.nix>
|
services.pdns-recursor.forwardZonesDNS zones to be forwarded to other authoritative servers.
Type: attribute set
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/pdns-recursor.nix>
|
services.pdns-recursor.forwardZonesRecurseDNS zones to be forwarded to other recursive servers.
Type: attribute set
Default: { }
Example:
{
eth = "[::1]:5353";
}Declared by:
<nixpkgs/nixos/modules/services/networking/pdns-recursor.nix>
|
services.pdns-recursor.luaConfigThe content Lua configuration file for PowerDNS Recursor. See https://doc.powerdns.com/recursor/lua-config/index.html.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/pdns-recursor.nix>
|
services.pdns-recursor.resolveNamecoinResolve .bit top-level domains using ncdns and namecoin.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/ncdns.nix>
|
services.pdns-recursor.serveRFC1918Whether to directly resolve the RFC1918 reverse-mapping domains:
10.in-addr.arpa,
168.192.in-addr.arpa,
16-31.172.in-addr.arpa
This saves load on the AS112 servers.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/pdns-recursor.nix>
|
services.pdns-recursor.settingsPowerDNS Recursor settings. Use this option to configure Recursor settings not exposed in a NixOS option or to bypass one. See the full documentation at https://doc.powerdns.com/recursor/settings.html for the available options.
Type: attribute set of (null or signed integer or string or boolean or path or list of (signed integer or string or boolean or path))
Default: { }
Example:
{
loglevel = 8;
log-common-errors = true;
}
Declared by:
<nixpkgs/nixos/modules/services/networking/pdns-recursor.nix>
|
services.pdnsd.enableWhether to enable pdnsd.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/pdnsd.nix>
|
services.pdnsd.cacheDirDirectory holding the pdnsd cache
Type: string
Default: "/var/cache/pdnsd"
Declared by:
<nixpkgs/nixos/modules/services/networking/pdnsd.nix>
|
services.pdnsd.extraConfigExtra configuration directives that should be added to
pdnsd.conf.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/pdnsd.nix>
|
services.pdnsd.globalConfigGlobal configuration that should be added to the global directory
of pdnsd.conf.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/pdnsd.nix>
|
services.pdnsd.serverConfigServer configuration that should be added to the server directory
of pdnsd.conf.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/pdnsd.nix>
|
services.peerflix.enableWhether to enable peerflix service.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/torrent/peerflix.nix>
|
services.peerflix.downloadDirPeerflix temporary download directory.
Type: path
Default: "${config.services.peerflix.stateDir}/torrents"
Declared by:
<nixpkgs/nixos/modules/services/torrent/peerflix.nix>
|
services.peerflix.stateDirPeerflix state directory.
Type: path
Default: "/var/lib/peerflix"
Declared by:
<nixpkgs/nixos/modules/services/torrent/peerflix.nix>
|
services.peering-manager.enableEnable Peering Manager.
This module requires a reverse proxy that serves /static separately.
See this example on how to configure this.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/peering-manager.nix>
|
services.peering-manager.enableLdapEnable LDAP-Authentication for Peering Manager.
This requires a configuration file being pass through ldapConfigPath.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/peering-manager.nix>
|
services.peering-manager.extraConfigAdditional lines of configuration appended to the configuration.py.
See the documentation for more possible options.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/peering-manager.nix>
|
services.peering-manager.ldapConfigPathPath to the Configuration-File for LDAP-Authentication, will be loaded as ldap_config.py.
See the documentation for possible options.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/web-apps/peering-manager.nix>
|
services.peering-manager.listenAddressAddress the server will listen on.
Type: string
Default: "[::1]"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/peering-manager.nix>
|
services.peering-manager.peeringdbApiKeyFilePath to a file containing the PeeringDB API key.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/peering-manager.nix>
|
services.peering-manager.pluginsList of plugin packages to install.
Type: function that evaluates to a(n) list of package
Default:
python3Packages: with python3Packages; [];
Declared by:
<nixpkgs/nixos/modules/services/web-apps/peering-manager.nix>
|
services.peering-manager.portPort the server will listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8001
Declared by:
<nixpkgs/nixos/modules/services/web-apps/peering-manager.nix>
|
services.peering-manager.secretKeyFilePath to a file containing the secret key.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/web-apps/peering-manager.nix>
|
services.peertube.enableWhether to enable Peertube.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/peertube.nix>
|
services.peertube.enableWebHttpsEnable or disable HTTPS protocol.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/peertube.nix>
|
services.peertube.packagePeertube package to use.
Type: package
Default: pkgs.peertube
Declared by:
<nixpkgs/nixos/modules/services/web-apps/peertube.nix>
|
services.peertube.configureNginxConfigure nginx as a reverse proxy for peertube.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/peertube.nix>
|
services.peertube.dataDirsAllow access to custom data locations.
Type: list of path
Default: [ ]
Example:
[ "/opt/peertube/storage" "/var/cache/peertube" ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/peertube.nix>
|
services.peertube.database.createLocallyConfigure local PostgreSQL database server for PeerTube.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/peertube.nix>
|
services.peertube.database.hostDatabase host address or unix socket.
Type: string
Default:
if config.services.peertube.database.createLocally then "/run/postgresql" else null
Example: "192.168.15.47"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/peertube.nix>
|
services.peertube.database.nameDatabase name.
Type: string
Default: "peertube"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/peertube.nix>
|
services.peertube.database.passwordFilePassword for PostgreSQL database.
Type: null or path
Default: null
Example: "/run/keys/peertube/password-posgressql-db"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/peertube.nix>
|
services.peertube.database.portDatabase host port.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 5432
Declared by:
<nixpkgs/nixos/modules/services/web-apps/peertube.nix>
|
services.peertube.database.userDatabase user.
Type: string
Default: "peertube"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/peertube.nix>
|
services.peertube.groupGroup under which Peertube runs.
Type: string
Default: "peertube"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/peertube.nix>
|
services.peertube.listenHttplisten port for HTTP server.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9000
Declared by:
<nixpkgs/nixos/modules/services/web-apps/peertube.nix>
|
services.peertube.listenWeblisten port for WEB server.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9000
Declared by:
<nixpkgs/nixos/modules/services/web-apps/peertube.nix>
|
services.peertube.localDomainThe domain serving your PeerTube instance.
Type: string
Example: "peertube.example.com"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/peertube.nix>
|
services.peertube.redis.enableUnixSocketUse Unix socket.
Type: boolean
Default: config.services.peertube.redis.createLocally
Declared by:
<nixpkgs/nixos/modules/services/web-apps/peertube.nix>
|
services.peertube.redis.createLocallyConfigure local Redis server for PeerTube.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/peertube.nix>
|
services.peertube.redis.hostRedis host.
Type: null or string
Default:
if config.services.peertube.redis.createLocally && !config.services.peertube.redis.enableUnixSocket then "127.0.0.1" else null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/peertube.nix>
|
services.peertube.redis.passwordFilePassword for redis database.
Type: null or path
Default: null
Example: "/run/keys/peertube/password-redis-db"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/peertube.nix>
|
services.peertube.redis.portRedis port.
Type: null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
if config.services.peertube.redis.createLocally && config.services.peertube.redis.enableUnixSocket then null else 6379
Declared by:
<nixpkgs/nixos/modules/services/web-apps/peertube.nix>
|
services.peertube.serviceEnvironmentFileSet environment variables for the service. Mainly useful for setting the initial root password. For example write to file: PT_INITIAL_ROOT_PASSWORD=changeme
Type: null or path
Default: null
Example: "/run/keys/peertube/password-init-root"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/peertube.nix>
|
services.peertube.settingsConfiguration for peertube.
Type: JSON value
Example:
{
listen = {
hostname = "0.0.0.0";
};
log = {
level = "debug";
};
storage = {
tmp = "/opt/data/peertube/storage/tmp/";
logs = "/opt/data/peertube/storage/logs/";
cache = "/opt/data/peertube/storage/cache/";
};
}
Declared by:
<nixpkgs/nixos/modules/services/web-apps/peertube.nix>
|
services.peertube.smtp.createLocallyConfigure local Postfix SMTP server for PeerTube.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/peertube.nix>
|
services.peertube.smtp.passwordFilePassword for smtp server.
Type: null or path
Default: null
Example: "/run/keys/peertube/password-smtp"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/peertube.nix>
|
services.peertube.userUser account under which Peertube runs.
Type: string
Default: "peertube"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/peertube.nix>
|
services.persistent-evdev.enableWhether to enable virtual input devices that persist even if the backing device is hotplugged.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/persistent-evdev.nix>
|
services.persistent-evdev.devicesA set of virtual proxy device labels with backing physical device ids.
Physical devices should already exist in /dev/input/by-id/.
Proxy devices will be automatically given a uinput- prefix.
See the project page
for example configuration of virtual devices with libvirt
and remember to add uinput-* devices to the qemu
cgroup_device_acl list (see virtualisation.libvirtd.qemu.verbatimConfig).
Type: attribute set of string
Default: { }
Example:
{
persist-mouse0 = "usb-Logitech_G403_Prodigy_Gaming_Mouse_078738533531-event-if01";
persist-mouse1 = "usb-Logitech_G403_Prodigy_Gaming_Mouse_078738533531-event-mouse";
persist-mouse2 = "usb-Logitech_G403_Prodigy_Gaming_Mouse_078738533531-if01-event-kbd";
persist-keyboard0 = "usb-Microsoft_Natural®_Ergonomic_Keyboard_4000-event-kbd";
persist-keyboard1 = "usb-Microsoft_Natural®_Ergonomic_Keyboard_4000-if01-event-kbd";
}
Declared by:
<nixpkgs/nixos/modules/services/misc/persistent-evdev.nix>
|
services.pfix-srsd.enableWhether to run the postfix sender rewriting scheme daemon.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/mail/pfix-srsd.nix>
|
services.pfix-srsd.domainThe domain for which to enable srs
Type: string
Example: "example.com"
Declared by:
<nixpkgs/nixos/modules/services/mail/pfix-srsd.nix>
|
services.pfix-srsd.secretsFileThe secret data used to encode the SRS address.
to generate, use a command like:
for n in $(seq 5); do dd if=/dev/urandom count=1 bs=1024 status=none | sha256sum | sed 's/ -$//' | sed 's/^/ /'; done
Type: path
Default: "/var/lib/pfix-srsd/secrets"
Declared by:
<nixpkgs/nixos/modules/services/mail/pfix-srsd.nix>
|
services.pgadmin.enableWhether to enable PostgreSQL Admin 4.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/admin/pgadmin.nix>
|
services.pgadmin.emailServer.enableEnable SMTP email server. This is necessary, if you want to use password recovery or change your own password
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/admin/pgadmin.nix>
|
services.pgadmin.emailServer.addressSMTP server for email delivery
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/admin/pgadmin.nix>
|
services.pgadmin.emailServer.passwordFilePassword for SMTP email account. NOTE: Should be string not a store path, to prevent the password from being world readable
Type: path
Declared by:
<nixpkgs/nixos/modules/services/admin/pgadmin.nix>
|
services.pgadmin.emailServer.portSMTP server port for email delivery
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 25
Declared by:
<nixpkgs/nixos/modules/services/admin/pgadmin.nix>
|
services.pgadmin.emailServer.senderSMTP server sender email for email delivery. Some servers require this to be a valid email address from that server
Type: string
Example: "noreply@example.com"
Declared by:
<nixpkgs/nixos/modules/services/admin/pgadmin.nix>
|
services.pgadmin.emailServer.useSSLSMTP server should use SSL
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/admin/pgadmin.nix>
|
services.pgadmin.emailServer.useTLSSMTP server should use TLS
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/admin/pgadmin.nix>
|
services.pgadmin.emailServer.usernameSMTP server username for email delivery
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/admin/pgadmin.nix>
|
services.pgadmin.initialEmailInitial email for the pgAdmin account
Type: string
Declared by:
<nixpkgs/nixos/modules/services/admin/pgadmin.nix>
|
services.pgadmin.initialPasswordFileInitial password file for the pgAdmin account. NOTE: Should be string not a store path, to prevent the password from being world readable
Type: path
Declared by:
<nixpkgs/nixos/modules/services/admin/pgadmin.nix>
|
services.pgadmin.openFirewallWhether to enable firewall passthrough for pgadmin4.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/admin/pgadmin.nix>
|
services.pgadmin.portPort for pgadmin4 to run on
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 5050
Declared by:
<nixpkgs/nixos/modules/services/admin/pgadmin.nix>
|
services.pgadmin.settingsSettings for pgadmin4. Documentation
Type: attribute set of ((attribute set of ((list of (signed integer or boolean or string)) or attribute set of (signed integer or boolean or string) or signed integer or boolean or string)) or list of ((list of (signed integer or boolean or string)) or attribute set of (signed integer or boolean or string) or signed integer or boolean or string) or (list of (signed integer or boolean or string)) or attribute set of (signed integer or boolean or string) or signed integer or boolean or string)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/admin/pgadmin.nix>
|
services.pgmanage.enableWhether to enable PostgreSQL Administration for the web.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/databases/pgmanage.nix>
|
services.pgmanage.packageThe pgmanage package to use.
Type: package
Default: pkgs.pgmanage
Declared by:
<nixpkgs/nixos/modules/services/databases/pgmanage.nix>
|
services.pgmanage.allowCustomConnectionsThis tells pgmanage whether or not to allow anyone to use a custom connection from the login screen.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/databases/pgmanage.nix>
|
services.pgmanage.connectionspgmanage requires at least one PostgreSQL server be defined.
Detailed information about PostgreSQL connection strings is available at: http://www.postgresql.org/docs/current/static/libpq-connect.html
Note that you should not specify your user name or password. That information will be entered on the login screen. If you specify a username or password, it will be removed by pgmanage before attempting to connect to a database.
Type: attribute set of string
Default: { }
Example:
{
mini-server = "hostaddr=127.0.0.1 port=5432 dbname=postgres sslmode=require";
nuc-server = "hostaddr=192.168.0.100 port=5432 dbname=postgres";
}Declared by:
<nixpkgs/nixos/modules/services/databases/pgmanage.nix>
|
services.pgmanage.localOnlyThis tells pgmanage whether or not to set the listening socket to local addresses only.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/databases/pgmanage.nix>
|
services.pgmanage.logLevelVerbosity of logs
Type: one of "error", "warn", "notice", "info"
Default: "error"
Declared by:
<nixpkgs/nixos/modules/services/databases/pgmanage.nix>
|
services.pgmanage.loginGroupThis tells pgmanage to only allow users in a certain PostgreSQL group to login to pgmanage. Note that a connection will be made to PostgreSQL in order to test if the user is a member of the login group.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/databases/pgmanage.nix>
|
services.pgmanage.loginTimeoutNumber of seconds of inactivity before user is automatically logged out.
Type: signed integer
Default: 3600
Declared by:
<nixpkgs/nixos/modules/services/databases/pgmanage.nix>
|
services.pgmanage.portThis tells pgmanage what port to listen on for browser requests.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8080
Declared by:
<nixpkgs/nixos/modules/services/databases/pgmanage.nix>
|
services.pgmanage.sqlRootThis tells pgmanage where to put the SQL file history. All tabs are saved to this location so that if you get disconnected from pgmanage you don't lose your work.
Type: string
Default: "/var/lib/pgmanage"
Declared by:
<nixpkgs/nixos/modules/services/databases/pgmanage.nix>
|
services.pgmanage.superOnlyThis tells pgmanage whether or not to only allow super users to login. The recommended value is true and will restrict users who are not super users from logging in to any PostgreSQL instance through pgmanage. Note that a connection will be made to PostgreSQL in order to test if the user is a superuser.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/databases/pgmanage.nix>
|
services.pgmanage.tlsThese options tell pgmanage where the TLS Certificate and Key files reside. If you use these options then you'll only be able to access pgmanage through a secure TLS connection. These options are only necessary if you wish to connect directly to pgmanage using a secure TLS connection. As an alternative, you can set up pgmanage in a reverse proxy configuration. This allows your web server to terminate the secure connection and pass on the request to pgmanage. You can find help to set up this configuration in: https://github.com/pgManage/pgManage/blob/master/INSTALL_NGINX.md
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/databases/pgmanage.nix>
|
services.pgmanage.tls.certTLS certificate
Type: string
Declared by:
<nixpkgs/nixos/modules/services/databases/pgmanage.nix>
|
services.pgmanage.tls.keyTLS key
Type: string
Declared by:
<nixpkgs/nixos/modules/services/databases/pgmanage.nix>
|
services.pgpkeyserver-lite.enableWhether to enable pgpkeyserver-lite on a nginx vHost proxying to a gpg keyserver.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/pgpkeyserver-lite.nix>
|
services.pgpkeyserver-lite.packageWhich webgui derivation to use.
Type: package
Default: pkgs.pgpkeyserver-lite
Declared by:
<nixpkgs/nixos/modules/services/web-apps/pgpkeyserver-lite.nix>
|
services.pgpkeyserver-lite.hkpAddressWhich IP address the sks-keyserver is listening on.
Type: string
Default: head config.services.sks.hkpAddress
Declared by:
<nixpkgs/nixos/modules/services/web-apps/pgpkeyserver-lite.nix>
|
services.pgpkeyserver-lite.hkpPortWhich port the sks-keyserver is listening on.
Type: signed integer
Default: config.services.sks.hkpPort
Declared by:
<nixpkgs/nixos/modules/services/web-apps/pgpkeyserver-lite.nix>
|
services.pgpkeyserver-lite.hostnameWhich hostname to set the vHost to that is proxying to sks.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/pgpkeyserver-lite.nix>
|
services.phpfpm.extraConfigExtra configuration that should be put in the global section of
the PHP-FPM configuration file. Do not specify the options
error_log or
daemonize here, since they are generated by
NixOS.
Type: null or strings concatenated with "\n"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-servers/phpfpm/default.nix>
|
services.phpfpm.phpOptionsOptions appended to the PHP configuration file php.ini.
Type: strings concatenated with "\n"
Default: ""
Example:
'' date.timezone = "CET" ''
Declared by:
<nixpkgs/nixos/modules/services/web-servers/phpfpm/default.nix>
|
services.phpfpm.phpPackageThe PHP package to use for running the PHP-FPM service.
Type: package
Default: pkgs.php
Declared by:
<nixpkgs/nixos/modules/services/web-servers/phpfpm/default.nix>
|
services.phpfpm.poolsPHP-FPM pools. If no pools are defined, the PHP-FPM service is disabled.
Type: attribute set of (submodule)
Default: { }
Example:
{
mypool = {
user = "php";
group = "php";
phpPackage = pkgs.php;
settings = {
"pm" = "dynamic";
"pm.max_children" = 75;
"pm.start_servers" = 10;
"pm.min_spare_servers" = 5;
"pm.max_spare_servers" = 20;
"pm.max_requests" = 500;
};
}
}Declared by:
<nixpkgs/nixos/modules/services/web-servers/phpfpm/default.nix>
|
services.phpfpm.pools.<name>.extraConfigExtra lines that go into the pool configuration.
See the documentation on php-fpm.conf for
details on configuration directives.
Type: null or strings concatenated with "\n"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-servers/phpfpm/default.nix>
|
services.phpfpm.pools.<name>.groupGroup account under which this pool runs.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-servers/phpfpm/default.nix>
|
services.phpfpm.pools.<name>.listenThe address on which to accept FastCGI requests.
Type: string
Default: ""
Example: "/path/to/unix/socket"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/phpfpm/default.nix>
|
services.phpfpm.pools.<name>.phpEnvEnvironment variables used for this PHP-FPM pool.
Type: attribute set of string
Default: { }
Example:
{
HOSTNAME = "$HOSTNAME";
TMP = "/tmp";
TMPDIR = "/tmp";
TEMP = "/tmp";
}
Declared by:
<nixpkgs/nixos/modules/services/web-servers/phpfpm/default.nix>
|
services.phpfpm.pools.<name>.phpOptions"Options appended to the PHP configuration file php.ini used for this PHP-FPM pool."
Type: strings concatenated with "\n"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/phpfpm/default.nix>
|
services.phpfpm.pools.<name>.phpPackageThe PHP package to use for running this PHP-FPM pool.
Type: package
Default: config.services.phpfpm.phpPackage
Declared by:
<nixpkgs/nixos/modules/services/web-servers/phpfpm/default.nix>
|
services.phpfpm.pools.<name>.settingsPHP-FPM pool directives. Refer to the "List of pool directives" section of
https://www.php.net/manual/en/install.fpm.configuration.php
for details. Note that settings names must be enclosed in quotes (e.g.
"pm.max_children" instead of pm.max_children).
Type: attribute set of (string or signed integer or boolean)
Default: { }
Example:
{
"pm" = "dynamic";
"pm.max_children" = 75;
"pm.start_servers" = 10;
"pm.min_spare_servers" = 5;
"pm.max_spare_servers" = 20;
"pm.max_requests" = 500;
}
Declared by:
<nixpkgs/nixos/modules/services/web-servers/phpfpm/default.nix>
|
services.phpfpm.pools.<name>.socketPath to the unix socket file on which to accept FastCGI requests.
This option is read-only and managed by NixOS.
Type: string (read only)
Example: "/run/phpfpm/<name>.sock"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/phpfpm/default.nix>
|
services.phpfpm.pools.<name>.userUser account under which this pool runs.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-servers/phpfpm/default.nix>
|
services.phpfpm.settingsPHP-FPM global directives. Refer to the "List of global php-fpm.conf directives" section of
https://www.php.net/manual/en/install.fpm.configuration.php
for details. Note that settings names must be enclosed in quotes (e.g.
"pm.max_children" instead of pm.max_children).
You need not specify the options error_log or
daemonize here, since they are generated by NixOS.
Type: attribute set of (string or signed integer or boolean)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/web-servers/phpfpm/default.nix>
|
services.phylactery.enableWhether to enable Whether to enable Phylactery server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/phylactery.nix>
|
services.phylactery.packageThe Phylactery package to use
Type: package
Default: pkgs.phylactery
Declared by:
<nixpkgs/nixos/modules/services/web-apps/phylactery.nix>
|
services.phylactery.hostListen host for Phylactery
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/phylactery.nix>
|
services.phylactery.libraryPath to CBZ library
Type: path
Declared by:
<nixpkgs/nixos/modules/services/web-apps/phylactery.nix>
|
services.phylactery.portListen port for Phylactery
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Declared by:
<nixpkgs/nixos/modules/services/web-apps/phylactery.nix>
|
services.physlock.enableWhether to enable the physlock screen locking mechanism.
Enable this and then run systemctl start physlock to securely lock the screen.
This will switch to a new virtual terminal, turn off console
switching and disable SysRq mechanism (when
services.physlock.disableSysRq is set)
until the root or user password is given.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/security/physlock.nix>
|
services.physlock.allowAnyUserWhether to allow any user to lock the screen. This will install a setuid wrapper to allow any user to start physlock as root, which is a minor security risk. Call the physlock binary to use this instead of using the systemd service.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/security/physlock.nix>
|
services.physlock.disableSysRqWhether to disable SysRq when locked with physlock.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/security/physlock.nix>
|
services.physlock.lockMessageMessage to show on physlock login terminal.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/security/physlock.nix>
|
services.physlock.lockOn.extraTargetsOther targets to lock the screen just before.
Useful if you want to e.g. both autologin to X11 so that
your ~/.xsession gets executed and
still to have the screen locked so that the system can be
booted relatively unattended.
Type: list of string
Default: [ ]
Example:
[ "display-manager.service" ]
Declared by:
<nixpkgs/nixos/modules/services/security/physlock.nix>
|
services.physlock.lockOn.hibernateWhether to lock screen with physlock just before hibernate.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/security/physlock.nix>
|
services.physlock.lockOn.suspendWhether to lock screen with physlock just before suspend.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/security/physlock.nix>
|
services.physlock.muteKernelMessagesDisable kernel messages on console while physlock is running.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/security/physlock.nix>
|
services.picom.enableWhether or not to enable Picom as the X.org composite manager.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/picom.nix>
|
services.picom.activeOpacityOpacity of active windows.
Type: integer or floating point number between 0 and 1 (both inclusive)
Default: 1.0
Example: 0.8
Declared by:
<nixpkgs/nixos/modules/services/x11/picom.nix>
|
services.picom.backendBackend to use: egl, glx, xrender or xr_glx_hybrid.
Type: one of "egl", "glx", "xrender", "xr_glx_hybrid"
Default: "xrender"
Declared by:
<nixpkgs/nixos/modules/services/x11/picom.nix>
|
services.picom.fadeFade windows in and out.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/picom.nix>
|
services.picom.fadeDeltaTime between fade animation step (in ms).
Type: positive integer, meaning >0
Default: 10
Example: 5
Declared by:
<nixpkgs/nixos/modules/services/x11/picom.nix>
|
services.picom.fadeExcludeList of conditions of windows that should not be faded.
See picom(1) man page for more examples.
Type: list of string
Default: [ ]
Example:
[ "window_type *= 'menu'" "name ~= 'Firefox$'" "focused = 1" ]
Declared by:
<nixpkgs/nixos/modules/services/x11/picom.nix>
|
services.picom.fadeStepsOpacity change between fade steps (in and out).
Type: pair of integer or floating point number between 0.01 and 1 (both inclusive)
Default:
[ 0.028 0.03 ]
Example:
[ 0.04 0.04 ]
Declared by:
<nixpkgs/nixos/modules/services/x11/picom.nix>
|
services.picom.inactiveOpacityOpacity of inactive windows.
Type: integer or floating point number between 0.1 and 1 (both inclusive)
Default: 1.0
Example: 0.8
Declared by:
<nixpkgs/nixos/modules/services/x11/picom.nix>
|
services.picom.menuOpacityOpacity of dropdown and popup menu.
Type: integer or floating point number between 0 and 1 (both inclusive)
Default: 1.0
Example: 0.8
Declared by:
<nixpkgs/nixos/modules/services/x11/picom.nix>
|
services.picom.opacityRulesRules that control the opacity of windows, in format PERCENT:PATTERN.
Type: list of string
Default: [ ]
Example:
[ "95:class_g = 'URxvt' && !_NET_WM_STATE@:32a" "0:_NET_WM_STATE@:32a *= '_NET_WM_STATE_HIDDEN'" ]
Declared by:
<nixpkgs/nixos/modules/services/x11/picom.nix>
|
services.picom.settingsPicom settings. Use this option to configure Picom settings not exposed
in a NixOS option or to bypass one. For the available options see the
CONFIGURATION FILES section at picom(1).
Type: libconfig configuration. The format consists of an attributes set (called a group) of settings. Each setting can be a scalar type (boolean, integer, floating point number or string), a list of scalars or a group itself
Default: { }
Example:
blur =
{ method = "gaussian";
size = 10;
deviation = 5.0;
};
Declared by:
<nixpkgs/nixos/modules/services/x11/picom.nix>
|
services.picom.shadowDraw window shadows.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/picom.nix>
|
services.picom.shadowExcludeList of conditions of windows that should have no shadow.
See picom(1) man page for more examples.
Type: list of string
Default: [ ]
Example:
[ "window_type *= 'menu'" "name ~= 'Firefox$'" "focused = 1" ]
Declared by:
<nixpkgs/nixos/modules/services/x11/picom.nix>
|
services.picom.shadowOffsetsLeft and right offset for shadows (in pixels).
Type: pair of signed integer
Default:
[ -15 -15 ]
Example:
[ -10 -15 ]
Declared by:
<nixpkgs/nixos/modules/services/x11/picom.nix>
|
services.picom.shadowOpacityWindow shadows opacity.
Type: integer or floating point number between 0 and 1 (both inclusive)
Default: 0.75
Example: 0.8
Declared by:
<nixpkgs/nixos/modules/services/x11/picom.nix>
|
services.picom.vSyncEnable vertical synchronization. Chooses the best method (drm, opengl, opengl-oml, opengl-swc, opengl-mswc) automatically. The bool value should be used, the others are just for backwards compatibility.
Type: boolean or one of "none", "drm", "opengl", "opengl-oml", "opengl-swc", "opengl-mswc"
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/picom.nix>
|
services.picom.wintypesRules for specific window types.
Type: attribute set
Default:
{
popup_menu = { opacity = config.services.picom.menuOpacity; };
dropdown_menu = { opacity = config.services.picom.menuOpacity; };
}
Example: { }
Declared by:
<nixpkgs/nixos/modules/services/x11/picom.nix>
|
services.pict-rs.enableWhether to enable pict-rs server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/pict-rs.nix>
|
services.pict-rs.addressThe IPv4 address to deploy the service to.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/pict-rs.nix>
|
services.pict-rs.dataDirThe directory where to store the uploaded images.
Type: path
Default: "/var/lib/pict-rs"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/pict-rs.nix>
|
services.pict-rs.portThe port which to bind the service to.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8080
Declared by:
<nixpkgs/nixos/modules/services/web-apps/pict-rs.nix>
|
services.pinnwand.enableWhether to enable Pinnwand.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/pinnwand.nix>
|
services.pinnwand.portThe port to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8000
Declared by:
<nixpkgs/nixos/modules/services/misc/pinnwand.nix>
|
services.pinnwand.settingsYour pinnwand.toml as a Nix attribute set. Look up
possible options in the documentation.
Type: TOML value
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/misc/pinnwand.nix>
|
services.pinnwand.settings.database_uriDatabase URI compatible with [SQLAlchemyhttps://docs.sqlalchemy.org/en/14/core/engines.html#database-urls].
Additional packages may need to be introduced into the environment for certain databases.
Type: string
Default: "sqlite:////var/lib/pinnwand/pinnwand.db"
Example: "sqlite:///:memory"
Declared by:
<nixpkgs/nixos/modules/services/misc/pinnwand.nix>
|
services.pinnwand.settings.footerThe footer in raw HTML.
Type: string
Default:
'' View <a href="//github.com/supakeen/pinnwand" target="_BLANK">source code</a>, the <a href="/removal">removal</a> or <a href="/expiry">expiry</a> stories, or read the <a href="/about">about</a> page. ''
Declared by:
<nixpkgs/nixos/modules/services/misc/pinnwand.nix>
|
services.pinnwand.settings.paste_helpRaw HTML help text shown in the header area.
Type: string
Default:
'' <p>Welcome to pinnwand, this site is a pastebin. It allows you to share code with others. If you write code in the text area below and press the paste button you will be given a link you can share with others so they can view your code as well.</p><p>People with the link can view your pasted code, only you can remove your paste and it expires automatically. Note that anyone could guess the URI to your paste so don't rely on it being private.</p> ''
Declared by:
<nixpkgs/nixos/modules/services/misc/pinnwand.nix>
|
services.pinnwand.settings.paste_sizeMaximum size of a paste in bytes.
Type: positive integer, meaning >0
Default: 262144
Example: 524288
Declared by:
<nixpkgs/nixos/modules/services/misc/pinnwand.nix>
|
services.pipewire.enableWhether to enable pipewire service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/desktops/pipewire/pipewire.nix>
|
services.pipewire.packageThe pipewire derivation to use.
Type: package
Default: pkgs.pipewire
Declared by:
<nixpkgs/nixos/modules/services/desktops/pipewire/pipewire.nix>
|
services.pipewire.alsa.enableWhether to enable ALSA support.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/desktops/pipewire/pipewire.nix>
|
services.pipewire.alsa.support32BitWhether to enable 32-bit ALSA support on 64-bit systems.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/desktops/pipewire/pipewire.nix>
|
services.pipewire.audio.enableWhether to use PipeWire as the primary sound server
Type: boolean
Default: config.services.pipewire.alsa.enable || config.services.pipewire.jack.enable || config.services.pipewire.pulse.enable
Declared by:
<nixpkgs/nixos/modules/services/desktops/pipewire/pipewire.nix>
|
services.pipewire.config.clientConfiguration for pipewire clients. For details see https://gitlab.freedesktop.org/pipewire/pipewire/-/blob/0.3.63/src/daemon/client.conf.in
Type: JSON value
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/desktops/pipewire/pipewire.nix>
|
services.pipewire.config.client-rtConfiguration for realtime pipewire clients. For details see https://gitlab.freedesktop.org/pipewire/pipewire/-/blob/0.3.63/src/daemon/client-rt.conf.in
Type: JSON value
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/desktops/pipewire/pipewire.nix>
|
services.pipewire.config.jackConfiguration for the pipewire daemon's jack module. For details see https://gitlab.freedesktop.org/pipewire/pipewire/-/blob/0.3.63/src/daemon/jack.conf.in
Type: JSON value
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/desktops/pipewire/pipewire.nix>
|
services.pipewire.config.pipewireConfiguration for the pipewire daemon. For details see https://gitlab.freedesktop.org/pipewire/pipewire/-/blob/0.3.63/src/daemon/pipewire.conf.in
Type: JSON value
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/desktops/pipewire/pipewire.nix>
|
services.pipewire.config.pipewire-pulseConfiguration for the pipewire-pulse daemon. For details see https://gitlab.freedesktop.org/pipewire/pipewire/-/blob/0.3.63/src/daemon/pipewire-pulse.conf.in
Type: JSON value
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/desktops/pipewire/pipewire.nix>
|
services.pipewire.jack.enableWhether to enable JACK audio emulation.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/desktops/pipewire/pipewire.nix>
|
services.pipewire.media-session.enableWhether to enable the deprecated example Pipewire session manager
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/desktops/pipewire/pipewire-media-session.nix>
|
services.pipewire.media-session.packageThe pipewire-media-session derivation to use.
Type: package
Default: pkgs.pipewire-media-session
Declared by:
<nixpkgs/nixos/modules/services/desktops/pipewire/pipewire-media-session.nix>
|
services.pipewire.media-session.config.alsa-monitorConfiguration for the alsa monitor. For details see https://gitlab.freedesktop.org/pipewire/media-session/-/blob/0.4.1/src/daemon/media-session.d/alsa-monitor.conf
Type: JSON value
Default:
{
properties = { };
rules = [
{
actions = {
update-props = {
"api.acp.auto-port" = false;
"api.acp.auto-profile" = false;
"api.alsa.use-acp" = true;
};
};
matches = [
{
"device.name" = "~alsa_card.*";
}
];
}
{
actions = {
update-props = {
"node.pause-on-idle" = false;
};
};
matches = [
{
"node.name" = "~alsa_input.*";
}
{
"node.name" = "~alsa_output.*";
}
];
}
];
}Declared by:
<nixpkgs/nixos/modules/services/desktops/pipewire/pipewire-media-session.nix>
|
services.pipewire.media-session.config.bluez-monitorConfiguration for the bluez5 monitor. For details see https://gitlab.freedesktop.org/pipewire/media-session/-/blob/0.4.1/src/daemon/media-session.d/bluez-monitor.conf
Type: JSON value
Default:
{
properties = { };
rules = [
{
actions = {
update-props = {
"bluez5.auto-connect" = [
"hfp_hf"
"hsp_hs"
"a2dp_sink"
];
};
};
matches = [
{
"device.name" = "~bluez_card.*";
}
];
}
{
actions = {
update-props = {
"node.pause-on-idle" = false;
};
};
matches = [
{
"node.name" = "~bluez_input.*";
}
{
"node.name" = "~bluez_output.*";
}
];
}
];
}Declared by:
<nixpkgs/nixos/modules/services/desktops/pipewire/pipewire-media-session.nix>
|
services.pipewire.media-session.config.media-sessionConfiguration for the media session core. For details see https://gitlab.freedesktop.org/pipewire/media-session/-/blob/0.4.1/src/daemon/media-session.d/media-session.conf
Type: JSON value
Default:
{
"context.modules" = [
{
args = { };
flags = [
"ifexists"
"nofail"
];
name = "libpipewire-module-rtkit";
}
{
name = "libpipewire-module-protocol-native";
}
{
name = "libpipewire-module-client-node";
}
{
name = "libpipewire-module-client-device";
}
{
name = "libpipewire-module-adapter";
}
{
name = "libpipewire-module-metadata";
}
{
name = "libpipewire-module-session-manager";
}
];
"context.properties" = { };
"context.spa-libs" = {
"api.alsa.*" = "alsa/libspa-alsa";
"api.bluez5.*" = "bluez5/libspa-bluez5";
"api.libcamera.*" = "libcamera/libspa-libcamera";
"api.v4l2.*" = "v4l2/libspa-v4l2";
};
"session.modules" = {
default = [
"flatpak"
"portal"
"v4l2"
"suspend-node"
"policy-node"
];
with-alsa = [
"with-audio"
];
with-audio = [
"metadata"
"default-nodes"
"default-profile"
"default-routes"
"alsa-seq"
"alsa-monitor"
];
with-jack = [
"with-audio"
];
with-pulseaudio = [
"with-audio"
"bluez5"
"bluez5-autoswitch"
"logind"
"restore-stream"
"streams-follow-default"
];
};
}Declared by:
<nixpkgs/nixos/modules/services/desktops/pipewire/pipewire-media-session.nix>
|
services.pipewire.media-session.config.v4l2-monitorConfiguration for the V4L2 monitor. For details see https://gitlab.freedesktop.org/pipewire/media-session/-/blob/0.4.1/src/daemon/media-session.d/v4l2-monitor.conf
Type: JSON value
Default:
{
properties = { };
rules = [
{
actions = {
update-props = { };
};
matches = [
{
"device.name" = "~v4l2_device.*";
}
];
}
{
actions = {
update-props = {
"node.pause-on-idle" = false;
};
};
matches = [
{
"node.name" = "~v4l2_input.*";
}
{
"node.name" = "~v4l2_output.*";
}
];
}
];
}Declared by:
<nixpkgs/nixos/modules/services/desktops/pipewire/pipewire-media-session.nix>
|
services.pipewire.pulse.enableWhether to enable PulseAudio server emulation.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/desktops/pipewire/pipewire.nix>
|
services.pipewire.socketActivationAutomatically run pipewire when connections are made to the pipewire socket.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/desktops/pipewire/pipewire.nix>
|
services.pipewire.systemWideIf true, a system-wide PipeWire service and socket is enabled allowing all users in the "pipewire" group to use it simultaneously. If false, then user units are used instead, restricting access to only one user.
Enabling system-wide PipeWire is however not recommended and disabled by default according to https://github.com/PipeWire/pipewire/blob/master/NEWS
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/desktops/pipewire/pipewire.nix>
|
services.pipewire.wireplumber.enableWhether to enable Wireplumber, a modular session / policy manager for PipeWire
Type: boolean
Default: config.services.pipewire.enable
Declared by:
<nixpkgs/nixos/modules/services/desktops/pipewire/wireplumber.nix>
|
services.pipewire.wireplumber.packageThe wireplumber derivation to use.
Type: package
Default: pkgs.wireplumber
Declared by:
<nixpkgs/nixos/modules/services/desktops/pipewire/wireplumber.nix>
|
services.pixiecore.enableWhether to enable Pixiecore.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/pixiecore.nix>
|
services.pixiecore.apiServerhost:port to connect to the API. Ignored unless mode is set to 'api'
Type: string
Example: "localhost:8080"
Declared by:
<nixpkgs/nixos/modules/services/networking/pixiecore.nix>
|
services.pixiecore.cmdLineKernel commandline arguments. Ignored unless mode is set to 'boot'
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/pixiecore.nix>
|
services.pixiecore.debugLog more things that aren't directly related to booting a recognized client
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/pixiecore.nix>
|
services.pixiecore.dhcpNoBindHandle DHCP traffic without binding to the DHCP server port
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/pixiecore.nix>
|
services.pixiecore.extraArgumentsAdditional command line arguments to pass to Pixiecore
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/pixiecore.nix>
|
services.pixiecore.initrdInitrd path. Ignored unless mode is set to 'boot'
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/pixiecore.nix>
|
services.pixiecore.kernelKernel path. Ignored unless mode is set to 'boot'
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/pixiecore.nix>
|
services.pixiecore.listenIPv4 address to listen on
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/networking/pixiecore.nix>
|
services.pixiecore.modeWhich mode to use
Type: one of "api", "boot"
Default: "boot"
Declared by:
<nixpkgs/nixos/modules/services/networking/pixiecore.nix>
|
services.pixiecore.openFirewallOpen ports (67, 69 UDP and 4011, 'port', 'statusPort' TCP) in the firewall for Pixiecore.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/pixiecore.nix>
|
services.pixiecore.portPort to listen on for HTTP
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 80
Declared by:
<nixpkgs/nixos/modules/services/networking/pixiecore.nix>
|
services.pixiecore.statusPortHTTP port for status information (can be the same as --port)
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 80
Declared by:
<nixpkgs/nixos/modules/services/networking/pixiecore.nix>
|
services.plantuml-server.enableWhether to enable PlantUML server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/plantuml-server.nix>
|
services.plantuml-server.packagePlantUML server package to use
Type: package
Default: pkgs.plantuml-server
Declared by:
<nixpkgs/nixos/modules/services/web-apps/plantuml-server.nix>
|
services.plantuml-server.packages.jdkJDK package to use for the server
Type: package
Default: pkgs.jdk
Declared by:
<nixpkgs/nixos/modules/services/web-apps/plantuml-server.nix>
|
services.plantuml-server.packages.jettyJetty package to use for the server
Type: package
Default: pkgs.jetty
Declared by:
<nixpkgs/nixos/modules/services/web-apps/plantuml-server.nix>
|
services.plantuml-server.allowPlantumlIncludeEnables !include processing which can read files from the server into diagrams. Files are read relative to the current working directory.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/plantuml-server.nix>
|
services.plantuml-server.graphvizPackagePackage containing the dot executable.
Type: package
Default: pkgs.graphviz
Declared by:
<nixpkgs/nixos/modules/services/web-apps/plantuml-server.nix>
|
services.plantuml-server.groupGroup which runs PlantUML server.
Type: string
Default: "plantuml"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/plantuml-server.nix>
|
services.plantuml-server.homeHome directory of the PlantUML server instance.
Type: string
Default: "/var/lib/plantuml"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/plantuml-server.nix>
|
services.plantuml-server.httpAuthorizationWhen calling the proxy endpoint, the value of HTTP_AUTHORIZATION will be used to set the HTTP Authorization header.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/plantuml-server.nix>
|
services.plantuml-server.listenHostHost to listen on.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/plantuml-server.nix>
|
services.plantuml-server.listenPortPort to listen on.
Type: signed integer
Default: 8080
Declared by:
<nixpkgs/nixos/modules/services/web-apps/plantuml-server.nix>
|
services.plantuml-server.plantumlLimitSizeLimits image width and height.
Type: signed integer
Default: 4096
Declared by:
<nixpkgs/nixos/modules/services/web-apps/plantuml-server.nix>
|
services.plantuml-server.plantumlStatsSet it to on to enable statistics report (https://plantuml.com/statistics-report).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/plantuml-server.nix>
|
services.plantuml-server.userUser which runs PlantUML server.
Type: string
Default: "plantuml"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/plantuml-server.nix>
|
services.plausible.enableWhether to enable plausible.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/plausible.nix>
|
services.plausible.adminUser.activateWhether to enable activating the freshly created admin-user.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/plausible.nix>
|
services.plausible.adminUser.emailEmail-address of the admin-user.
Type: string
Example: "admin@localhost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/plausible.nix>
|
services.plausible.adminUser.nameName of the admin user that plausible will created on initial startup.
Type: string
Default: "admin"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/plausible.nix>
|
services.plausible.adminUser.passwordFilePath to the file which contains the password of the admin user.
Type: string or path
Declared by:
<nixpkgs/nixos/modules/services/web-apps/plausible.nix>
|
services.plausible.database.clickhouse.setupWhether to enable creating a clickhouse instance.
Type: boolean
Default: true
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/plausible.nix>
|
services.plausible.database.clickhouse.urlThe URL to be used to connect to clickhouse.
Type: string
Default: "http://localhost:8123/default"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/plausible.nix>
|
services.plausible.database.postgres.dbnameName of the database to use.
Type: string
Default: "plausible"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/plausible.nix>
|
services.plausible.database.postgres.setupWhether to enable creating a postgresql instance.
Type: boolean
Default: true
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/plausible.nix>
|
services.plausible.database.postgres.socketPath to the UNIX domain-socket to communicate with postgres.
Type: string
Default: "/run/postgresql"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/plausible.nix>
|
services.plausible.mail.emailThe email id to use for as from address of all communications from Plausible.
Type: string
Default: "hello@plausible.local"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/plausible.nix>
|
services.plausible.mail.smtp.enableSSLWhether to enable SSL when connecting to the SMTP server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/plausible.nix>
|
services.plausible.mail.smtp.hostAddrThe host address of your smtp server.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/plausible.nix>
|
services.plausible.mail.smtp.hostPortThe port of your smtp server.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 25
Declared by:
<nixpkgs/nixos/modules/services/web-apps/plausible.nix>
|
services.plausible.mail.smtp.passwordFileThe path to the file with the password in case SMTP auth is enabled.
Type: null or string or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/plausible.nix>
|
services.plausible.mail.smtp.retriesNumber of retries to make until mailer gives up.
Type: unsigned integer, meaning >=0
Default: 2
Declared by:
<nixpkgs/nixos/modules/services/web-apps/plausible.nix>
|
services.plausible.mail.smtp.userThe username/email in case SMTP auth is enabled.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/plausible.nix>
|
services.plausible.releaseCookiePathThe path to the file with release cookie. (used for remote connection to the running node).
Type: string or path
Declared by:
<nixpkgs/nixos/modules/services/web-apps/plausible.nix>
|
services.plausible.server.baseUrlPublic URL where plausible is available.
Note that /path components are currently ignored:
https://github.com/plausible/analytics/issues/1182
.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/plausible.nix>
|
services.plausible.server.disableRegistrationWhether to prohibit creating an account in plausible's UI.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/plausible.nix>
|
services.plausible.server.portPort where the service should be available.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8000
Declared by:
<nixpkgs/nixos/modules/services/web-apps/plausible.nix>
|
services.plausible.server.secretKeybaseFilePath to the secret used by the phoenix-framework. Instructions
how to generate one are documented in the
framework docs.
Type: path or string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/plausible.nix>
|
services.pleroma.enableWhether to enable pleroma.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/pleroma.nix>
|
services.pleroma.packagePleroma package to use.
Type: package
Default: pkgs.pleroma
Declared by:
<nixpkgs/nixos/modules/services/networking/pleroma.nix>
|
services.pleroma.configsPleroma public configuration.
This list gets appended from left to right into /etc/pleroma/config.exs. Elixir evaluates its configuration imperatively, meaning you can override a setting by appending a new str to this NixOS option list.
DO NOT STORE ANY PLEROMA SECRET HERE, use services.pleroma.secretConfigFile instead.
This setting is going to be stored in a file part of the Nix store. The Nix store being world-readable, it's not the right place to store any secret
Have a look to Pleroma section in the NixOS manual for more information.
Type: list of string
Declared by:
<nixpkgs/nixos/modules/services/networking/pleroma.nix>
|
services.pleroma.groupGroup account under which pleroma runs.
Type: string
Default: "pleroma"
Declared by:
<nixpkgs/nixos/modules/services/networking/pleroma.nix>
|
services.pleroma.secretConfigFilePath to the file containing your secret pleroma configuration.
DO NOT POINT THIS OPTION TO THE NIX STORE, the store being world-readable, it'll compromise all your secrets.
Type: string
Default: "/var/lib/pleroma/secrets.exs"
Declared by:
<nixpkgs/nixos/modules/services/networking/pleroma.nix>
|
services.pleroma.stateDirDirectory where the pleroma service will save the uploads and static files.
Type: string (read only)
Default: "/var/lib/pleroma"
Declared by:
<nixpkgs/nixos/modules/services/networking/pleroma.nix>
|
services.pleroma.userUser account under which pleroma runs.
Type: string
Default: "pleroma"
Declared by:
<nixpkgs/nixos/modules/services/networking/pleroma.nix>
|
services.plex.enableWhether to enable Plex Media Server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/plex.nix>
|
services.plex.packageThe Plex package to use. Plex subscribers may wish to use their own package here, pointing to subscriber-only server versions.
Type: package
Default: pkgs.plex
Declared by:
<nixpkgs/nixos/modules/services/misc/plex.nix>
|
services.plex.dataDirThe directory where Plex stores its data files.
Type: string
Default: "/var/lib/plex"
Declared by:
<nixpkgs/nixos/modules/services/misc/plex.nix>
|
services.plex.extraPluginsA list of paths to extra plugin bundles to install in Plex's plugin directory. Every time the systemd unit for Plex starts up, all of the symlinks in Plex's plugin directory will be cleared and this module will symlink all of the paths specified here to that directory.
Type: list of path
Default: [ ]
Example:
[
(builtins.path {
name = "Audnexus.bundle";
path = pkgs.fetchFromGitHub {
owner = "djdembeck";
repo = "Audnexus.bundle";
rev = "v0.2.8";
sha256 = "sha256-IWOSz3vYL7zhdHan468xNc6C/eQ2C2BukQlaJNLXh7E=";
};
})
]
Declared by:
<nixpkgs/nixos/modules/services/misc/plex.nix>
|
services.plex.extraScannersA list of paths to extra scanners to install in Plex's scanners directory.
Every time the systemd unit for Plex starts up, all of the symlinks in Plex's scanners directory will be cleared and this module will symlink all of the paths specified here to that directory.
Type: list of path
Default: [ ]
Example:
[
(fetchFromGitHub {
owner = "ZeroQI";
repo = "Absolute-Series-Scanner";
rev = "773a39f502a1204b0b0255903cee4ed02c46fde0";
sha256 = "4l+vpiDdC8L/EeJowUgYyB3JPNTZ1sauN8liFAcK+PY=";
})
]
Declared by:
<nixpkgs/nixos/modules/services/misc/plex.nix>
|
services.plex.groupGroup under which Plex runs.
Type: string
Default: "plex"
Declared by:
<nixpkgs/nixos/modules/services/misc/plex.nix>
|
services.plex.openFirewallOpen ports in the firewall for the media server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/plex.nix>
|
services.plex.userUser account under which Plex runs.
Type: string
Default: "plex"
Declared by:
<nixpkgs/nixos/modules/services/misc/plex.nix>
|
services.plikd.enableWhether to enable the plikd server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/plikd.nix>
|
services.plikd.openFirewallOpen ports in the firewall for the plikd.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/plikd.nix>
|
services.plikd.settingsConfiguration for plikd, see https://github.com/root-gg/plik/blob/master/server/plikd.cfg for supported values.
Type: TOML value
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/misc/plikd.nix>
|
services.podgrab.enableWhether to enable Podgrab, a self-hosted podcast manager.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/podgrab.nix>
|
services.podgrab.passwordFileThe path to a file containing the PASSWORD environment variable definition for Podgrab's authentication.
Type: null or string
Default: null
Example: "/run/secrets/password.env"
Declared by:
<nixpkgs/nixos/modules/services/misc/podgrab.nix>
|
services.podgrab.portThe port on which Podgrab will listen for incoming HTTP traffic.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8080
Example: 4242
Declared by:
<nixpkgs/nixos/modules/services/misc/podgrab.nix>
|
services.polaris.enableWhether to enable Polaris Music Server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/polaris.nix>
|
services.polaris.packageThe polaris package to use.
Type: package
Default: pkgs.polaris
Declared by:
<nixpkgs/nixos/modules/services/misc/polaris.nix>
|
services.polaris.extraGroupsPolaris' auxiliary groups.
Type: list of string
Default: [ ]
Example: ["media" "music"]
Declared by:
<nixpkgs/nixos/modules/services/misc/polaris.nix>
|
services.polaris.groupGroup under which Polaris is run.
Type: string
Default: "polaris"
Declared by:
<nixpkgs/nixos/modules/services/misc/polaris.nix>
|
services.polaris.openFirewallOpen the configured port in the firewall.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/polaris.nix>
|
services.polaris.portThe port which the Polaris REST api and web UI should listen to. Note: polaris is hardcoded to listen to the hostname "0.0.0.0".
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 5050
Declared by:
<nixpkgs/nixos/modules/services/misc/polaris.nix>
|
services.polaris.settingsContents for the TOML Polaris config, applied each start. Although poorly documented, an example may be found here: test-config.toml
Type: TOML value
Default: { }
Example:
{
settings.reindex_every_n_seconds = 7*24*60*60; # weekly, default is 1800
settings.album_art_pattern =
"(cover|front|folder)\.(jpeg|jpg|png|bmp|gif)";
mount_dirs = [
{
name = "NAS";
source = "/mnt/nas/music";
}
{
name = "Local";
source = "/home/my_user/Music";
}
];
}
Declared by:
<nixpkgs/nixos/modules/services/misc/polaris.nix>
|
services.polaris.userUser account under which Polaris runs.
Type: string
Default: "polaris"
Declared by:
<nixpkgs/nixos/modules/services/misc/polaris.nix>
|
services.polipo.enableWhether to enable polipo caching web proxy.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/polipo.nix>
|
services.polipo.allowedClientsList of IP addresses or network addresses that may connect to Polipo.
Type: list of string
Default:
[ "127.0.0.1" "::1" ]
Example:
[ "127.0.0.1" "::1" "134.157.168.0/24" "2001:660:116::/48" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/polipo.nix>
|
services.polipo.extraConfigPolio configuration. Contents will be added verbatim to the configuration file.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/polipo.nix>
|
services.polipo.parentProxyHostname and port number of an HTTP parent proxy; it should have the form ‘host:port’.
Type: string
Default: ""
Example: "localhost:8124"
Declared by:
<nixpkgs/nixos/modules/services/networking/polipo.nix>
|
services.polipo.proxyAddressIP address on which Polipo will listen.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/polipo.nix>
|
services.polipo.proxyPortTCP port on which Polipo will listen.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8123
Declared by:
<nixpkgs/nixos/modules/services/networking/polipo.nix>
|
services.polipo.socksParentProxyHostname and port number of an SOCKS parent proxy; it should have the form ‘host:port’.
Type: string
Default: ""
Example: "localhost:9050"
Declared by:
<nixpkgs/nixos/modules/services/networking/polipo.nix>
|
services.pomerium.enableWhether to enable the Pomerium authenticating reverse proxy.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-servers/pomerium.nix>
|
services.pomerium.configFilePath to Pomerium config YAML. If set, overrides services.pomerium.settings.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-servers/pomerium.nix>
|
services.pomerium.secretsFilePath to file containing secrets for Pomerium, in systemd EnvironmentFile format. See the systemd.exec(5) man page.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-servers/pomerium.nix>
|
services.pomerium.settingsThe contents of Pomerium's config.yaml, in Nix expressions.
Specifying configFile will override this in its entirety.
See the Pomerium configuration reference for more information about what to put here.
Type: YAML value
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/web-servers/pomerium.nix>
|
services.pomerium.useACMEHostIf set, use a NixOS-generated ACME certificate with the specified name.
Note that this will require you to use a non-HTTP-based challenge, or disable Pomerium's in-built HTTP redirect server by setting http_redirect_addr to null and use a different HTTP server for serving the challenge response.
If you're using an HTTP-based challenge, you should use the Pomerium-native autocert option instead.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-servers/pomerium.nix>
|
services.portunus.enableWhether to enable Portunus, a self-contained user/group management and authentication service for LDAP.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/portunus.nix>
|
services.portunus.packageThe Portunus package to use.
Type: package
Default: pkgs.portunus
Declared by:
<nixpkgs/nixos/modules/services/misc/portunus.nix>
|
services.portunus.dex.enableWhether to enable Dex ldap connector.
To activate dex, first a search user must be created in the Portunus web ui
and then the password must to be set as the DEX_SEARCH_USER_PASSWORD environment variable
in the services.dex.environmentFile setting.
.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/portunus.nix>
|
services.portunus.dex.oidcClientsList of OIDC clients.
The OIDC secret must be set as the DEX_CLIENT_${id} environment variable
in the services.dex.environmentFile setting.
Type: list of (submodule)
Default: [ ]
Example:
[
{
callbackURL = "https://example.com/client/oidc/callback";
id = "service";
}
]Declared by:
<nixpkgs/nixos/modules/services/misc/portunus.nix>
|
services.portunus.dex.oidcClients.*.callbackURLURL where the OIDC client should redirect
Type: string
Declared by:
<nixpkgs/nixos/modules/services/misc/portunus.nix>
|
services.portunus.dex.oidcClients.*.idID of the OIDC client
Type: string
Declared by:
<nixpkgs/nixos/modules/services/misc/portunus.nix>
|
services.portunus.dex.portPort where dex should listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 5556
Declared by:
<nixpkgs/nixos/modules/services/misc/portunus.nix>
|
services.portunus.domainSubdomain which gets reverse proxied to Portunus webserver.
Type: string
Example: "sso.example.com"
Declared by:
<nixpkgs/nixos/modules/services/misc/portunus.nix>
|
services.portunus.groupGroup account under which Portunus runs its webserver.
Type: string
Default: "portunus"
Declared by:
<nixpkgs/nixos/modules/services/misc/portunus.nix>
|
services.portunus.ldap.packageThe OpenLDAP package to use.
Type: package
Default: pkgs.openldap
Declared by:
<nixpkgs/nixos/modules/services/misc/portunus.nix>
|
services.portunus.ldap.groupGroup account under which Portunus runs its LDAP server.
Type: string
Default: "openldap"
Declared by:
<nixpkgs/nixos/modules/services/misc/portunus.nix>
|
services.portunus.ldap.searchUserNameThe login name of the search user. This user account must be configured in Portunus either manually or via seeding.
Type: string
Default: ""
Example: "admin"
Declared by:
<nixpkgs/nixos/modules/services/misc/portunus.nix>
|
services.portunus.ldap.suffixThe DN of the topmost entry in your LDAP directory. Please refer to the Portunus documentation for more information on how this impacts the structure of the LDAP directory.
Type: string
Example: "dc=example,dc=org"
Declared by:
<nixpkgs/nixos/modules/services/misc/portunus.nix>
|
services.portunus.ldap.tlsWhether to enable LDAPS protocol.
This also adds two entries to the /etc/hosts file to point services.portunus.domain to localhost,
so that CLIs and programs can use ldaps protocol and verify the certificate without opening the firewall port for the protocol.
This requires a TLS certificate for services.portunus.domain to be configured via security.acme.certs.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/portunus.nix>
|
services.portunus.ldap.userUser account under which Portunus runs its LDAP server.
Type: string
Default: "openldap"
Declared by:
<nixpkgs/nixos/modules/services/misc/portunus.nix>
|
services.portunus.portPort where the Portunus webserver should listen on.
This must be put behind a TLS-capable reverse proxy because Portunus only listens on localhost.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8080
Declared by:
<nixpkgs/nixos/modules/services/misc/portunus.nix>
|
services.portunus.seedPathPath to a portunus seed file in json format. See https://github.com/majewsky/portunus#seeding-users-and-groups-from-static-configuration for available options.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/portunus.nix>
|
services.portunus.stateDirPath where Portunus stores its state.
Type: path
Default: "/var/lib/portunus"
Declared by:
<nixpkgs/nixos/modules/services/misc/portunus.nix>
|
services.portunus.userUser account under which Portunus runs its webserver.
Type: string
Default: "portunus"
Declared by:
<nixpkgs/nixos/modules/services/misc/portunus.nix>
|
services.postfix.enableWhether to run the Postfix mail server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.enableHeaderChecksWhether to enable postfix header checks
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.enableSmtpWhether to enable smtp in master.cf.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.enableSubmissionWhether to enable smtp submission.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.enableSubmissionsWhether to enable smtp submission via smtps.
According to RFC 8314 this should be preferred over STARTTLS for submission of messages by end user clients.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.aliasFilesAliases' tables to be compiled and placed into /var/lib/postfix/conf.
Type: attribute set of path
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.aliasMapTypeThe format the alias map should have. Use regexp if you want to use regular expressions.
Type: one of "hash", "regexp", "pcre"
Default: "hash"
Example: "regexp"
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.canonicalEntries for the canonical(5) table.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.configThe main.cf configuration file as key value set.
Type: attribute set of (boolean or string or list of string)
Example:
{
mail_owner = "postfix";
smtp_tls_security_level = "may";
}Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.destinationFull (!) list of domains we deliver locally. Leave blank for acceptable Postfix default.
Type: null or (list of string)
Default: null
Example:
[ "localhost" ]
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.dnsBlacklistOverridescontents of check_client_access for overriding dnsBlacklists
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.dnsBlacklistsdns blacklist servers to use with smtpd_client_restrictions
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.domainDomain to use. Leave blank to use hostname minus first component.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.extraAliasesAdditional entries to put verbatim into aliases file, cf. man-page aliases(8).
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.extraConfigExtra lines to be added verbatim to the main.cf configuration file.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.extraHeaderChecksExtra lines to /etc/postfix/header_checks file.
Type: strings concatenated with "\n"
Default: ""
Example: "/^X-Spam-Flag:/ REDIRECT spam@example.com"
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.extraMasterConfExtra lines to append to the generated master.cf file.
Type: strings concatenated with "\n"
Default: ""
Example: "submission inet n - n - - smtpd"
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.groupWhat to call the Postfix group (must be used only for postfix).
Type: string
Default: "postfix"
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.headerChecksPostfix header checks.
Type: list of (submodule)
Default: [ ]
Example:
[
{
action = "REDIRECT spam@example.com";
pattern = "/^X-Spam-Flag:/";
}
]Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.headerChecks.*.actionThe action to be executed when the pattern is matched
Type: string
Default: "DUNNO"
Example: "BCC mail@example.com"
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.headerChecks.*.patternA regexp pattern matching the header
Type: string
Default: "/^.*/"
Example: "/^X-Mailer:/"
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.hostnameHostname to use. Leave blank to use just the hostname of machine. It should be FQDN.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.localRecipientsList of accepted local users. Specify a bare username, an
"@domain.tld" wild-card, or a complete
"user@domain.tld" address. If set, these names end
up in the local recipient map -- see the local(8) man-page -- and
effectively replace the system user database lookup that's otherwise
used by default.
Type: null or (list of string)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.lookupMXWhether relay specified is just domain whose MX must be used.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.mapFilesMaps to be compiled and placed into /var/lib/postfix/conf.
Type: attribute set of path
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.masterConfigAn attribute set of service options, which correspond to the service
definitions usually done within the Postfix
master.cf file.
Type: attribute set of (submodule)
Default: { }
Example:
{
submission = {
args = [
"-o"
"smtpd_tls_security_level=encrypt"
];
type = "inet";
};
}Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.masterConfig.<name>.argsArguments to pass to the command. There is no shell
processing involved and shell syntax is passed verbatim to the
process.
Type: list of string
Default: [ ]
Example:
[ "-o" "smtp_helo_timeout=5" ]
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.masterConfig.<name>.chrootWhether the service is chrooted to have only access to the
services.postfix.queueDir and the closure of
store paths specified by the program option.
Type: boolean
Example: true
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.masterConfig.<name>.commandA program name specifying a Postfix service/daemon process.
By default it's the attribute name.
Type: string
Default: "‹name›"
Example: "smtpd"
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.masterConfig.<name>.maxprocThe maximum number of processes to spawn for this service. If the
value is 0 it doesn't have any limit. If
null is given it uses the postfix default of
100.
Type: signed integer
Example: 1
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.masterConfig.<name>.nameThe name of the service to run. Defaults to the attribute set key.
Type: string
Default: "‹name›"
Example: "smtp"
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.masterConfig.<name>.privateWhether the service's sockets and storage directory is restricted to
be only available via the mail system. If null is
given it uses the postfix default true.
Type: boolean
Example: false
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.masterConfig.<name>.privileged
Type: boolean
Example: true
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.masterConfig.<name>.typeThe type of the service
Type: one of "inet", "unix", "unix-dgram", "fifo", "pass"
Default: "unix"
Example: "inet"
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.masterConfig.<name>.wakeupAutomatically wake up the service after the specified number of
seconds. If 0 is given, never wake the service
up.
Type: signed integer
Example: 60
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.masterConfig.<name>.wakeupUnusedComponentIf set to false the component will only be woken
up if it is used. This is equivalent to postfix' notion of adding a
question mark behind the wakeup time in
master.cf
Type: boolean
Example: false
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.networksNet masks for trusted - allowed to relay mail to third parties - hosts. Leave empty to use mynetworks_style configuration or use default (localhost-only).
Type: null or (list of string)
Default: null
Example:
[ "192.168.0.1/24" ]
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.networksStyleName of standard way of trusted network specification to use, leave blank if you specify it explicitly or if you want to use default (localhost-only).
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.originOrigin to use in outgoing e-mail. Leave blank to use hostname.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.postmasterAliasWho should receive postmaster e-mail. Multiple values can be added by separating values with comma.
Type: string
Default: "root"
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.recipientDelimiterDelimiter for address extension: so mail to user+test can be handled by ~user/.forward+test
Type: string
Default: ""
Example: "+"
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.relayDomainsList of domains we agree to relay to. Default is empty.
Type: null or (list of string)
Default: null
Example:
[ "localdomain" ]
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.relayHostMail relay for outbound mail.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.relayPortSMTP port for relay mail relay.
Type: signed integer
Default: 25
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.rootAliasWho should receive root e-mail. Blank for no redirection. Multiple values can be added by separating values with comma.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.setSendmailWhether to set the system sendmail to postfix's.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.setgidGroupHow to call postfix setgid group (for postdrop). Should be uniquely used group.
Type: string
Default: "postdrop"
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.sslCertSSL certificate to use.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.sslKeySSL key to use.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.submissionOptionsOptions for the submission config in master.cf
Type: attribute set of string
Default:
{
milter_macro_daemon_name = "ORIGINATING";
smtpd_client_restrictions = "permit_sasl_authenticated,reject";
smtpd_sasl_auth_enable = "yes";
smtpd_tls_security_level = "encrypt";
}Example:
{
milter_macro_daemon_name = "ORIGINATING";
smtpd_client_restrictions = "permit_sasl_authenticated,reject";
smtpd_sasl_auth_enable = "yes";
smtpd_sasl_type = "dovecot";
smtpd_tls_security_level = "encrypt";
}Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.submissionsOptionsOptions for the submission config via smtps in master.cf.
smtpd_tls_security_level will be set to encrypt, if it is missing or has one of the values "may" or "none".
smtpd_tls_wrappermode with value "yes" will be added automatically.
Type: attribute set of string
Default:
{
milter_macro_daemon_name = "ORIGINATING";
smtpd_client_restrictions = "permit_sasl_authenticated,reject";
smtpd_sasl_auth_enable = "yes";
}Example:
{
milter_macro_daemon_name = "ORIGINATING";
smtpd_client_restrictions = "permit_sasl_authenticated,reject";
smtpd_sasl_auth_enable = "yes";
smtpd_sasl_type = "dovecot";
}Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.tlsTrustedAuthoritiesFile containing trusted certification authorities (CA) to verify certificates of mailservers contacted for mail delivery. This basically sets smtp_tls_CAfile and enables opportunistic tls. Defaults to NixOS trusted certification authorities.
Type: string
Default: "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.transportEntries for the transport map, cf. man-page transport(8).
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.useSrsWhether to enable sender rewriting scheme
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.userWhat to call the Postfix user (must be used only for postfix).
Type: string
Default: "postfix"
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.virtualEntries for the virtual alias map, cf. man-page virtual(5).
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfix.virtualMapTypeWhat type of virtual alias map file to use. Use "regexp" for regular expressions.
Type: one of "hash", "regexp", "pcre"
Default: "hash"
Declared by:
<nixpkgs/nixos/modules/services/mail/postfix.nix>
|
services.postfixadmin.enableWhether to enable postfixadmin.
Also enables nginx virtual host management.
Further nginx configuration can be done by adapting services.nginx.virtualHosts.<name>.
See services.nginx.virtualHosts for further information.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/mail/postfixadmin.nix>
|
services.postfixadmin.adminEmailDefines the Site Admin's email address. This will be used to send emails from to create mailboxes and from Send Email / Broadcast message pages.
Type: string
Example: "postmaster@example.com"
Declared by:
<nixpkgs/nixos/modules/services/mail/postfixadmin.nix>
|
services.postfixadmin.database.dbnameName of the postgresql database
Type: string
Default: "postfixadmin"
Declared by:
<nixpkgs/nixos/modules/services/mail/postfixadmin.nix>
|
services.postfixadmin.database.hostHost of the postgresql server. If this is not set to
localhost, you have to create the
postgresql user and database yourself, with appropriate
permissions.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/mail/postfixadmin.nix>
|
services.postfixadmin.database.passwordFilePassword file for the postgresql connection. Must be readable by user nginx.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/mail/postfixadmin.nix>
|
services.postfixadmin.database.usernameUsername for the postgresql connection.
If database.host is set to localhost, a unix user and group of the same name will be created as well.
Type: string
Default: "postfixadmin"
Declared by:
<nixpkgs/nixos/modules/services/mail/postfixadmin.nix>
|
services.postfixadmin.extraConfigExtra configuration for the postfixadmin instance, see postfixadmin's config.inc.php for available options.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/mail/postfixadmin.nix>
|
services.postfixadmin.hostNameHostname to use for the nginx vhost
Type: string
Example: "postfixadmin.example.com"
Declared by:
<nixpkgs/nixos/modules/services/mail/postfixadmin.nix>
|
services.postfixadmin.setupPasswordFilePassword file for the admin.
Generate with php -r "echo password_hash('some password here', PASSWORD_DEFAULT);"
Type: path
Declared by:
<nixpkgs/nixos/modules/services/mail/postfixadmin.nix>
|
services.postgresql.enableWhether to enable PostgreSQL Server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/databases/postgresql.nix>
|
services.postgresql.enableTCPIPWhether PostgreSQL should listen on all network interfaces. If disabled, the database can only be accessed via its Unix domain socket or via TCP connections to localhost.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/databases/postgresql.nix>
|
services.postgresql.packagePostgreSQL package to use.
Type: package
Example: pkgs.postgresql_11
Declared by:
<nixpkgs/nixos/modules/services/databases/postgresql.nix>
|
services.postgresql.authenticationDefines how users authenticate themselves to the server. See the
PostgreSQL documentation for pg_hba.conf
for details on the expected format of this option. By default,
peer based authentication will be used for users connecting
via the Unix socket, and md5 password authentication will be
used for users connecting via TCP. Any added rules will be
inserted above the default rules. If you'd like to replace the
default rules entirely, you can use lib.mkForce in your
module.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/databases/postgresql.nix>
|
services.postgresql.checkConfigCheck the syntax of the configuration file at compile time
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/databases/postgresql.nix>
|
services.postgresql.dataDirThe data directory for PostgreSQL. If left as the default value this directory will automatically be created before the PostgreSQL server starts, otherwise the sysadmin is responsible for ensuring the directory exists with appropriate ownership and permissions.
Type: path
Example: "/var/lib/postgresql/11"
Declared by:
<nixpkgs/nixos/modules/services/databases/postgresql.nix>
|
services.postgresql.ensureDatabasesEnsures that the specified databases exist. This option will never delete existing databases, especially not when the value of this option is changed. This means that databases created once through this option or otherwise have to be removed manually.
Type: list of string
Default: [ ]
Example:
[ "gitea" "nextcloud" ]
Declared by:
<nixpkgs/nixos/modules/services/databases/postgresql.nix>
|
services.postgresql.ensureUsersEnsures that the specified users exist and have at least the ensured permissions. The PostgreSQL users will be identified using peer authentication. This authenticates the Unix user with the same name only, and that without the need for a password. This option will never delete existing users or remove permissions, especially not when the value of this option is changed. This means that users created and permissions assigned once through this option or otherwise have to be removed manually.
Type: list of (submodule)
Default: [ ]
Example:
[
{
name = "nextcloud";
ensurePermissions = {
"DATABASE nextcloud" = "ALL PRIVILEGES";
};
}
{
name = "superuser";
ensurePermissions = {
"ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES";
};
}
]
Declared by:
<nixpkgs/nixos/modules/services/databases/postgresql.nix>
|
services.postgresql.ensureUsers.*.ensureClausesAn attrset of clauses to grant to the user. Under the hood this uses the
ALTER USER syntax for each attrName where
the attrValue is true in the attrSet:
ALTER USER user.name WITH attrName
Type: submodule
Default: The default, null, means that the user created will have the default permissions assigned by PostgreSQL. Subsequent server starts will not set or unset the clause, so imperative changes are preserved.
Example:
{
superuser = true;
createrole = true;
createdb = true;
}
Declared by:
<nixpkgs/nixos/modules/services/databases/postgresql.nix>
|
services.postgresql.ensureUsers.*.ensureClauses.bypassrlsGrants the user, created by the ensureUser attr, replication permissions. From the postgres docs:
A role must be explicitly given permission to bypass every row-level security (RLS) policy (except for superusers, since those bypass all permission checks). To create such a role, use CREATE ROLE name BYPASSRLS as a superuser.
More information on postgres roles can be found here
Type: null or boolean
Default: null: do not set. For newly created roles, use PostgreSQL's default. For existing roles, do not touch this clause.
Declared by:
<nixpkgs/nixos/modules/services/databases/postgresql.nix>
|
services.postgresql.ensureUsers.*.ensureClauses.createdbGrants the user, created by the ensureUser attr, createdb permissions. From the postgres docs:
A role must be explicitly given permission to create databases (except for superusers, since those bypass all permission checks). To create such a role, use CREATE ROLE name CREATEDB.
More information on postgres roles can be found here
Type: null or boolean
Default: null: do not set. For newly created roles, use PostgreSQL's default. For existing roles, do not touch this clause.
Declared by:
<nixpkgs/nixos/modules/services/databases/postgresql.nix>
|
services.postgresql.ensureUsers.*.ensureClauses.createroleGrants the user, created by the ensureUser attr, createrole permissions. From the postgres docs:
A role must be explicitly given permission to create more roles (except for superusers, since those bypass all permission checks). To create such a role, use CREATE ROLE name CREATEROLE. A role with CREATEROLE privilege can alter and drop other roles, too, as well as grant or revoke membership in them. However, to create, alter, drop, or change membership of a superuser role, superuser status is required; CREATEROLE is insufficient for that.
More information on postgres roles can be found here
Type: null or boolean
Default: null: do not set. For newly created roles, use PostgreSQL's default. For existing roles, do not touch this clause.
Declared by:
<nixpkgs/nixos/modules/services/databases/postgresql.nix>
|
services.postgresql.ensureUsers.*.ensureClauses.inheritGrants the user created inherit permissions. From the postgres docs:
A role is given permission to inherit the privileges of roles it is a member of, by default. However, to create a role without the permission, use CREATE ROLE name NOINHERIT.
More information on postgres roles can be found here
Type: null or boolean
Default: null: do not set. For newly created roles, use PostgreSQL's default. For existing roles, do not touch this clause.
Declared by:
<nixpkgs/nixos/modules/services/databases/postgresql.nix>
|
services.postgresql.ensureUsers.*.ensureClauses.loginGrants the user, created by the ensureUser attr, login permissions. From the postgres docs:
Only roles that have the LOGIN attribute can be used as the initial role name for a database connection. A role with the LOGIN attribute can be considered the same as a “database user”. To create a role with login privilege, use either:
CREATE ROLE name LOGIN; CREATE USER name;
(CREATE USER is equivalent to CREATE ROLE except that CREATE USER includes LOGIN by default, while CREATE ROLE does not.)
More information on postgres roles can be found here
Type: null or boolean
Default: null: do not set. For newly created roles, use PostgreSQL's default. For existing roles, do not touch this clause.
Declared by:
<nixpkgs/nixos/modules/services/databases/postgresql.nix>
|
services.postgresql.ensureUsers.*.ensureClauses.replicationGrants the user, created by the ensureUser attr, replication permissions. From the postgres docs:
A role must explicitly be given permission to initiate streaming replication (except for superusers, since those bypass all permission checks). A role used for streaming replication must have LOGIN permission as well. To create such a role, use CREATE ROLE name REPLICATION LOGIN.
More information on postgres roles can be found here
Type: null or boolean
Default: null: do not set. For newly created roles, use PostgreSQL's default. For existing roles, do not touch this clause.
Declared by:
<nixpkgs/nixos/modules/services/databases/postgresql.nix>
|
services.postgresql.ensureUsers.*.ensureClauses.superuserGrants the user, created by the ensureUser attr, superuser permissions. From the postgres docs:
A database superuser bypasses all permission checks, except the right to log in. This is a dangerous privilege and should not be used carelessly; it is best to do most of your work as a role that is not a superuser. To create a new database superuser, use CREATE ROLE name SUPERUSER. You must do this as a role that is already a superuser.
More information on postgres roles can be found here
Type: null or boolean
Default: null: do not set. For newly created roles, use PostgreSQL's default. For existing roles, do not touch this clause.
Declared by:
<nixpkgs/nixos/modules/services/databases/postgresql.nix>
|
services.postgresql.ensureUsers.*.ensurePermissionsPermissions to ensure for the user, specified as an attribute set. The attribute names specify the database and tables to grant the permissions for. The attribute values specify the permissions to grant. You may specify one or multiple comma-separated SQL privileges here.
For more information on how to specify the target
and on which privileges exist, see the
GRANT syntax.
The attributes are used as GRANT ${attrValue} ON ${attrName}.
Type: attribute set of string
Default: { }
Example:
{
"DATABASE \"nextcloud\"" = "ALL PRIVILEGES";
"ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES";
}
Declared by:
<nixpkgs/nixos/modules/services/databases/postgresql.nix>
|
services.postgresql.ensureUsers.*.nameName of the user to ensure.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/databases/postgresql.nix>
|
services.postgresql.extraPluginsList of PostgreSQL plugins. PostgreSQL version for each plugin should
match version for services.postgresql.package value.
Type: list of path
Default: [ ]
Example: with pkgs.postgresql_11.pkgs; [ postgis pg_repack ]
Declared by:
<nixpkgs/nixos/modules/services/databases/postgresql.nix>
|
services.postgresql.identMapDefines the mapping from system users to database users.
The general form is:
map-name system-username database-username
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/databases/postgresql.nix>
|
services.postgresql.initdbArgsAdditional arguments passed to initdb during data dir
initialisation.
Type: list of string
Default: [ ]
Example:
[ "--data-checksums" "--allow-group-access" ]
Declared by:
<nixpkgs/nixos/modules/services/databases/postgresql.nix>
|
services.postgresql.initialScriptA file containing SQL statements to execute on first startup.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/databases/postgresql.nix>
|
services.postgresql.logLinePrefixA printf-style string that is output at the beginning of each log line.
Upstream default is '%m [%p] ', i.e. it includes the timestamp. We do
not include the timestamp, because journal has it anyway.
Type: string
Default: "[%p] "
Example: "%m [%p] "
Declared by:
<nixpkgs/nixos/modules/services/databases/postgresql.nix>
|
services.postgresql.portThe port on which PostgreSQL listens.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 5432
Declared by:
<nixpkgs/nixos/modules/services/databases/postgresql.nix>
|
services.postgresql.recoveryConfigContents of the recovery.conf file.
Type: null or strings concatenated with "\n"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/databases/postgresql.nix>
|
services.postgresql.settingsPostgreSQL configuration. Refer to
https://www.postgresql.org/docs/11/config-setting.html#CONFIG-SETTING-CONFIGURATION-FILE
for an overview of postgresql.conf.
String values will automatically be enclosed in single quotes. Single quotes will be escaped with two single quotes as described by the upstream documentation linked above.
Type: attribute set of (boolean or floating point number or signed integer or string)
Default: { }
Example:
{
log_connections = true;
log_statement = "all";
logging_collector = true
log_disconnections = true
log_destination = lib.mkForce "syslog";
}
Declared by:
<nixpkgs/nixos/modules/services/databases/postgresql.nix>
|
services.postgresqlBackup.enableWhether to enable PostgreSQL dumps.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/backup/postgresql-backup.nix>
|
services.postgresqlBackup.backupAllBackup all databases using pg_dumpall.
This option is mutual exclusive to
services.postgresqlBackup.databases.
The resulting backup dump will have the name all.sql.gz.
This option is the default if no databases are specified.
Type: boolean
Default: services.postgresqlBackup.databases == []
Declared by:
<nixpkgs/nixos/modules/services/backup/postgresql-backup.nix>
|
services.postgresqlBackup.compressionThe type of compression to use on the generated database dump.
Type: one of "none", "gzip", "zstd"
Default: "gzip"
Declared by:
<nixpkgs/nixos/modules/services/backup/postgresql-backup.nix>
|
services.postgresqlBackup.compressionLevelThe compression level used when compression is enabled. gzip accepts levels 1 to 9. zstd accepts levels 1 to 19.
Type: integer between 1 and 19 (both inclusive)
Default: 6
Declared by:
<nixpkgs/nixos/modules/services/backup/postgresql-backup.nix>
|
services.postgresqlBackup.databasesList of database names to dump.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/backup/postgresql-backup.nix>
|
services.postgresqlBackup.locationPath of directory where the PostgreSQL database dumps will be placed.
Type: path
Default: "/var/backup/postgresql"
Declared by:
<nixpkgs/nixos/modules/services/backup/postgresql-backup.nix>
|
services.postgresqlBackup.pgdumpOptionsCommand line options for pg_dump. This options is not used
if config.services.postgresqlBackup.backupAll is enabled.
Note that config.services.postgresqlBackup.backupAll is also active,
when no databases where specified.
Type: strings concatenated with " "
Default: "-C"
Declared by:
<nixpkgs/nixos/modules/services/backup/postgresql-backup.nix>
|
services.postgresqlBackup.startAtThis option defines (see systemd.time for format) when the
databases should be dumped.
The default is to update at 01:15 (at night) every day.
Type: (list of string) or string
Default: "*-*-* 01:15:00"
Declared by:
<nixpkgs/nixos/modules/services/backup/postgresql-backup.nix>
|
services.postgresqlWalReceiver.receiversPostgreSQL WAL receivers. Stream write-ahead logs from a PostgreSQL server using pg_receivewal (formerly pg_receivexlog). See the man page for more information.
Type: attribute set of (submodule)
Default: { }
Example:
{
main = {
postgresqlPackage = pkgs.postgresql_11;
directory = /mnt/pg_wal/main/;
slot = "main_wal_receiver";
connection = "postgresql://user@somehost";
};
}
Declared by:
<nixpkgs/nixos/modules/services/backup/postgresql-wal-receiver.nix>
|
services.postgresqlWalReceiver.receivers.<name>.compressEnables gzip compression of write-ahead logs, and specifies the compression level
(0 through 9, 0 being no compression and 9 being best compression).
The suffix .gz will automatically be added to all filenames.
This option requires PostgreSQL >= 10.
Type: integer between 0 and 9 (both inclusive)
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/backup/postgresql-wal-receiver.nix>
|
services.postgresqlWalReceiver.receivers.<name>.connectionSpecifies parameters used to connect to the server, as a connection string. See Section 34.1.1 of the PostgreSQL manual for more information.
Because pg_receivewal doesn't connect to any particular database in the cluster, database name in the connection string will be ignored.
Type: string
Example: "postgresql://user@somehost"
Declared by:
<nixpkgs/nixos/modules/services/backup/postgresql-wal-receiver.nix>
|
services.postgresqlWalReceiver.receivers.<name>.directoryDirectory to write the output to.
Type: path
Example: /mnt/pg_wal/main/
Declared by:
<nixpkgs/nixos/modules/services/backup/postgresql-wal-receiver.nix>
|
services.postgresqlWalReceiver.receivers.<name>.environmentEnvironment variables passed to the service. Usable parameters are listed in Section 34.14 of the PostgreSQL manual.
Type: attribute set of string
Default: { }
Example:
{
PGPASSFILE = "/private/passfile";
PGSSLMODE = "require";
}
Declared by:
<nixpkgs/nixos/modules/services/backup/postgresql-wal-receiver.nix>
|
services.postgresqlWalReceiver.receivers.<name>.extraArgsA list of extra arguments to pass to the pg_receivewal command.
Type: list of string
Default: [ ]
Example:
[ "--no-sync" ]
Declared by:
<nixpkgs/nixos/modules/services/backup/postgresql-wal-receiver.nix>
|
services.postgresqlWalReceiver.receivers.<name>.postgresqlPackagePostgreSQL package to use.
Type: package
Example: pkgs.postgresql_11
Declared by:
<nixpkgs/nixos/modules/services/backup/postgresql-wal-receiver.nix>
|
services.postgresqlWalReceiver.receivers.<name>.slotRequire pg_receivewal to use an existing replication slot (see Section 26.2.6 of the PostgreSQL manual). When this option is used, pg_receivewal will report a flush position to the server, indicating when each segment has been synchronized to disk so that the server can remove that segment if it is not otherwise needed.
When the replication client of pg_receivewal is configured on the server as a synchronous standby,
then using a replication slot will report the flush position to the server, but only when a WAL file is closed.
Therefore, that configuration will cause transactions on the primary to wait for a long time and effectively not work satisfactorily.
The option synchronous must be specified in addition to make this work correctly.
Type: string
Default: ""
Example: "some_slot_name"
Declared by:
<nixpkgs/nixos/modules/services/backup/postgresql-wal-receiver.nix>
|
services.postgresqlWalReceiver.receivers.<name>.statusIntervalSpecifies the number of seconds between status packets sent back to the server. This allows for easier monitoring of the progress from server. A value of zero disables the periodic status updates completely, although an update will still be sent when requested by the server, to avoid timeout disconnect.
Type: signed integer
Default: 10
Declared by:
<nixpkgs/nixos/modules/services/backup/postgresql-wal-receiver.nix>
|
services.postgresqlWalReceiver.receivers.<name>.synchronousFlush the WAL data to disk immediately after it has been received.
Also send a status packet back to the server immediately after flushing, regardless of statusInterval.
This option should be specified if the replication client of pg_receivewal is configured on the server as a synchronous standby, to ensure that timely feedback is sent to the server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/backup/postgresql-wal-receiver.nix>
|
services.postgrey.enableWhether to run the Postgrey daemon
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/mail/postgrey.nix>
|
services.postgrey.IPv4CIDRStrip N bits from IPv4 addresses if lookupBySubnet is true
Type: signed integer
Default: 24
Declared by:
<nixpkgs/nixos/modules/services/mail/postgrey.nix>
|
services.postgrey.IPv6CIDRStrip N bits from IPv6 addresses if lookupBySubnet is true
Type: signed integer
Default: 64
Declared by:
<nixpkgs/nixos/modules/services/mail/postgrey.nix>
|
services.postgrey.autoWhitelistWhitelist clients after successful delivery of N messages
Type: null or signed integer
Default: 5
Declared by:
<nixpkgs/nixos/modules/services/mail/postgrey.nix>
|
services.postgrey.delayGreylist for N seconds
Type: signed integer
Default: 300
Declared by:
<nixpkgs/nixos/modules/services/mail/postgrey.nix>
|
services.postgrey.greylistActionResponse status for greylisted messages (see access(5))
Type: string
Default: "DEFER_IF_PERMIT"
Declared by:
<nixpkgs/nixos/modules/services/mail/postgrey.nix>
|
services.postgrey.greylistHeaderPrepend header to greylisted mails; use %%t for seconds delayed due to greylisting, %%v for the version of postgrey, %%d for the date, and %%h for the host
Type: string
Default: "X-Greylist: delayed %%t seconds by postgrey-%%v at %%h; %%d"
Declared by:
<nixpkgs/nixos/modules/services/mail/postgrey.nix>
|
services.postgrey.greylistTextResponse status text for greylisted messages; use %%s for seconds left until greylisting is over and %%r for mail domain of recipient
Type: string
Default: "Greylisted for %%s seconds"
Declared by:
<nixpkgs/nixos/modules/services/mail/postgrey.nix>
|
services.postgrey.lookupBySubnetStrip the last N bits from IP addresses, determined by IPv4CIDR and IPv6CIDR
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/mail/postgrey.nix>
|
services.postgrey.maxAgeDelete entries from whitelist if they haven't been seen for N days
Type: signed integer
Default: 35
Declared by:
<nixpkgs/nixos/modules/services/mail/postgrey.nix>
|
services.postgrey.privacyStore data using one-way hash functions (SHA1)
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/mail/postgrey.nix>
|
services.postgrey.retryWindowAllow N days for the first retry. Use string with appended 'h' to specify time in hours
Type: string or signed integer
Default: 2
Example: "12h"
Declared by:
<nixpkgs/nixos/modules/services/mail/postgrey.nix>
|
services.postgrey.socketSocket to bind to
Type: (submodule) or (submodule)
Default:
{
mode = "0777";
path = "/run/postgrey.sock";
}Example:
{
addr = "127.0.0.1";
port = 10030;
}Declared by:
<nixpkgs/nixos/modules/services/mail/postgrey.nix>
|
services.postgrey.whitelistClientsClient address whitelist files (see postgrey(8))
Type: list of path
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/mail/postgrey.nix>
|
services.postgrey.whitelistRecipientsRecipient address whitelist files (see postgrey(8))
Type: list of path
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/mail/postgrey.nix>
|
services.postsrsd.enableWhether to enable the postsrsd SRS server for Postfix.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/mail/postsrsd.nix>
|
services.postsrsd.domainDomain name for rewrite
Type: string
Declared by:
<nixpkgs/nixos/modules/services/mail/postsrsd.nix>
|
services.postsrsd.excludeDomainsOrigin domains to exclude from rewriting in addition to primary domain
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/mail/postsrsd.nix>
|
services.postsrsd.forwardPortPort for the forward SRS lookup
Type: signed integer
Default: 10001
Declared by:
<nixpkgs/nixos/modules/services/mail/postsrsd.nix>
|
services.postsrsd.groupGroup for the daemon
Type: string
Default: "postsrsd"
Declared by:
<nixpkgs/nixos/modules/services/mail/postsrsd.nix>
|
services.postsrsd.reversePortPort for the reverse SRS lookup
Type: signed integer
Default: 10002
Declared by:
<nixpkgs/nixos/modules/services/mail/postsrsd.nix>
|
services.postsrsd.secretsFileSecret keys used for signing and verification
Type: path
Default: "/var/lib/postsrsd/postsrsd.secret"
Declared by:
<nixpkgs/nixos/modules/services/mail/postsrsd.nix>
|
services.postsrsd.separatorFirst separator character in generated addresses
Type: one of "-", "=", "+"
Default: "="
Declared by:
<nixpkgs/nixos/modules/services/mail/postsrsd.nix>
|
services.postsrsd.timeoutTimeout for idle client connections in seconds
Type: signed integer
Default: 1800
Declared by:
<nixpkgs/nixos/modules/services/mail/postsrsd.nix>
|
services.postsrsd.userUser for the daemon
Type: string
Default: "postsrsd"
Declared by:
<nixpkgs/nixos/modules/services/mail/postsrsd.nix>
|
services.power-profiles-daemon.enableWhether to enable power-profiles-daemon, a DBus daemon that allows changing system behavior based upon user-selected power profiles.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/hardware/power-profiles-daemon.nix>
|
services.powerdns.enableWhether to enable PowerDNS domain name server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/powerdns.nix>
|
services.powerdns.extraConfigPowerDNS configuration. Refer to https://doc.powerdns.com/authoritative/settings.html for details on supported values.
Type: strings concatenated with "\n"
Default: "launch=bind"
Declared by:
<nixpkgs/nixos/modules/services/networking/powerdns.nix>
|
services.powerdns-admin.enableWhether to enable the PowerDNS web interface.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/powerdns-admin.nix>
|
services.powerdns-admin.configConfiguration python file. See the example configuration for options.
Type: string
Default: ""
Example:
'' BIND_ADDRESS = '127.0.0.1' PORT = 8000 SQLALCHEMY_DATABASE_URI = 'postgresql://powerdnsadmin@/powerdnsadmin?host=/run/postgresql' ''
Declared by:
<nixpkgs/nixos/modules/services/web-apps/powerdns-admin.nix>
|
services.powerdns-admin.extraArgsExtra arguments passed to powerdns-admin.
Type: list of string
Default: [ ]
Example:
[ "-b" "127.0.0.1:8000" ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/powerdns-admin.nix>
|
services.powerdns-admin.saltFileThe salt used for serialization. This should be set, otherwise the default is used. Set this to null to ignore this setting and configure it through another way.
Type: null or path
Example: "/etc/powerdns-admin/salt"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/powerdns-admin.nix>
|
services.powerdns-admin.secretKeyFileThe secret used to create cookies. This needs to be set, otherwise the default is used and everyone can forge valid login cookies. Set this to null to ignore this setting and configure it through another way.
Type: null or path
Example: "/etc/powerdns-admin/secret"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/powerdns-admin.nix>
|
services.pppd.enableWhether to enable pppd.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/pppd.nix>
|
services.pppd.packagepppd package to use.
Type: package
Default: pkgs.ppp
Declared by:
<nixpkgs/nixos/modules/services/networking/pppd.nix>
|
services.pppd.peerspppd peers.
Type: attribute set of (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/pppd.nix>
|
services.pppd.peers.<name>.enableWhether to enable this PPP peer.
Type: boolean
Default: true
Example: false
Declared by:
<nixpkgs/nixos/modules/services/networking/pppd.nix>
|
services.pppd.peers.<name>.autostartWhether the PPP session is automatically started at boot time.
Type: boolean
Default: true
Example: false
Declared by:
<nixpkgs/nixos/modules/services/networking/pppd.nix>
|
services.pppd.peers.<name>.configpppd configuration for this peer, see the pppd(8) man page.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/pppd.nix>
|
services.pppd.peers.<name>.nameName of the PPP peer.
Type: string
Default: "‹name›"
Example: "dialup"
Declared by:
<nixpkgs/nixos/modules/services/networking/pppd.nix>
|
services.pptpd.enableWhether to enable pptpd, the Point-to-Point Tunneling Protocol daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/pptpd.nix>
|
services.pptpd.clientIpRangeThe range from which client IPs are drawn.
Type: string
Default: "10.124.124.2-11"
Declared by:
<nixpkgs/nixos/modules/services/networking/pptpd.nix>
|
services.pptpd.extraPppdOptionsAdds extra lines to the pppd options file.
Type: strings concatenated with "\n"
Default: ""
Example:
'' ms-dns 8.8.8.8 ms-dns 8.8.4.4 ''
Declared by:
<nixpkgs/nixos/modules/services/networking/pptpd.nix>
|
services.pptpd.extraPptpdOptionsAdds extra lines to the pptpd configuration file.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/pptpd.nix>
|
services.pptpd.maxClientsThe maximum number of simultaneous connections.
Type: signed integer
Default: 10
Declared by:
<nixpkgs/nixos/modules/services/networking/pptpd.nix>
|
services.pptpd.serverIpThe server-side IP address.
Type: string
Default: "10.124.124.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/pptpd.nix>
|
services.prayer.enableWhether to enable the prayer webmail http server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/prayer.nix>
|
services.prayer.extraConfigExtra configuration. Contents will be added verbatim to the configuration file.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/prayer.nix>
|
services.prayer.portPort the prayer http server is listening to.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 2080
Declared by:
<nixpkgs/nixos/modules/services/networking/prayer.nix>
|
services.printing.enableWhether to enable printing support through the CUPS daemon.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/printing/cupsd.nix>
|
services.printing.allowFromFrom which hosts to allow unconditional access.
Type: list of string
Default:
[ "localhost" ]
Example:
[ "all" ]
Declared by:
<nixpkgs/nixos/modules/services/printing/cupsd.nix>
|
services.printing.browsedConfThe contents of the configuration. file of the CUPS Browsed daemon
(cups-browsed.conf)
Type: strings concatenated with "\n"
Default: ""
Example:
'' BrowsePoll cups.example.com ''
Declared by:
<nixpkgs/nixos/modules/services/printing/cupsd.nix>
|
services.printing.browsingSpecifies whether shared printers are advertised.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/printing/cupsd.nix>
|
services.printing.clientConfThe contents of the client configuration.
(client.conf)
Type: strings concatenated with "\n"
Default: ""
Example:
'' ServerName server.example.com Encryption Never ''
Declared by:
<nixpkgs/nixos/modules/services/printing/cupsd.nix>
|
services.printing.defaultSharedSpecifies whether local printers are shared by default.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/printing/cupsd.nix>
|
services.printing.driversCUPS drivers to use. Drivers provided by CUPS, cups-filters,
Ghostscript and Samba are added unconditionally. If this list contains
Gutenprint (i.e. a derivation with
meta.isGutenprint = true) the PPD files in
/var/lib/cups/ppd will be updated automatically
to avoid errors due to incompatible versions.
Type: list of path
Default: [ ]
Example: with pkgs; [ gutenprint hplip splix ]
Declared by:
<nixpkgs/nixos/modules/services/printing/cupsd.nix>
|
services.printing.extraConfExtra contents of the configuration file of the CUPS daemon
(cupsd.conf).
Type: strings concatenated with "\n"
Default: ""
Example:
'' BrowsePoll cups.example.com MaxCopies 42 ''
Declared by:
<nixpkgs/nixos/modules/services/printing/cupsd.nix>
|
services.printing.extraFilesConfExtra contents of the configuration file of the CUPS daemon
(cups-files.conf).
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/printing/cupsd.nix>
|
services.printing.listenAddressesA list of addresses and ports on which to listen.
Type: list of string
Default:
[ "localhost:631" ]
Example:
[ "*:631" ]
Declared by:
<nixpkgs/nixos/modules/services/printing/cupsd.nix>
|
services.printing.logLevelSpecifies the cupsd logging verbosity.
Type: string
Default: "info"
Example: "debug"
Declared by:
<nixpkgs/nixos/modules/services/printing/cupsd.nix>
|
services.printing.snmpConfThe contents of /etc/cups/snmp.conf. See "man
cups-snmp.conf" for a complete description.
Type: strings concatenated with "\n"
Default:
'' Address @LOCAL ''
Declared by:
<nixpkgs/nixos/modules/services/printing/cupsd.nix>
|
services.printing.startWhenNeededIf set, CUPS is socket-activated; that is, instead of having it permanently running as a daemon, systemd will start it on the first incoming connection.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/printing/cupsd.nix>
|
services.printing.statelessIf set, all state directories relating to CUPS will be removed on startup of the service.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/printing/cupsd.nix>
|
services.printing.tempDirCUPSd temporary directory.
Type: path
Default: "/tmp"
Example: "/tmp/cups"
Declared by:
<nixpkgs/nixos/modules/services/printing/cupsd.nix>
|
services.printing.webInterfaceSpecifies whether the web interface is enabled.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/printing/cupsd.nix>
|
services.privacyidea.enableWhether to enable PrivacyIDEA.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/security/privacyidea.nix>
|
services.privacyidea.adminEmailMail address for the admin user
Type: string
Example: "admin@example.com"
Declared by:
<nixpkgs/nixos/modules/services/security/privacyidea.nix>
|
services.privacyidea.adminPasswordFileFile containing password for the admin user
Type: path
Declared by:
<nixpkgs/nixos/modules/services/security/privacyidea.nix>
|
services.privacyidea.auditKeyPrivatePrivate Key for signing the audit log.
Type: string
Default: "${config.services.privacyidea.stateDir}/private.pem"
Declared by:
<nixpkgs/nixos/modules/services/security/privacyidea.nix>
|
services.privacyidea.auditKeyPublicPublic key for checking signatures of the audit log.
Type: string
Default: "${config.services.privacyidea.stateDir}/public.pem"
Declared by:
<nixpkgs/nixos/modules/services/security/privacyidea.nix>
|
services.privacyidea.encFileThis is used to encrypt the token data and token passwords
Type: string
Default: "${config.services.privacyidea.stateDir}/enckey"
Declared by:
<nixpkgs/nixos/modules/services/security/privacyidea.nix>
|
services.privacyidea.environmentFileFile to load as environment file. Environment variables
from this file will be interpolated into the config file
using envsubst which is helpful for specifying
secrets:
{ services.privacyidea.secretKey = "$SECRET"; }
The environment-file can now specify the actual secret key:
SECRET=veryverytopsecret
Type: null or path
Default: null
Example: "/root/privacyidea.env"
Declared by:
<nixpkgs/nixos/modules/services/security/privacyidea.nix>
|
services.privacyidea.extraConfigExtra configuration options for pi.cfg.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/security/privacyidea.nix>
|
services.privacyidea.groupGroup account under which PrivacyIDEA runs.
Type: string
Default: "privacyidea"
Declared by:
<nixpkgs/nixos/modules/services/security/privacyidea.nix>
|
services.privacyidea.ldap-proxy.enableWhether to enable PrivacyIDEA LDAP Proxy.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/security/privacyidea.nix>
|
services.privacyidea.ldap-proxy.configFilePath to PrivacyIDEA LDAP Proxy configuration (proxy.ini).
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/privacyidea.nix>
|
services.privacyidea.ldap-proxy.environmentFileEnvironment file containing secrets to be substituted into
services.privacyidea.ldap-proxy.settings.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/privacyidea.nix>
|
services.privacyidea.ldap-proxy.groupGroup account under which PrivacyIDEA LDAP proxy runs.
Type: string
Default: "pi-ldap-proxy"
Declared by:
<nixpkgs/nixos/modules/services/security/privacyidea.nix>
|
services.privacyidea.ldap-proxy.settingsAttribute-set containing the settings for privacyidea-ldap-proxy.
It's possible to pass secrets using env-vars as substitutes and
use the option services.privacyidea.ldap-proxy.environmentFile
to inject them via envsubst.
Type: attribute set of attribute set of (string or boolean or signed integer or list of string)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/security/privacyidea.nix>
|
services.privacyidea.ldap-proxy.userUser account under which PrivacyIDEA LDAP proxy runs.
Type: string
Default: "pi-ldap-proxy"
Declared by:
<nixpkgs/nixos/modules/services/security/privacyidea.nix>
|
services.privacyidea.pepperThis is used to encrypt the admin passwords.
Type: string
Example: "Never know..."
Declared by:
<nixpkgs/nixos/modules/services/security/privacyidea.nix>
|
services.privacyidea.secretKeyThis is used to encrypt the auth_token.
Type: string
Example: "t0p s3cr3t"
Declared by:
<nixpkgs/nixos/modules/services/security/privacyidea.nix>
|
services.privacyidea.stateDirDirectory where all PrivacyIDEA files will be placed by default.
Type: string
Default: "/var/lib/privacyidea"
Declared by:
<nixpkgs/nixos/modules/services/security/privacyidea.nix>
|
services.privacyidea.superuserRealmThe realm where users are allowed to login as administrators.
Type: list of string
Default:
[ "super" "administrators" ]
Declared by:
<nixpkgs/nixos/modules/services/security/privacyidea.nix>
|
services.privacyidea.tokenjanitor.enableWhether to enable automatic runs of the token janitor.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/security/privacyidea.nix>
|
services.privacyidea.tokenjanitor.actionWhich action to take for matching tokens.
Type: one of "delete", "mark", "disable", "unassign"
Declared by:
<nixpkgs/nixos/modules/services/security/privacyidea.nix>
|
services.privacyidea.tokenjanitor.intervalInterval in which the cleanup program is supposed to run. See systemd.time(7) for further information.
Type: string
Default: "quarterly"
Declared by:
<nixpkgs/nixos/modules/services/security/privacyidea.nix>
|
services.privacyidea.tokenjanitor.orphanedWhether to search for orphaned tokens
and apply services.privacyidea.tokenjanitor.action
onto them.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/security/privacyidea.nix>
|
services.privacyidea.tokenjanitor.unassignedWhether to search for unassigned tokens
and apply services.privacyidea.tokenjanitor.action
onto them.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/security/privacyidea.nix>
|
services.privacyidea.userUser account under which PrivacyIDEA runs.
Type: string
Default: "privacyidea"
Declared by:
<nixpkgs/nixos/modules/services/security/privacyidea.nix>
|
services.privoxy.enableWhether to enable Privoxy, non-caching filtering proxy.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/privoxy.nix>
|
services.privoxy.enableTorWhether to configure Privoxy to use Tor's faster SOCKS port, suitable for HTTP.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/privoxy.nix>
|
services.privoxy.certsLifetimeIf inspectHttps is enabled, the time generated HTTPS
certificates will be stored in a temporary directory for reuse. Once
the lifetime has expired the directory will cleared and the certificate
will have to be generated again, on-demand.
Depending on the traffic, you may want to reduce the lifetime to limit the disk usage, since Privoxy itself never deletes the certificates.
The format is that of the tmpfiles.d(5)
Age parameter.
Type: tmpfiles.d(5) age format
Default: "10d"
Example: "12h"
Declared by:
<nixpkgs/nixos/modules/services/networking/privoxy.nix>
|
services.privoxy.inspectHttpsWhether to configure Privoxy to inspect HTTPS requests, meaning all encrypted traffic will be filtered as well. This works by decrypting and re-encrypting the requests using a per-domain generated certificate.
To issue per-domain certificates, Privoxy must be provided with a CA
certificate, using the ca-cert-file,
ca-key-file settings.
The CA certificate must also be added to the system trust roots,
otherwise browsers will reject all Privoxy certificates as invalid.
You can do so by using the option
security.pki.certificateFiles.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/privoxy.nix>
|
services.privoxy.settingsThis option is mapped to the main Privoxy configuration file. Check out the Privoxy user manual at https://www.privoxy.org/user-manual/config.html for available settings and documentation.
Repeated settings can be represented by using a list.
Type: privoxy configuration type. The format consists of an attribute set of settings. Each setting can be either a value (integer, string, boolean or path) or a list of such values.
Default: { }
Example:
{ # Listen on IPv6 only
listen-address = "[::]:8118";
# Forward .onion requests to Tor
forward-socks5 = ".onion localhost:9050 .";
# Log redirects and filters
debug = [ 128 64 ];
# This is equivalent to writing these lines
# in the Privoxy configuration file:
# debug 128
# debug 64
}
Declared by:
<nixpkgs/nixos/modules/services/networking/privoxy.nix>
|
services.privoxy.settings.enable-edit-actionsWhether the web-based actions file editor may be used.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/privoxy.nix>
|
services.privoxy.settings.actionsfileList of paths to Privoxy action files. These paths may either be absolute or relative to the privoxy configuration directory.
Type: list of string
Default:
[ "match-all.action" "default.action" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/privoxy.nix>
|
services.privoxy.settings.filterfileList of paths to Privoxy filter files. These paths may either be absolute or relative to the privoxy configuration directory.
Type: list of string
Default:
[ "default.filter" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/privoxy.nix>
|
services.privoxy.settings.listen-addressPair of address:port the proxy server is listening to.
Type: string
Default: "127.0.0.1:8118"
Declared by:
<nixpkgs/nixos/modules/services/networking/privoxy.nix>
|
services.privoxy.userActionsActions to be included in a user.action file. This
will have a higher priority and can be used to override all other
actions.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/privoxy.nix>
|
services.privoxy.userFiltersFilters to be included in a user.filter file. This
will have a higher priority and can be used to override all other
filters definitions.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/privoxy.nix>
|
services.prometheus.enableWhether to enable Prometheus monitoring daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.enableReloadReload prometheus when configuration file changes (instead of restart).
The following property holds: switching to a configuration
(switch-to-configuration) that changes the prometheus
configuration only finishes successully when prometheus has finished
loading the new configuration.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.packageThe prometheus package that should be used.
Type: package
Default: pkgs.prometheus
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.alertmanager.enableWhether to enable Prometheus Alertmanager.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/alertmanager.nix>
|
services.prometheus.alertmanager.packagePackage that should be used for alertmanager.
Type: package
Default: pkgs.alertmanager
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/alertmanager.nix>
|
services.prometheus.alertmanager.clusterPeersInitial peers for HA cluster.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/alertmanager.nix>
|
services.prometheus.alertmanager.configTextAlertmanager configuration as YAML text. If non-null, this option defines the text that is written to alertmanager.yml. If null, the contents of alertmanager.yml is generated from the structured config options.
Type: null or strings concatenated with "\n"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/alertmanager.nix>
|
services.prometheus.alertmanager.configurationAlertmanager configuration as nix attribute set.
Type: null or (attribute set)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/alertmanager.nix>
|
services.prometheus.alertmanager.environmentFileFile to load as environment file. Environment variables
from this file will be interpolated into the config file
using envsubst with this syntax:
$ENVIRONMENT ${VARIABLE}
Type: null or path
Default: null
Example: "/root/alertmanager.env"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/alertmanager.nix>
|
services.prometheus.alertmanager.extraFlagsExtra commandline options when launching the Alertmanager.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/alertmanager.nix>
|
services.prometheus.alertmanager.listenAddressAddress to listen on for the web interface and API. Empty string will listen on all interfaces. "localhost" will listen on 127.0.0.1 (but not ::1).
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/alertmanager.nix>
|
services.prometheus.alertmanager.logFormatIf set use a syslog logger or JSON logging.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/alertmanager.nix>
|
services.prometheus.alertmanager.logLevelOnly log messages with the given severity or above.
Type: one of "debug", "info", "warn", "error", "fatal"
Default: "warn"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/alertmanager.nix>
|
services.prometheus.alertmanager.openFirewallOpen port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/alertmanager.nix>
|
services.prometheus.alertmanager.portPort to listen on for the web interface and API.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9093
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/alertmanager.nix>
|
services.prometheus.alertmanager.webExternalUrlThe URL under which Alertmanager is externally reachable (for example, if Alertmanager is served via a reverse proxy). Used for generating relative and absolute links back to Alertmanager itself. If the URL has a path portion, it will be used to prefix all HTTP endoints served by Alertmanager. If omitted, relevant URL components will be derived automatically.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/alertmanager.nix>
|
services.prometheus.alertmanagerNotificationQueueCapacityThe capacity of the queue for pending alert manager notifications.
Type: signed integer
Default: 10000
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.alertmanagersA list of alertmanagers to send alerts to. See the official documentation for more information.
Type: list of (attribute set)
Default: [ ]
Example:
[ {
scheme = "https";
path_prefix = "/alertmanager";
static_configs = [ {
targets = [
"prometheus.domain.tld"
];
} ];
} ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.checkConfigCheck configuration with promtool check. The call to promtool is
subject to sandboxing by Nix.
If you use credentials stored in external files
(password_file, bearer_token_file, etc),
they will not be visible to promtool
and it will report errors, despite a correct configuration.
To resolve this, you may set this option to "syntax-only"
in order to only syntax check the Prometheus configuration.
Type: boolean or value "syntax-only" (singular enum)
Default: true
Example: "syntax-only"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.configTextIf non-null, this option defines the text that is written to prometheus.yml. If null, the contents of prometheus.yml is generated from the structured config options.
Type: null or strings concatenated with "\n"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.exportersPrometheus exporter configuration
Type: submodule
Default: { }
Example:
{
node = {
enable = true;
enabledCollectors = [ "systemd" ];
};
varnish.enable = true;
}
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.apcupsd.enableWhether to enable the prometheus apcupsd exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.apcupsd.apcupsdAddressAddress of the apcupsd Network Information Server (NIS).
Type: string
Default: ":3551"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.apcupsd.apcupsdNetworkNetwork of the apcupsd Network Information Server (NIS): one of "tcp", "tcp4", or "tcp6".
Type: one of "tcp", "tcp4", "tcp6"
Default: "tcp"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.apcupsd.extraFlagsExtra commandline options to pass to the apcupsd exporter.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.apcupsd.firewallFilterSpecify a filter for iptables to use when
services.prometheus.exporters.apcupsd.openFirewall
is true. It is used as ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9162"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.apcupsd.groupGroup under which the apcupsd exporter shall be run.
Type: string
Default: "apcupsd-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.apcupsd.listenAddressAddress to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.apcupsd.openFirewallOpen port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.apcupsd.portPort to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9162
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.apcupsd.userUser name under which the apcupsd exporter shall be run.
Type: string
Default: "apcupsd-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.artifactory.enableWhether to enable the prometheus artifactory exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.artifactory.artiAccessTokenAccess token for authentication against JFrog Artifactory API. One of the password or access token needs to be set.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.artifactory.artiPasswordPassword for authentication against JFrog Artifactory API. One of the password or access token needs to be set.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.artifactory.artiUsernameUsername for authentication against JFrog Artifactory API.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.artifactory.extraFlagsExtra commandline options to pass to the artifactory exporter.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.artifactory.firewallFilterSpecify a filter for iptables to use when
services.prometheus.exporters.artifactory.openFirewall
is true. It is used as ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9531"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.artifactory.groupGroup under which the artifactory exporter shall be run.
Type: string
Default: "artifactory-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.artifactory.listenAddressAddress to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.artifactory.openFirewallOpen port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.artifactory.portPort to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9531
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.artifactory.scrapeUriURI on which to scrape JFrog Artifactory.
Type: string
Default: "http://localhost:8081/artifactory"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.artifactory.userUser name under which the artifactory exporter shall be run.
Type: string
Default: "artifactory-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.bind.enableWhether to enable the prometheus bind exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.bind.bindGroupsList of statistics to collect. Available: [server, view, tasks]
Type: list of (one of "server", "view", "tasks")
Default:
[ "server" "view" ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.bind.bindTimeoutTimeout for trying to get stats from Bind.
Type: string
Default: "10s"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.bind.bindURIHTTP XML API address of an Bind server.
Type: string
Default: "http://localhost:8053/"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.bind.bindVersionBIND statistics version. Can be detected automatically.
Type: one of "xml.v2", "xml.v3", "auto"
Default: "auto"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.bind.extraFlagsExtra commandline options to pass to the bind exporter.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.bind.firewallFilterSpecify a filter for iptables to use when
services.prometheus.exporters.bind.openFirewall
is true. It is used as ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9119"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.bind.groupGroup under which the bind exporter shall be run.
Type: string
Default: "bind-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.bind.listenAddressAddress to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.bind.openFirewallOpen port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.bind.portPort to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9119
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.bind.userUser name under which the bind exporter shall be run.
Type: string
Default: "bind-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.bird.enableWhether to enable the prometheus bird exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.bird.birdSocketPath to BIRD2 (or BIRD1 v4) socket.
Type: path
Default: "/run/bird/bird.ctl"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.bird.birdVersionSpecifies whether BIRD1 or BIRD2 is in use.
Type: one of 1, 2
Default: 2
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.bird.extraFlagsExtra commandline options to pass to the bird exporter.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.bird.firewallFilterSpecify a filter for iptables to use when
services.prometheus.exporters.bird.openFirewall
is true. It is used as ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9324"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.bird.groupGroup under which the bird exporter shall be run.
Type: string
Default: "bird-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.bird.listenAddressAddress to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.bird.newMetricFormatEnable the new more-generic metric format.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.bird.openFirewallOpen port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.bird.portPort to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9324
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.bird.userUser name under which the bird exporter shall be run.
Type: string
Default: "bird-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.bitcoin.enableWhether to enable the prometheus bitcoin exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.bitcoin.extraEnvExtra environment variables for the exporter.
Type: attribute set of string
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.bitcoin.extraFlagsExtra commandline options to pass to the bitcoin exporter.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.bitcoin.firewallFilterSpecify a filter for iptables to use when
services.prometheus.exporters.bitcoin.openFirewall
is true. It is used as ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9332"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.bitcoin.groupGroup under which the bitcoin exporter shall be run.
Type: string
Default: "bitcoin-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.bitcoin.listenAddressAddress to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.bitcoin.openFirewallOpen port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.bitcoin.portPort to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9332
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.bitcoin.refreshSecondsHow often to ask bitcoind for metrics.
Type: unsigned integer, meaning >=0
Default: 300
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.bitcoin.rpcHostRPC host.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.bitcoin.rpcPasswordFileFile containing RPC password.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.bitcoin.rpcPortRPC port number.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8332
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.bitcoin.rpcSchemeWhether to connect to bitcoind over http or https.
Type: one of "http", "https"
Default: "http"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.bitcoin.rpcUserRPC user name.
Type: string
Default: "bitcoinrpc"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.bitcoin.userUser name under which the bitcoin exporter shall be run.
Type: string
Default: "bitcoin-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.blackbox.enableWhether to enable the prometheus blackbox exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.blackbox.enableConfigCheckWhether to run a correctness check for the configuration file. This depends on the configuration file residing in the nix-store. Paths passed as string will be copied to the store.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.blackbox.configFilePath to configuration file.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.blackbox.extraFlagsExtra commandline options to pass to the blackbox exporter.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.blackbox.firewallFilterSpecify a filter for iptables to use when
services.prometheus.exporters.blackbox.openFirewall
is true. It is used as ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9115"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.blackbox.groupGroup under which the blackbox exporter shall be run.
Type: string
Default: "blackbox-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.blackbox.listenAddressAddress to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.blackbox.openFirewallOpen port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.blackbox.portPort to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9115
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.blackbox.userUser name under which the blackbox exporter shall be run.
Type: string
Default: "blackbox-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.buildkite-agent.enableWhether to enable the prometheus buildkite-agent exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.buildkite-agent.endpointThe Buildkite Agent API endpoint.
Type: string
Default: "https://agent.buildkite.com/v3"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.buildkite-agent.extraFlagsExtra commandline options to pass to the buildkite-agent exporter.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.buildkite-agent.firewallFilterSpecify a filter for iptables to use when
services.prometheus.exporters.buildkite-agent.openFirewall
is true. It is used as ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9876"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.buildkite-agent.groupGroup under which the buildkite-agent exporter shall be run.
Type: string
Default: "buildkite-agent-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.buildkite-agent.intervalHow often to update metrics.
Type: string
Default: "30s"
Example: "1min"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.buildkite-agent.listenAddressAddress to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.buildkite-agent.openFirewallOpen port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.buildkite-agent.portPort to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9876
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.buildkite-agent.queuesWhich specific queues to process.
Type: null or (list of string)
Default: null
Example: [ "my-queue1" "my-queue2" ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.buildkite-agent.tokenPathThe token from your Buildkite "Agents" page.
A run-time path to the token file, which is supposed to be provisioned outside of Nix store.
Type: null or path
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.buildkite-agent.userUser name under which the buildkite-agent exporter shall be run.
Type: string
Default: "buildkite-agent-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.collectd.enableWhether to enable the prometheus collectd exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.collectd.collectdBinary.enableWhether to enable collectd binary protocol receiver.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.collectd.collectdBinary.authFileFile mapping user names to pre-shared keys (passwords).
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.collectd.collectdBinary.listenAddressAddress to listen on for binary network packets.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.collectd.collectdBinary.portNetwork address on which to accept collectd binary network packets.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 25826
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.collectd.collectdBinary.securityLevelMinimum required security level for accepted packets.
Type: one of "None", "Sign", "Encrypt"
Default: "None"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.collectd.extraFlagsExtra commandline options to pass to the collectd exporter.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.collectd.firewallFilterSpecify a filter for iptables to use when
services.prometheus.exporters.collectd.openFirewall
is true. It is used as ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9103"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.collectd.groupGroup under which the collectd exporter shall be run.
Type: string
Default: "collectd-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.collectd.listenAddressAddress to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.collectd.logFormatSet the log format.
Type: one of "logfmt", "json"
Default: "logfmt"
Example: "json"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.collectd.logLevelOnly log messages with the given severity or above.
Type: one of "debug", "info", "warn", "error", "fatal"
Default: "info"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.collectd.openFirewallOpen port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.collectd.portPort to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9103
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.collectd.userUser name under which the collectd exporter shall be run.
Type: string
Default: "collectd-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.dmarc.enableWhether to enable the prometheus dmarc exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.dmarc.debugWhether to declare enable --debug.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.dmarc.deduplicationMaxSecondsHow long individual report IDs will be remembered to avoid counting double delivered reports twice.
Type: unsigned integer, meaning >=0
Default: "7 days (in seconds)"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.dmarc.extraFlagsExtra commandline options to pass to the dmarc exporter.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.dmarc.firewallFilterSpecify a filter for iptables to use when
services.prometheus.exporters.dmarc.openFirewall
is true. It is used as ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9797"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.dmarc.folders.doneIMAP mailbox that successfully processed reports are moved to.
Type: string
Default: "Archive"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.dmarc.folders.errorIMAP mailbox that emails are moved to that could not be processed.
Type: string
Default: "Invalid"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.dmarc.folders.inboxIMAP mailbox that is checked for incoming DMARC aggregate reports
Type: string
Default: "INBOX"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.dmarc.groupGroup under which the dmarc exporter shall be run.
Type: string
Default: "dmarc-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.dmarc.imap.hostHostname of IMAP server to connect to.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.dmarc.imap.passwordFileFile containing the login password for the IMAP connection.
Type: string
Example: "/run/secrets/dovecot_pw"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.dmarc.imap.portPort of the IMAP server to connect to.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 993
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.dmarc.imap.usernameLogin username for the IMAP connection.
Type: string
Example: "postmaster@example.org"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.dmarc.listenAddressAddress to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.dmarc.openFirewallOpen port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.dmarc.pollIntervalSecondsHow often to poll the IMAP server in seconds.
Type: unsigned integer, meaning >=0
Default: 60
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.dmarc.portPort to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9797
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.dmarc.userUser name under which the dmarc exporter shall be run.
Type: string
Default: "dmarc-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.dnsmasq.enableWhether to enable the prometheus dnsmasq exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.dnsmasq.dnsmasqListenAddressAddress on which dnsmasq listens.
Type: string
Default: "localhost:53"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.dnsmasq.extraFlagsExtra commandline options to pass to the dnsmasq exporter.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.dnsmasq.firewallFilterSpecify a filter for iptables to use when
services.prometheus.exporters.dnsmasq.openFirewall
is true. It is used as ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9153"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.dnsmasq.groupGroup under which the dnsmasq exporter shall be run.
Type: string
Default: "dnsmasq-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.dnsmasq.leasesPathPath to the dnsmasq.leases file.
Type: path
Default: "/var/lib/misc/dnsmasq.leases"
Example: "/var/lib/dnsmasq/dnsmasq.leases"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.dnsmasq.listenAddressAddress to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.dnsmasq.openFirewallOpen port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.dnsmasq.portPort to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9153
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.dnsmasq.userUser name under which the dnsmasq exporter shall be run.
Type: string
Default: "dnsmasq-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.domain.enableWhether to enable the prometheus domain exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.domain.extraFlagsExtra commandline options to pass to the domain exporter.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.domain.firewallFilterSpecify a filter for iptables to use when
services.prometheus.exporters.domain.openFirewall
is true. It is used as ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9222"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.domain.groupGroup under which the domain exporter shall be run.
Type: string
Default: "domain-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.domain.listenAddressAddress to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.domain.openFirewallOpen port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.domain.portPort to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9222
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.domain.userUser name under which the domain exporter shall be run.
Type: string
Default: "domain-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.dovecot.enableWhether to enable the prometheus dovecot exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.dovecot.extraFlagsExtra commandline options to pass to the dovecot exporter.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.dovecot.firewallFilterSpecify a filter for iptables to use when
services.prometheus.exporters.dovecot.openFirewall
is true. It is used as ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9166"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.dovecot.groupGroup under which the dovecot exporter shall be run.
Type: string
Default: "dovecot-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.dovecot.listenAddressAddress to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.dovecot.openFirewallOpen port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.dovecot.portPort to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9166
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.dovecot.scopesStats scopes to query.
Type: list of string
Default:
[ "user" ]
Example:
[ "user" "global" ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.dovecot.socketPathPath under which the stats socket is placed. The user/group under which the exporter runs, should be able to access the socket in order to scrape the metrics successfully.
Please keep in mind that the stats module has changed in Dovecot 2.3+ which is not compatible with this exporter.
The following extra config has to be passed to Dovecot to ensure that recent versions work with this exporter:
{
services.prometheus.exporters.dovecot.enable = true;
services.prometheus.exporters.dovecot.socketPath = "/var/run/dovecot2/old-stats";
services.dovecot2.mailPlugins.globally.enable = [ "old_stats" ];
services.dovecot2.extraConfig = ''
service old-stats {
unix_listener old-stats {
user = dovecot-exporter
group = dovecot-exporter
mode = 0660
}
fifo_listener old-stats-mail {
mode = 0660
user = dovecot
group = dovecot
}
fifo_listener old-stats-user {
mode = 0660
user = dovecot
group = dovecot
}
}
plugin {
old_stats_refresh = 30 secs
old_stats_track_cmds = yes
}
'';
}
Type: path
Default: "/var/run/dovecot/stats"
Example: "/var/run/dovecot2/old-stats"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.dovecot.telemetryPathPath under which to expose metrics.
Type: string
Default: "/metrics"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.dovecot.userUser name under which the dovecot exporter shall be run.
Type: string
Default: "dovecot-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.fastly.enableWhether to enable the prometheus fastly exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.fastly.configFilePath to a fastly-exporter configuration file.
Example one can be generated with fastly-exporter --config-file-example.
Type: null or path
Default: null
Example: "./fastly-exporter-config.txt"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.fastly.debugWhether to enable Debug logging mode for fastly-exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.fastly.extraFlagsExtra commandline options to pass to the fastly exporter.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.fastly.firewallFilterSpecify a filter for iptables to use when
services.prometheus.exporters.fastly.openFirewall
is true. It is used as ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9118"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.fastly.groupGroup under which the fastly exporter shall be run.
Type: string
Default: "fastly-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.fastly.listenAddressAddress to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.fastly.openFirewallOpen port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.fastly.portPort to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9118
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.fastly.tokenPathA run-time path to the token file, which is supposed to be provisioned outside of Nix store.
Type: null or path
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.fastly.userUser name under which the fastly exporter shall be run.
Type: string
Default: "fastly-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.flow.enableWhether to enable the prometheus flow exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.flow.asnThe ASN being monitored.
Type: positive integer, meaning >0
Example: 65542
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.flow.brokersList of Kafka brokers to connect to.
Type: list of string
Example: [ "kafka.example.org:19092" ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.flow.extraFlagsExtra commandline options to pass to the flow exporter.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.flow.firewallFilterSpecify a filter for iptables to use when
services.prometheus.exporters.flow.openFirewall
is true. It is used as ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9590"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.flow.groupGroup under which the flow exporter shall be run.
Type: string
Default: "flow-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.flow.listenAddressAddress to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.flow.openFirewallOpen port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.flow.partitionsThe number of the partitions to consume, none means all.
Type: list of signed integer
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.flow.portPort to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9590
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.flow.topicThe Kafka topic to consume from.
Type: string
Example: "pmacct.acct"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.flow.userUser name under which the flow exporter shall be run.
Type: string
Default: "flow-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.fritzbox.enableWhether to enable the prometheus fritzbox exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.fritzbox.extraFlagsExtra commandline options to pass to the fritzbox exporter.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.fritzbox.firewallFilterSpecify a filter for iptables to use when
services.prometheus.exporters.fritzbox.openFirewall
is true. It is used as ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9133"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.fritzbox.gatewayAddressThe hostname or IP of the FRITZ!Box.
Type: string
Default: "fritz.box"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.fritzbox.gatewayPortThe port of the FRITZ!Box UPnP service.
Type: signed integer
Default: 49000
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.fritzbox.groupGroup under which the fritzbox exporter shall be run.
Type: string
Default: "fritzbox-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.fritzbox.listenAddressAddress to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.fritzbox.openFirewallOpen port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.fritzbox.portPort to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9133
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.fritzbox.userUser name under which the fritzbox exporter shall be run.
Type: string
Default: "fritzbox-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.influxdb.enableWhether to enable the prometheus influxdb exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.influxdb.extraFlagsExtra commandline options to pass to the influxdb exporter.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.influxdb.firewallFilterSpecify a filter for iptables to use when
services.prometheus.exporters.influxdb.openFirewall
is true. It is used as ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9122"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.influxdb.groupGroup under which the influxdb exporter shall be run.
Type: string
Default: "influxdb-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.influxdb.listenAddressAddress to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.influxdb.openFirewallOpen port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.influxdb.portPort to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9122
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.influxdb.sampleExpiryHow long a sample is valid for
Type: string
Default: "5m"
Example: "10m"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.influxdb.udpBindAddressAddress on which to listen for udp packets
Type: string
Default: ":9122"
Example: "192.0.2.1:9122"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.influxdb.userUser name under which the influxdb exporter shall be run.
Type: string
Default: "influxdb-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.ipmi.enableWhether to enable the prometheus ipmi exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.ipmi.configFilePath to configuration file.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.ipmi.extraFlagsExtra commandline options to pass to the ipmi exporter.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.ipmi.firewallFilterSpecify a filter for iptables to use when
services.prometheus.exporters.ipmi.openFirewall
is true. It is used as ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9290"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.ipmi.groupGroup under which the ipmi exporter shall be run.
Type: string
Default: "ipmi-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.ipmi.listenAddressAddress to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.ipmi.openFirewallOpen port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.ipmi.portPort to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9290
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.ipmi.userUser name under which the ipmi exporter shall be run.
Type: string
Default: "ipmi-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.ipmi.webConfigFilePath to configuration file that can enable TLS or authentication.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.jitsi.enableWhether to enable the prometheus jitsi exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.jitsi.extraFlagsExtra commandline options to pass to the jitsi exporter.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.jitsi.firewallFilterSpecify a filter for iptables to use when
services.prometheus.exporters.jitsi.openFirewall
is true. It is used as ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9700"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.jitsi.groupGroup under which the jitsi exporter shall be run.
Type: string
Default: "jitsi-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.jitsi.intervalHow often to scrape new data
Type: string
Default: "30s"
Example: "1min"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.jitsi.listenAddressAddress to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.jitsi.openFirewallOpen port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.jitsi.portPort to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9700
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.jitsi.urlJitsi Videobridge metrics URL to monitor. This is usually /colibri/stats on port 8080 of the jitsi videobridge host.
Type: string
Default: "http://localhost:8080/colibri/stats"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.jitsi.userUser name under which the jitsi exporter shall be run.
Type: string
Default: "jitsi-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.json.enableWhether to enable the prometheus json exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.json.configFilePath to configuration file.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.json.extraFlagsExtra commandline options to pass to the json exporter.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.json.firewallFilterSpecify a filter for iptables to use when
services.prometheus.exporters.json.openFirewall
is true. It is used as ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 7979"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.json.groupGroup under which the json exporter shall be run.
Type: string
Default: "json-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.json.listenAddressAddress to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.json.openFirewallOpen port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.json.portPort to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 7979
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.json.userUser name under which the json exporter shall be run.
Type: string
Default: "json-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.kea.enableWhether to enable the prometheus kea exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.kea.controlSocketPathsPaths to kea control sockets
Type: list of string
Example:
[ "/run/kea/kea-dhcp4.socket" "/run/kea/kea-dhcp6.socket" ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.kea.extraFlagsExtra commandline options to pass to the kea exporter.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.kea.firewallFilterSpecify a filter for iptables to use when
services.prometheus.exporters.kea.openFirewall
is true. It is used as ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9547"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.kea.groupGroup under which the kea exporter shall be run.
Type: string
Default: "kea-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.kea.listenAddressAddress to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.kea.openFirewallOpen port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.kea.portPort to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9547
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.kea.userUser name under which the kea exporter shall be run.
Type: string
Default: "kea-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.keylight.enableWhether to enable the prometheus keylight exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.keylight.extraFlagsExtra commandline options to pass to the keylight exporter.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.keylight.firewallFilterSpecify a filter for iptables to use when
services.prometheus.exporters.keylight.openFirewall
is true. It is used as ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9288"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.keylight.groupGroup under which the keylight exporter shall be run.
Type: string
Default: "keylight-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.keylight.listenAddressAddress to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.keylight.openFirewallOpen port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.keylight.portPort to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9288
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.keylight.userUser name under which the keylight exporter shall be run.
Type: string
Default: "keylight-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.knot.enableWhether to enable the prometheus knot exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.knot.extraFlagsExtra commandline options to pass to the knot exporter.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.knot.firewallFilterSpecify a filter for iptables to use when
services.prometheus.exporters.knot.openFirewall
is true. It is used as ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9433"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.knot.groupGroup under which the knot exporter shall be run.
Type: string
Default: "knot-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.knot.knotLibraryPathPath to the library of knot-dns.
Type: string
Default: "${pkgs.knot-dns.out}/lib/libknot.so"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.knot.knotSocketPathSocket path of knotd(8).
Type: string
Default: "/run/knot/knot.sock"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.knot.knotSocketTimeoutTimeout in seconds.
Type: signed integer
Default: 2000
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.knot.listenAddressAddress to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.knot.openFirewallOpen port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.knot.portPort to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9433
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.knot.userUser name under which the knot exporter shall be run.
Type: string
Default: "knot-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.lnd.enableWhether to enable the prometheus lnd exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.lnd.extraFlagsExtra commandline options to pass to the lnd exporter.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.lnd.firewallFilterSpecify a filter for iptables to use when
services.prometheus.exporters.lnd.openFirewall
is true. It is used as ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9092"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.lnd.groupGroup under which the lnd exporter shall be run.
Type: string
Default: "lnd-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.lnd.listenAddressAddress to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.lnd.lndHostlnd instance gRPC address:port.
Type: string
Default: "localhost:10009"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.lnd.lndMacaroonDirPath to lnd macaroons.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.lnd.lndTlsPathPath to lnd TLS certificate.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.lnd.openFirewallOpen port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.lnd.portPort to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9092
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.lnd.userUser name under which the lnd exporter shall be run.
Type: string
Default: "lnd-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.mail.enableWhether to enable the prometheus mail exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.mail.configFileSpecify the mailexporter configuration file to use.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.mail.configurationSpecify the mailexporter configuration file to use.
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.mail.configuration.disableFileDeletionDisables the exporter's function to delete probing mails.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.mail.configuration.mailCheckTimeoutTimeout until mails are considered "didn't make it".
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.mail.configuration.monitoringIntervalTime interval between two probe attempts.
Type: string
Example: "10s"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.mail.configuration.serversList of servers that should be probed.
Note: if your mailserver has rspamd(8) configured, it can happen that emails from this exporter are marked as spam.
It's possible to work around the issue with a config like this:
{
services.rspamd.locals."multimap.conf".text = ''
ALLOWLIST_PROMETHEUS {
filter = "email:domain:tld";
type = "from";
map = "${pkgs.writeText "allowmap" "domain.tld"}";
score = -100.0;
}
'';
}
Type: list of (submodule)
Default: [ ]
Example:
[ {
name = "testserver";
server = "smtp.domain.tld";
port = 587;
from = "exporteruser@domain.tld";
to = "exporteruser@domain.tld";
detectionDir = "/path/to/Maildir/new";
} ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.mail.configuration.servers.*.detectionDirDirectory in which new mails for the exporter user are placed. Note that this needs to exist when the exporter starts.
Type: path
Example: "/var/spool/mail/exporteruser/new"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.mail.configuration.servers.*.fromContent of 'From' Header for probing mails.
Type: string
Example: "exporteruser@domain.tld"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.mail.configuration.servers.*.loginUsername to use for SMTP authentication.
Type: null or string
Default: null
Example: "exporteruser@domain.tld"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.mail.configuration.servers.*.nameValue for label 'configname' which will be added to all metrics.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.mail.configuration.servers.*.passphrasePassword to use for SMTP authentication.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.mail.configuration.servers.*.portPort to use for SMTP.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Example: 587
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.mail.configuration.servers.*.serverHostname of the server that should be probed.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.mail.configuration.servers.*.toContent of 'To' Header for probing mails.
Type: string
Example: "exporteruser@domain.tld"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.mail.environmentFileFile containing env-vars to be substituted into the exporter's config.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.mail.extraFlagsExtra commandline options to pass to the mail exporter.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.mail.firewallFilterSpecify a filter for iptables to use when
services.prometheus.exporters.mail.openFirewall
is true. It is used as ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9225"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.mail.groupGroup under which the mail exporter shall be run.
Type: string
Default: "mail-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.mail.listenAddressAddress to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.mail.openFirewallOpen port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.mail.portPort to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9225
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.mail.telemetryPathPath under which to expose metrics.
Type: string
Default: "/metrics"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.mail.userUser name under which the mail exporter shall be run.
Type: string
Default: "mail-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.mikrotik.enableWhether to enable the prometheus mikrotik exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.mikrotik.configFilePath to a mikrotik exporter configuration file. Mutually exclusive with
configuration option.
Type: null or path
Default: null
Example: ./mikrotik.yml
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.mikrotik.configurationMikrotik exporter configuration as nix attribute set. Mutually exclusive with
configFile option.
See https://github.com/nshttpd/mikrotik-exporter/blob/master/README.md for the description of the configuration file format.
Type: null or (attribute set)
Default: null
Example:
{
devices = [
{
name = "my_router";
address = "10.10.0.1";
user = "prometheus";
password = "changeme";
}
];
features = {
bgp = true;
dhcp = true;
routes = true;
optics = true;
};
}
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.mikrotik.extraFlagsExtra commandline options to pass to the mikrotik exporter.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.mikrotik.firewallFilterSpecify a filter for iptables to use when
services.prometheus.exporters.mikrotik.openFirewall
is true. It is used as ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9436"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.mikrotik.groupGroup under which the mikrotik exporter shall be run.
Type: string
Default: "mikrotik-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.mikrotik.listenAddressAddress to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.mikrotik.openFirewallOpen port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.mikrotik.portPort to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9436
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.mikrotik.userUser name under which the mikrotik exporter shall be run.
Type: string
Default: "mikrotik-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.minio.enableWhether to enable the prometheus minio exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.minio.extraFlagsExtra commandline options to pass to the minio exporter.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.minio.firewallFilterSpecify a filter for iptables to use when
services.prometheus.exporters.minio.openFirewall
is true. It is used as ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9290"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.minio.groupGroup under which the minio exporter shall be run.
Type: string
Default: "minio-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.minio.listenAddressAddress to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.minio.minioAccessKeyThe value of the Minio access key.
It is required in order to connect to the server.
By default this uses the one from the local minio server if enabled
and config.services.minio.accessKey.
Type: string
Example: "yourMinioAccessKey"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.minio.minioAccessSecretThe value of the Minio access secret.
It is required in order to connect to the server.
By default this uses the one from the local minio server if enabled
and config.services.minio.secretKey.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.minio.minioAddressThe URL of the minio server. Use HTTPS if Minio accepts secure connections only. By default this connects to the local minio server if enabled.
Type: string
Example: "https://10.0.0.1:9000"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.minio.minioBucketStatsCollect statistics about the buckets and files in buckets. It requires more computation, use it carefully in case of large buckets..
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.minio.openFirewallOpen port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.minio.portPort to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9290
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.minio.userUser name under which the minio exporter shall be run.
Type: string
Default: "minio-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.modemmanager.enableWhether to enable the prometheus modemmanager exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.modemmanager.extraFlagsExtra commandline options to pass to the modemmanager exporter.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.modemmanager.firewallFilterSpecify a filter for iptables to use when
services.prometheus.exporters.modemmanager.openFirewall
is true. It is used as ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9539"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.modemmanager.groupGroup under which the modemmanager exporter shall be run.
Type: string
Default: "modemmanager-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.modemmanager.listenAddressAddress to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.modemmanager.openFirewallOpen port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.modemmanager.portPort to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9539
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.modemmanager.refreshRateHow frequently ModemManager will refresh the extended signal quality information for each modem. The duration should be specified in seconds ("5s"), minutes ("1m"), or hours ("1h").
Type: string
Default: "5s"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.modemmanager.userUser name under which the modemmanager exporter shall be run.
Type: string
Default: "modemmanager-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.nextcloud.enableWhether to enable the prometheus nextcloud exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.nextcloud.extraFlagsExtra commandline options to pass to the nextcloud exporter.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.nextcloud.firewallFilterSpecify a filter for iptables to use when
services.prometheus.exporters.nextcloud.openFirewall
is true. It is used as ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9205"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.nextcloud.groupGroup under which the nextcloud exporter shall be run.
Type: string
Default: "nextcloud-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.nextcloud.listenAddressAddress to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.nextcloud.openFirewallOpen port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.nextcloud.passwordFileFile containing the password for connecting to Nextcloud. Make sure that this file is readable by the exporter user.
Type: path
Example: "/path/to/password-file"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.nextcloud.portPort to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9205
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.nextcloud.timeoutTimeout for getting server info document.
Type: string
Default: "5s"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.nextcloud.urlURL to the Nextcloud serverinfo page.
Adding the path to the serverinfo API is optional, it defaults
to /ocs/v2.php/apps/serverinfo/api/v1/info.
Type: string
Example: "https://domain.tld"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.nextcloud.userUser name under which the nextcloud exporter shall be run.
Type: string
Default: "nextcloud-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.nextcloud.usernameUsername for connecting to Nextcloud. Note that this account needs to have admin privileges in Nextcloud.
Type: string
Default: "nextcloud-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.nginx.enableWhether to enable the prometheus nginx exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.nginx.constLabelsA list of constant labels that will be used in every metric.
Type: list of string
Default: [ ]
Example:
[ "label1=value1" "label2=value2" ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.nginx.extraFlagsExtra commandline options to pass to the nginx exporter.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.nginx.firewallFilterSpecify a filter for iptables to use when
services.prometheus.exporters.nginx.openFirewall
is true. It is used as ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9113"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.nginx.groupGroup under which the nginx exporter shall be run.
Type: string
Default: "nginx-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.nginx.listenAddressAddress to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.nginx.openFirewallOpen port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.nginx.portPort to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9113
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.nginx.scrapeUriAddress to access the nginx status page. Can be enabled with services.nginx.statusPage = true.
Type: string
Default: "http://localhost/nginx_status"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.nginx.sslVerifyWhether to perform certificate verification for https.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.nginx.telemetryPathPath under which to expose metrics.
Type: string
Default: "/metrics"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.nginx.userUser name under which the nginx exporter shall be run.
Type: string
Default: "nginx-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.nginxlog.enableWhether to enable the prometheus nginxlog exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.nginxlog.extraFlagsExtra commandline options to pass to the nginxlog exporter.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.nginxlog.firewallFilterSpecify a filter for iptables to use when
services.prometheus.exporters.nginxlog.openFirewall
is true. It is used as ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9117"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.nginxlog.groupGroup under which the nginxlog exporter shall be run.
Type: string
Default: "nginxlog-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.nginxlog.listenAddressAddress to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.nginxlog.metricsEndpointPath under which to expose metrics.
Type: string
Default: "/metrics"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.nginxlog.openFirewallOpen port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.nginxlog.portPort to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9117
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.nginxlog.settingsAll settings of nginxlog expressed as an Nix attrset.
Check the official documentation for the corresponding YAML settings that can all be used here: https://github.com/martin-helmich/prometheus-nginxlog-exporter
The listen object is already generated by port, listenAddress and metricsEndpoint and
will be merged with the value of settings before writing it as JSON.
Type: attribute set
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.nginxlog.userUser name under which the nginxlog exporter shall be run.
Type: string
Default: "nginxlog-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.node.enableWhether to enable the prometheus node exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.node.enabledCollectorsCollectors to enable. The collectors listed here are enabled in addition to the default ones.
Type: list of string
Default: [ ]
Example:
[ "systemd" ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.node.disabledCollectorsCollectors to disable which are enabled by default.
Type: list of string
Default: [ ]
Example:
[ "timex" ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.node.extraFlagsExtra commandline options to pass to the node exporter.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.node.firewallFilterSpecify a filter for iptables to use when
services.prometheus.exporters.node.openFirewall
is true. It is used as ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9100"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.node.groupGroup under which the node exporter shall be run.
Type: string
Default: "node-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.node.listenAddressAddress to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.node.openFirewallOpen port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.node.portPort to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9100
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.node.userUser name under which the node exporter shall be run.
Type: string
Default: "node-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.nut.enableWhether to enable the prometheus nut exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.nut.extraFlagsExtra commandline options to pass to the nut exporter.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.nut.firewallFilterSpecify a filter for iptables to use when
services.prometheus.exporters.nut.openFirewall
is true. It is used as ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9199"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.nut.groupGroup under which the nut exporter shall be run.
Type: string
Default: "nut-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.nut.listenAddressAddress to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.nut.nutServerHostname or address of the NUT server
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.nut.nutUserThe user to log in into NUT server. If set, passwordPath should also be set.
Default NUT configs usually permit reading variables without authentication.
Type: string
Default: ""
Example: "nut"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.nut.openFirewallOpen port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.nut.passwordPathA run-time path to the nutUser password file, which should be provisioned outside of Nix store.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.nut.portPort to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9199
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.nut.userUser name under which the nut exporter shall be run.
Type: string
Default: "nut-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.openldap.enableWhether to enable the prometheus openldap exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.openldap.extraFlagsExtra commandline options to pass to the openldap exporter.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.openldap.firewallFilterSpecify a filter for iptables to use when
services.prometheus.exporters.openldap.openFirewall
is true. It is used as ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9330"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.openldap.groupGroup under which the openldap exporter shall be run.
Type: string
Default: "openldap-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.openldap.intervalScrape interval of the exporter.
Type: string
Default: "30s"
Example: "1m"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.openldap.ldapAddrAddress of the openldap-instance.
Type: string
Default: "localhost:389"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.openldap.ldapCredentialFileEnvironment file to contain the credentials to authenticate against
openldap.
The file should look like this:
--- ldapUser: "cn=monitoring,cn=Monitor" ldapPass: "secret"
Type: path
Example: "/run/keys/ldap_pass"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.openldap.listenAddressAddress to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.openldap.metricsPathURL path where metrics should be exposed.
Type: string
Default: "/metrics"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.openldap.openFirewallOpen port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.openldap.portPort to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9330
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.openldap.protocolWhich protocol to use to connect against openldap.
Type: string
Default: "tcp"
Example: "udp"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.openldap.userUser name under which the openldap exporter shall be run.
Type: string
Default: "openldap-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.openvpn.enableWhether to enable the prometheus openvpn exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.openvpn.extraFlagsExtra commandline options to pass to the openvpn exporter.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.openvpn.firewallFilterSpecify a filter for iptables to use when
services.prometheus.exporters.openvpn.openFirewall
is true. It is used as ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9176"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.openvpn.groupGroup under which the openvpn exporter shall be run.
Type: string
Default: "openvpn-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.openvpn.listenAddressAddress to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.openvpn.openFirewallOpen port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.openvpn.portPort to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9176
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.openvpn.statusPathsPaths to OpenVPN status files. Please configure the OpenVPN option
status accordingly.
Type: list of string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.openvpn.telemetryPathPath under which to expose metrics.
Type: string
Default: "/metrics"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.openvpn.userUser name under which the openvpn exporter shall be run.
Type: string
Default: "openvpn-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.pihole.enableWhether to enable the prometheus pihole exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.pihole.apiTokenpi-hole API token which can be used instead of a password
Type: string
Default: ""
Example: "580a770cb40511eb85290242ac130003580a770cb40511eb85290242ac130003"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.pihole.extraFlagsExtra commandline options to pass to the pihole exporter.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.pihole.firewallFilterSpecify a filter for iptables to use when
services.prometheus.exporters.pihole.openFirewall
is true. It is used as ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9617"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.pihole.groupGroup under which the pihole exporter shall be run.
Type: string
Default: "pihole-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.pihole.intervalHow often to scrape new data
Type: string
Default: "10s"
Example: "30s"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.pihole.listenAddressAddress to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.pihole.openFirewallOpen port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.pihole.passwordThe password to login into pihole. An api token can be used instead.
Type: string
Default: ""
Example: "password"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.pihole.piholeHostnameHostname or address where to find the pihole webinterface
Type: string
Default: "pihole"
Example: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.pihole.piholePortThe port pihole webinterface is reachable on
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 80
Example: 443
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.pihole.portPort to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9617
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.pihole.protocolThe protocol which is used to connect to pihole
Type: one of "http", "https"
Default: "http"
Example: "https"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.pihole.userUser name under which the pihole exporter shall be run.
Type: string
Default: "pihole-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.postfix.enableWhether to enable the prometheus postfix exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.postfix.extraFlagsExtra commandline options to pass to the postfix exporter.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.postfix.firewallFilterSpecify a filter for iptables to use when
services.prometheus.exporters.postfix.openFirewall
is true. It is used as ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9154"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.postfix.groupGroup under which the postfix exporter shall be run.
It should match the group that is allowed to access the
showq socket in the queue/public/ directory.
Defaults to services.postfix.setgidGroup when postfix is enabled.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.postfix.listenAddressAddress to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.postfix.logfilePathPath where Postfix writes log entries. This file will be truncated by this exporter!
Type: path
Default: "/var/log/postfix_exporter_input.log"
Example: "/var/log/mail.log"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.postfix.openFirewallOpen port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.postfix.portPort to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9154
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.postfix.showqPathPath where Postfix places its showq socket.
Type: path
Default: "/var/lib/postfix/queue/public/showq"
Example: "/var/spool/postfix/public/showq"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.postfix.systemd.enableWhether to enable reading metrics from the systemd journal instead of from a logfile
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.postfix.systemd.journalPathPath to the systemd journal.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.postfix.systemd.sliceName of the postfix systemd slice.
This overrides the systemd.unit.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.postfix.systemd.unitName of the postfix systemd unit.
Type: string
Default: "postfix.service"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.postfix.telemetryPathPath under which to expose metrics.
Type: string
Default: "/metrics"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.postfix.userUser name under which the postfix exporter shall be run.
Type: string
Default: "postfix-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.postgres.enableWhether to enable the prometheus postgres exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.postgres.dataSourceNameAccepts PostgreSQL URI form and key=value form arguments.
Type: string
Default: "user=postgres database=postgres host=/run/postgresql sslmode=disable"
Example: "postgresql://username:password@localhost:5432/postgres?sslmode=disable"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.postgres.environmentFileEnvironment file as defined in systemd.exec(5).
Secrets may be passed to the service without adding them to the world-readable Nix store, by specifying placeholder variables as the option value in Nix and setting these variables accordingly in the environment file.
Environment variables from this file will be interpolated into the
config file using envsubst with this syntax:
$ENVIRONMENT ${VARIABLE}
The main use is to set the DATA_SOURCE_NAME that contains the postgres password
note that contents from this file will override dataSourceName if you have set it from nix.
# Content of the environment file DATA_SOURCE_NAME=postgresql://username:password@localhost:5432/postgres?sslmode=disable
Note that this file needs to be available on the host on which this exporter is running.
Type: null or path
Default: null
Example: "/root/prometheus-postgres-exporter.env"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.postgres.extraFlagsExtra commandline options to pass to the postgres exporter.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.postgres.firewallFilterSpecify a filter for iptables to use when
services.prometheus.exporters.postgres.openFirewall
is true. It is used as ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9187"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.postgres.groupGroup under which the postgres exporter shall be run.
Type: string
Default: "postgres-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.postgres.listenAddressAddress to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.postgres.openFirewallOpen port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.postgres.portPort to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9187
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.postgres.runAsLocalSuperUserWhether to run the exporter as the local 'postgres' super user.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.postgres.telemetryPathPath under which to expose metrics.
Type: string
Default: "/metrics"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.postgres.userUser name under which the postgres exporter shall be run.
Type: string
Default: "postgres-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.process.enableWhether to enable the prometheus process exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.process.extraFlagsExtra commandline options to pass to the process exporter.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.process.firewallFilterSpecify a filter for iptables to use when
services.prometheus.exporters.process.openFirewall
is true. It is used as ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9256"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.process.groupGroup under which the process exporter shall be run.
Type: string
Default: "process-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.process.listenAddressAddress to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.process.openFirewallOpen port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.process.portPort to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9256
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.process.settings.process_namesAll settings expressed as an Nix attrset.
Check the official documentation for the corresponding YAML settings that can all be used here: https://github.com/ncabatoff/process-exporter
Type: list of anything
Default: [ ]
Example:
[
# Remove nix store path from process name
{ name = "{{.Matches.Wrapped}} {{ .Matches.Args }}"; cmdline = [ "^/nix/store[^ ]*/(?P<Wrapped>[^ /]*) (?P<Args>.*)" ]; }
]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.process.userUser name under which the process exporter shall be run.
Type: string
Default: "process-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.pve.enableWhether to enable the prometheus pve exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.pve.packageThe package to use for prometheus-pve-exporter
Type: package
Default: pkgs.prometheus-pve-exporter
Example: pkgs.prometheus-pve-exporter
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.pve.collectors.clusterCollect PVE cluster info
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.pve.collectors.configCollect PVE onboot status
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.pve.collectors.nodeCollect PVE node info
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.pve.collectors.resourcesCollect PVE resources info
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.pve.collectors.statusCollect Node/VM/CT status
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.pve.collectors.versionCollect PVE version info
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.pve.configFilePath to the service's config file. This path can either be a computed path in /nix/store or a path in the local filesystem.
The config file should NOT be stored in /nix/store as it will contain passwords and/or keys in plain text.
If both configFile and environmentFile are provided, the configFile option will be ignored.
Configuration reference: https://github.com/prometheus-pve/prometheus-pve-exporter/#authentication
Type: null or path
Default: null
Example: "/etc/prometheus-pve-exporter/pve.yml"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.pve.environmentFilePath to the service's environment file. This path can either be a computed path in /nix/store or a path in the local filesystem.
The environment file should NOT be stored in /nix/store as it contains passwords and/or keys in plain text.
Environment reference: https://github.com/prometheus-pve/prometheus-pve-exporter#authentication
Type: null or path
Default: null
Example: "/etc/prometheus-pve-exporter/pve.env"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.pve.extraFlagsExtra commandline options to pass to the pve exporter.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.pve.firewallFilterSpecify a filter for iptables to use when
services.prometheus.exporters.pve.openFirewall
is true. It is used as ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9221"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.pve.groupGroup under which the pve exporter shall be run.
Type: string
Default: "pve-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.pve.listenAddressAddress to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.pve.openFirewallOpen port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.pve.portPort to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9221
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.pve.userUser name under which the pve exporter shall be run.
Type: string
Default: "pve-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.py-air-control.enableWhether to enable the prometheus py-air-control exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.py-air-control.deviceHostnameThe hostname of the air purification device from which to scrape the metrics.
Type: string
Example: "192.168.1.123"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.py-air-control.extraFlagsExtra commandline options to pass to the py-air-control exporter.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.py-air-control.firewallFilterSpecify a filter for iptables to use when
services.prometheus.exporters.py-air-control.openFirewall
is true. It is used as ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9896"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.py-air-control.groupGroup under which the py-air-control exporter shall be run.
Type: string
Default: "py-air-control-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.py-air-control.listenAddressAddress to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.py-air-control.openFirewallOpen port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.py-air-control.portPort to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9896
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.py-air-control.protocolThe protocol to use when communicating with the air purification device. Available: [http, coap, plain_coap]
Type: string
Default: "http"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.py-air-control.stateDirDirectory below /var/lib to store runtime data.
This directory will be created automatically using systemd's StateDirectory mechanism.
Type: string
Default: "prometheus-py-air-control-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.py-air-control.userUser name under which the py-air-control exporter shall be run.
Type: string
Default: "py-air-control-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.redis.enableWhether to enable the prometheus redis exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.redis.extraFlagsExtra commandline options to pass to the redis exporter.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.redis.firewallFilterSpecify a filter for iptables to use when
services.prometheus.exporters.redis.openFirewall
is true. It is used as ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9121"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.redis.groupGroup under which the redis exporter shall be run.
Type: string
Default: "redis-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.redis.listenAddressAddress to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.redis.openFirewallOpen port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.redis.portPort to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9121
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.redis.userUser name under which the redis exporter shall be run.
Type: string
Default: "redis-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.rspamd.enableWhether to enable the prometheus rspamd exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.rspamd.extraFlagsExtra commandline options to pass to the rspamd exporter.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.rspamd.extraLabelsSet of labels added to each metric.
Type: attribute set of string
Default: { host = config.networking.hostName; }
Example:
{
host = config.networking.hostName;
custom_label = "some_value";
}
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.rspamd.firewallFilterSpecify a filter for iptables to use when
services.prometheus.exporters.rspamd.openFirewall
is true. It is used as ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 7980"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.rspamd.groupGroup under which the rspamd exporter shall be run.
Type: string
Default: "rspamd-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.rspamd.listenAddressAddress to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.rspamd.openFirewallOpen port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.rspamd.portPort to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 7980
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.rspamd.userUser name under which the rspamd exporter shall be run.
Type: string
Default: "rspamd-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.rtl_433.enableWhether to enable the prometheus rtl_433 exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.rtl_433.channelsList of channel matchers to export.
Type: list of (submodule)
Default: [ ]
Example:
[
{
channel = 6543;
location = "Kitchen";
name = "Acurite";
}
]Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.rtl_433.channels.*.channelChannel to match.
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.rtl_433.channels.*.locationLocation to match.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.rtl_433.channels.*.nameName to match.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.rtl_433.extraFlagsExtra commandline options to pass to the rtl_433 exporter.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.rtl_433.firewallFilterSpecify a filter for iptables to use when
services.prometheus.exporters.rtl_433.openFirewall
is true. It is used as ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9550"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.rtl_433.groupGroup under which the rtl_433 exporter shall be run.
Type: string
Default: "rtl_433-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.rtl_433.idsList of ID matchers to export.
Type: list of (submodule)
Default: [ ]
Example:
[
{
id = 1;
location = "Bedroom";
name = "Nexus";
}
]Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.rtl_433.ids.*.idID to match.
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.rtl_433.ids.*.locationLocation to match.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.rtl_433.ids.*.nameName to match.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.rtl_433.listenAddressAddress to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.rtl_433.openFirewallOpen port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.rtl_433.portPort to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9550
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.rtl_433.rtl433FlagsFlags passed verbatim to rtl_433 binary.
Having -C si (the default) is recommended since only Celsius temperatures are parsed.
Type: string
Default: "-C si"
Example: "-C si -R 19"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.rtl_433.userUser name under which the rtl_433 exporter shall be run.
Type: string
Default: "rtl_433-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.script.enableWhether to enable the prometheus script exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.script.extraFlagsExtra commandline options to pass to the script exporter.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.script.firewallFilterSpecify a filter for iptables to use when
services.prometheus.exporters.script.openFirewall
is true. It is used as ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9172"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.script.groupGroup under which the script exporter shall be run.
Type: string
Default: "script-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.script.listenAddressAddress to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.script.openFirewallOpen port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.script.portPort to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9172
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.script.settings.scriptsAll settings expressed as an Nix attrset.
Check the official documentation for the corresponding YAML settings that can all be used here: https://github.com/adhocteam/script_exporter#sample-configuration
Type: list of (submodule)
Example:
{
scripts = [
{ name = "sleep"; script = "sleep 5"; }
];
}
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.script.settings.scripts.*.nameName of the script.
Type: string
Example: "sleep"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.script.settings.scripts.*.scriptShell script to execute when metrics are requested.
Type: string
Example: "sleep 5"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.script.settings.scripts.*.timeoutOptional timeout for the script in seconds.
Type: null or signed integer
Default: null
Example: 60
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.script.userUser name under which the script exporter shall be run.
Type: string
Default: "script-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.smartctl.enableWhether to enable the prometheus smartctl exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.smartctl.devicesPaths to the disks that will be monitored. Will autodiscover all disks if none given.
Type: list of string
Default: [ ]
Example:
[ "/dev/sda", "/dev/nvme0n1" ];
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.smartctl.extraFlagsExtra commandline options to pass to the smartctl exporter.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.smartctl.firewallFilterSpecify a filter for iptables to use when
services.prometheus.exporters.smartctl.openFirewall
is true. It is used as ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9633"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.smartctl.groupGroup under which the smartctl exporter shall be run.
Type: string
Default: "smartctl-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.smartctl.listenAddressAddress to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.smartctl.maxIntervalInterval that limits how often a disk can be queried.
Type: string
Default: "60s"
Example: "2m"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.smartctl.openFirewallOpen port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.smartctl.portPort to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9633
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.smartctl.userUser name under which the smartctl exporter shall be run.
Type: string
Default: "smartctl-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.smokeping.enableWhether to enable the prometheus smokeping exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.smokeping.bucketsList of buckets to use for the response duration histogram.
Type: strings concatenated with ","
Default: "5e-05,0.0001,0.0002,0.0004,0.0008,0.0016,0.0032,0.0064,0.0128,0.0256,0.0512,0.1024,0.2048,0.4096,0.8192,1.6384,3.2768,6.5536,13.1072,26.2144"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.smokeping.extraFlagsExtra commandline options to pass to the smokeping exporter.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.smokeping.firewallFilterSpecify a filter for iptables to use when
services.prometheus.exporters.smokeping.openFirewall
is true. It is used as ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9374"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.smokeping.groupGroup under which the smokeping exporter shall be run.
Type: string
Default: "smokeping-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.smokeping.hostsList of endpoints to probe.
Type: list of string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.smokeping.listenAddressAddress to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.smokeping.openFirewallOpen port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.smokeping.pingIntervalInterval between pings.
Type: Go duration (https://golang.org/pkg/time/#ParseDuration)
Default: "1s"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.smokeping.portPort to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9374
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.smokeping.telemetryPathPath under which to expose metrics.
Type: string
Default: "/metrics"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.smokeping.userUser name under which the smokeping exporter shall be run.
Type: string
Default: "smokeping-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.snmp.enableWhether to enable the prometheus snmp exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.snmp.configurationSnmp exporter configuration as nix attribute set. Mutually exclusive with 'configurationPath' option.
Type: null or (attribute set)
Default: null
Example:
{
default = {
auth = {
community = "public";
};
version = 2;
};
}Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.snmp.configurationPathPath to a snmp exporter configuration file. Mutually exclusive with 'configuration' option.
Type: null or path
Default: null
Example: ./snmp.yml
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.snmp.extraFlagsExtra commandline options to pass to the snmp exporter.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.snmp.firewallFilterSpecify a filter for iptables to use when
services.prometheus.exporters.snmp.openFirewall
is true. It is used as ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9116"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.snmp.groupGroup under which the snmp exporter shall be run.
Type: string
Default: "snmp-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.snmp.listenAddressAddress to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.snmp.logFormatOutput format of log messages.
Type: one of "logfmt", "json"
Default: "logfmt"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.snmp.logLevelOnly log messages with the given severity or above.
Type: one of "debug", "info", "warn", "error"
Default: "info"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.snmp.openFirewallOpen port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.snmp.portPort to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9116
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.snmp.userUser name under which the snmp exporter shall be run.
Type: string
Default: "snmp-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.sql.enableWhether to enable the prometheus sql exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.sql.configFilePath to configuration file.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.sql.configurationExporter configuration as nix attribute set. Mutually exclusive with 'configFile' option.
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.sql.configuration.jobsAn attrset of metrics scraping jobs to run.
Type: attribute set of (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.sql.configuration.jobs.<name>.connectionsA list of connection strings of the SQL servers to scrape metrics from
Type: list of string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.sql.configuration.jobs.<name>.intervalHow often to run this job, specified in Go duration format.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.sql.configuration.jobs.<name>.queriesSQL queries to run.
Type: attribute set of (submodule)
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.sql.configuration.jobs.<name>.queries.<name>.helpA human-readable description of this metric.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.sql.configuration.jobs.<name>.queries.<name>.labelsA set of columns that will be used as Prometheus labels.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.sql.configuration.jobs.<name>.queries.<name>.queryThe SQL query to run.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.sql.configuration.jobs.<name>.queries.<name>.valuesA set of columns that will be used as values of this metric.
Type: list of string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.sql.configuration.jobs.<name>.startupSqlA list of SQL statements to execute once after making a connection.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.sql.extraFlagsExtra commandline options to pass to the sql exporter.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.sql.firewallFilterSpecify a filter for iptables to use when
services.prometheus.exporters.sql.openFirewall
is true. It is used as ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9237"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.sql.groupGroup under which the sql exporter shall be run.
Type: string
Default: "sql-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.sql.listenAddressAddress to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.sql.openFirewallOpen port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.sql.portPort to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9237
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.sql.userUser name under which the sql exporter shall be run.
Type: string
Default: "sql-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.surfboard.enableWhether to enable the prometheus surfboard exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.surfboard.extraFlagsExtra commandline options to pass to the surfboard exporter.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.surfboard.firewallFilterSpecify a filter for iptables to use when
services.prometheus.exporters.surfboard.openFirewall
is true. It is used as ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9239"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.surfboard.groupGroup under which the surfboard exporter shall be run.
Type: string
Default: "surfboard-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.surfboard.listenAddressAddress to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.surfboard.modemAddressThe hostname or IP of the cable modem.
Type: string
Default: "192.168.100.1"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.surfboard.openFirewallOpen port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.surfboard.portPort to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9239
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.surfboard.userUser name under which the surfboard exporter shall be run.
Type: string
Default: "surfboard-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.systemd.enableWhether to enable the prometheus systemd exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.systemd.extraFlagsExtra commandline options to pass to the systemd exporter.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.systemd.firewallFilterSpecify a filter for iptables to use when
services.prometheus.exporters.systemd.openFirewall
is true. It is used as ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9558"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.systemd.groupGroup under which the systemd exporter shall be run.
Type: string
Default: "systemd-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.systemd.listenAddressAddress to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.systemd.openFirewallOpen port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.systemd.portPort to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9558
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.systemd.userUser name under which the systemd exporter shall be run.
Type: string
Default: "systemd-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.tor.enableWhether to enable the prometheus tor exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.tor.extraFlagsExtra commandline options to pass to the tor exporter.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.tor.firewallFilterSpecify a filter for iptables to use when
services.prometheus.exporters.tor.openFirewall
is true. It is used as ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9130"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.tor.groupGroup under which the tor exporter shall be run.
Type: string
Default: "tor-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.tor.listenAddressAddress to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.tor.openFirewallOpen port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.tor.portPort to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9130
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.tor.torControlAddressTor control IP address or hostname.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.tor.torControlPortTor control port.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9051
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.tor.userUser name under which the tor exporter shall be run.
Type: string
Default: "tor-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.unbound.enableWhether to enable the prometheus unbound exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.unbound.controlInterfacePath to the unbound socket for uds mode or the control interface port for tcp mode.
Example: uds-mode: /run/unbound/unbound.socket tcp-mode: 127.0.0.1:8953
Type: null or string
Default: null
Example: "/run/unbound/unbound.socket"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.unbound.extraFlagsExtra commandline options to pass to the unbound exporter.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.unbound.fetchTypeWhich methods the exporter uses to get the information from unbound.
Type: one of "tcp", "uds"
Default: "uds"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.unbound.firewallFilterSpecify a filter for iptables to use when
services.prometheus.exporters.unbound.openFirewall
is true. It is used as ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9167"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.unbound.groupGroup under which the unbound exporter shall be run.
Type: string
Default: "unbound-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.unbound.listenAddressAddress to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.unbound.openFirewallOpen port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.unbound.portPort to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9167
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.unbound.telemetryPathPath under which to expose metrics.
Type: string
Default: "/metrics"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.unbound.userUser name under which the unbound exporter shall be run.
Type: string
Default: "unbound-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.unifi.enableWhether to enable the prometheus unifi exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.unifi.extraFlagsExtra commandline options to pass to the unifi exporter.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.unifi.firewallFilterSpecify a filter for iptables to use when
services.prometheus.exporters.unifi.openFirewall
is true. It is used as ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9130"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.unifi.groupGroup under which the unifi exporter shall be run.
Type: string
Default: "unifi-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.unifi.listenAddressAddress to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.unifi.openFirewallOpen port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.unifi.portPort to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9130
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.unifi.unifiAddressURL of the UniFi Controller API.
Type: string
Example: "https://10.0.0.1:8443"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.unifi.unifiInsecureIf enabled skip the verification of the TLS certificate of the UniFi Controller API. Use with caution.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.unifi.unifiPasswordPassword for authentication against UniFi Controller API.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.unifi.unifiTimeoutTimeout including unit for UniFi Controller API requests.
Type: string
Default: "5s"
Example: "2m"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.unifi.unifiUsernameusername for authentication against UniFi Controller API.
Type: string
Example: "ReadOnlyUser"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.unifi.userUser name under which the unifi exporter shall be run.
Type: string
Default: "unifi-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.unpoller.enableWhether to enable the prometheus unpoller exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.unpoller.controllersList of Unifi controllers to poll. Use defaults if empty.
Type: list of (submodule)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.unpoller.controllers.*.hash_piiHash, with md5, client names and MAC addresses. This attempts to protect personally identifiable information.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unpoller.nix>
|
services.prometheus.exporters.unpoller.controllers.*.passPath of a file containing the password for the unifi service user. This file needs to be readable by the unifi-poller user.
Type: path
Default: unpoller-unifi-default.password
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unpoller.nix>
|
services.prometheus.exporters.unpoller.controllers.*.save_alarmsCollect and save data from UniFi alarms to influxdb and Loki.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unpoller.nix>
|
services.prometheus.exporters.unpoller.controllers.*.save_anomaliesCollect and save data from UniFi anomalies to influxdb and Loki.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unpoller.nix>
|
services.prometheus.exporters.unpoller.controllers.*.save_dpiCollect and save data from deep packet inspection. Adds around 150 data points and impacts performance.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unpoller.nix>
|
services.prometheus.exporters.unpoller.controllers.*.save_eventsCollect and save data from UniFi events to influxdb and Loki.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unpoller.nix>
|
services.prometheus.exporters.unpoller.controllers.*.save_idsCollect and save data from the intrusion detection system to influxdb and Loki.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unpoller.nix>
|
services.prometheus.exporters.unpoller.controllers.*.save_sitesCollect and save site data.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unpoller.nix>
|
services.prometheus.exporters.unpoller.controllers.*.sitesList of site names for which statistics should be exported. Or the string "default" for the default site or the string "all" for all sites.
Type: one of "default", "all" or list of string
Default: "all"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unpoller.nix>
|
services.prometheus.exporters.unpoller.controllers.*.urlURL of the Unifi controller.
Type: string
Default: "https://unifi:8443"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unpoller.nix>
|
services.prometheus.exporters.unpoller.controllers.*.userUnifi service user name.
Type: string
Default: "unifi"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unpoller.nix>
|
services.prometheus.exporters.unpoller.controllers.*.verify_sslVerify the Unifi controller's certificate.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unpoller.nix>
|
services.prometheus.exporters.unpoller.extraFlagsExtra commandline options to pass to the unpoller exporter.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.unpoller.firewallFilterSpecify a filter for iptables to use when
services.prometheus.exporters.unpoller.openFirewall
is true. It is used as ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9130"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.unpoller.groupGroup under which the unpoller exporter shall be run.
Type: string
Default: "unpoller-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.unpoller.listenAddressAddress to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.unpoller.log.debugWhether to enable debug logging including line numbers, high resolution timestamps, per-device logs..
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.unpoller.log.prometheusErrorsWhether to enable emitting errors to prometheus..
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.unpoller.log.quietWhether to enable startup and error logs only..
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.unpoller.loki.intervalHow often the events are polled and pushed to Loki.
Type: string
Default: "2m"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.unpoller.loki.passPath of a file containing the password for Loki. This file needs to be readable by the unifi-poller user.
Type: path
Default: "unpoller-influxdb-default.password"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.unpoller.loki.tenant_idTenant ID to use in Loki.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.unpoller.loki.timeoutShould be increased in case of timeout errors.
Type: string
Default: "10s"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.unpoller.loki.urlURL of the Loki host.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.unpoller.loki.userUsername for Loki.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.unpoller.loki.verify_sslVerify Loki's certificate.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.unpoller.openFirewallOpen port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.unpoller.portPort to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9130
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.unpoller.userUser name under which the unpoller exporter shall be run.
Type: string
Default: "unpoller-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.v2ray.enableWhether to enable the prometheus v2ray exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.v2ray.extraFlagsExtra commandline options to pass to the v2ray exporter.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.v2ray.firewallFilterSpecify a filter for iptables to use when
services.prometheus.exporters.v2ray.openFirewall
is true. It is used as ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9299"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.v2ray.groupGroup under which the v2ray exporter shall be run.
Type: string
Default: "v2ray-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.v2ray.listenAddressAddress to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.v2ray.openFirewallOpen port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.v2ray.portPort to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9299
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.v2ray.userUser name under which the v2ray exporter shall be run.
Type: string
Default: "v2ray-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.v2ray.v2rayEndpointv2ray grpc api endpoint
Type: string
Default: "127.0.0.1:54321"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.varnish.enableWhether to enable the prometheus varnish exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.varnish.extraFlagsExtra commandline options to pass to the varnish exporter.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.varnish.firewallFilterSpecify a filter for iptables to use when
services.prometheus.exporters.varnish.openFirewall
is true. It is used as ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9131"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.varnish.groupGroup under which the varnish exporter shall be run.
Type: string
Default: "varnish-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.varnish.healthPathPath under which to expose healthcheck. Disabled unless configured.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.varnish.instancevarnishstat -n value.
Type: null or string
Default: config.services.varnish.stateDir
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.varnish.listenAddressAddress to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.varnish.noExitDo not exit server on Varnish scrape errors.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.varnish.openFirewallOpen port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.varnish.portPort to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9131
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.varnish.rawEnable raw stdout logging without timestamps.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.varnish.telemetryPathPath under which to expose metrics.
Type: string
Default: "/metrics"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.varnish.userUser name under which the varnish exporter shall be run.
Type: string
Default: "varnish-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.varnish.varnishStatPathPath to varnishstat.
Type: string
Default: "varnishstat"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.varnish.verboseEnable verbose logging.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.varnish.withGoMetricsExport go runtime and http handler metrics.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.wireguard.enableWhether to enable the prometheus wireguard exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.wireguard.extraFlagsExtra commandline options to pass to the wireguard exporter.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.wireguard.firewallFilterSpecify a filter for iptables to use when
services.prometheus.exporters.wireguard.openFirewall
is true. It is used as ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9586"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.wireguard.groupGroup under which the wireguard exporter shall be run.
Type: string
Default: "wireguard-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.wireguard.listenAddressAddress to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.wireguard.openFirewallOpen port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.wireguard.portPort to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9586
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.wireguard.singleSubnetPerFieldBy default, all allowed IPs and subnets are comma-separated in the
allowed_ips field. With this option enabled,
a single IP and subnet will be listed in fields like allowed_ip_0,
allowed_ip_1 and so on.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.wireguard.userUser name under which the wireguard exporter shall be run.
Type: string
Default: "wireguard-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.wireguard.verboseWhether to enable Verbose logging mode for prometheus-wireguard-exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.wireguard.wireguardConfigPath to the Wireguard Config to add the peer's name to the stats of a peer.
Please note that networking.wg-quick is required for this feature
as networking.wireguard uses
wg(8)
to set the peers up.
Type: null or path or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.wireguard.withRemoteIpWhether or not the remote IP of a WireGuard peer should be exposed via prometheus.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.zfs.enableWhether to enable the prometheus zfs exporter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.zfs.extraFlagsExtra commandline options to pass to the zfs exporter.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.zfs.firewallFilterSpecify a filter for iptables to use when
services.prometheus.exporters.zfs.openFirewall
is true. It is used as ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept.
Type: null or string
Default: null
Example:
"-i eth0 -p tcp -m tcp --dport 9134"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.zfs.groupGroup under which the zfs exporter shall be run.
Type: string
Default: "zfs-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.zfs.listenAddressAddress to listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.zfs.openFirewallOpen port in firewall for incoming connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.zfs.poolsName of the pool(s) to collect, repeat for multiple pools (default: all pools).
Type: null or (list of string)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.zfs.portPort to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9134
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.zfs.telemetryPathPath under which to expose metrics.
Type: string
Default: "/metrics"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.exporters.zfs.userUser name under which the zfs exporter shall be run.
Type: string
Default: "zfs-exporter"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
services.prometheus.extraFlagsExtra commandline options when launching Prometheus.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.globalConfigParameters that are valid in all configuration contexts. They also serve as defaults for other configuration sections
Type: submodule
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.globalConfig.evaluation_intervalHow frequently to evaluate rules by default.
Defaults to 1m in prometheus
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.globalConfig.external_labelsThe labels to add to any time series or alerts when communicating with external systems (federation, remote storage, Alertmanager).
Type: null or (attribute set of string)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.globalConfig.scrape_intervalHow frequently to scrape targets by default.
Defaults to 1m in prometheus
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.globalConfig.scrape_timeoutHow long until a scrape request times out.
Defaults to 10s in prometheus
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.listenAddressAddress to listen on for the web interface, API, and telemetry.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.portPort to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9090
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.pushgateway.enableWhether to enable Prometheus Pushgateway.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/pushgateway.nix>
|
services.prometheus.pushgateway.packagePackage that should be used for the prometheus pushgateway.
Type: package
Default: pkgs.prometheus-pushgateway
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/pushgateway.nix>
|
services.prometheus.pushgateway.extraFlagsExtra commandline options when launching the Pushgateway.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/pushgateway.nix>
|
services.prometheus.pushgateway.log.formatSet the log target and format.
null will default to logger:stderr.
Type: null or string
Default: null
Example: "logger:syslog?appname=bob&local=7"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/pushgateway.nix>
|
services.prometheus.pushgateway.log.levelOnly log messages with the given severity or above.
null will default to info.
Type: null or one of "debug", "info", "warn", "error", "fatal"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/pushgateway.nix>
|
services.prometheus.pushgateway.persistMetricsWhether to persist metrics to a file.
When enabled metrics will be saved to a file called
metrics in the directory
/var/lib/pushgateway. The directory below
/var/lib can be set using
services.prometheus.pushgateway.stateDir.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/pushgateway.nix>
|
services.prometheus.pushgateway.persistence.intervalThe minimum interval at which to write out the persistence file.
null will default to 5m.
Type: null or string
Default: null
Example: "10m"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/pushgateway.nix>
|
services.prometheus.pushgateway.stateDirDirectory below /var/lib to store metrics.
This directory will be created automatically using systemd's
StateDirectory mechanism when
services.prometheus.pushgateway.persistMetrics
is enabled.
Type: string
Default: "pushgateway"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/pushgateway.nix>
|
services.prometheus.pushgateway.web.external-urlThe URL under which Pushgateway is externally reachable.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/pushgateway.nix>
|
services.prometheus.pushgateway.web.listen-addressAddress to listen on for the web interface, API and telemetry.
null will default to :9091.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/pushgateway.nix>
|
services.prometheus.pushgateway.web.route-prefixPrefix for the internal routes of web endpoints.
Defaults to the path of
services.prometheus.pushgateway.web.external-url.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/pushgateway.nix>
|
services.prometheus.pushgateway.web.telemetry-pathPath under which to expose metrics.
null will default to /metrics.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/pushgateway.nix>
|
services.prometheus.remoteReadParameters of the endpoints to query from. See the official documentation for more information.
Type: list of (submodule)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.remoteRead.*.basic_authSets the Authorization header on every remote read request with the
configured username and password.
password and password_file are mutually exclusive.
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.remoteRead.*.basic_auth.passwordHTTP password
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.remoteRead.*.basic_auth.password_fileHTTP password file
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.remoteRead.*.basic_auth.usernameHTTP username
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.remoteRead.*.bearer_tokenSets the Authorization header on every remote read request with
the configured bearer token. It is mutually exclusive with bearer_token_file.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.remoteRead.*.bearer_token_fileSets the Authorization header on every remote read request with the bearer token
read from the configured file. It is mutually exclusive with bearer_token.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.remoteRead.*.nameName of the remote read config, which if specified must be unique among remote read configs. The name will be used in metrics and logging in place of a generated value to help users distinguish between remote read configs.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.remoteRead.*.proxy_urlOptional Proxy URL.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.remoteRead.*.read_recentWhether reads should be made for queries for time ranges that the local storage should have complete data for.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.remoteRead.*.remote_timeoutTimeout for requests to the remote read endpoint.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.remoteRead.*.required_matchersAn optional list of equality matchers which have to be present in a selector to query the remote read endpoint.
Type: null or (attribute set of string)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.remoteRead.*.tls_configConfigures the remote read request's TLS settings.
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.remoteRead.*.tls_config.ca_fileCA certificate to validate API server certificate with.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.remoteRead.*.tls_config.cert_fileCertificate file for client cert authentication to the server.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.remoteRead.*.tls_config.insecure_skip_verifyDisable validation of the server certificate.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.remoteRead.*.tls_config.key_fileKey file for client cert authentication to the server.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.remoteRead.*.tls_config.server_nameServerName extension to indicate the name of the server. http://tools.ietf.org/html/rfc4366#section-3.1
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.remoteRead.*.urlServerName extension to indicate the name of the server. http://tools.ietf.org/html/rfc4366#section-3.1
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.remoteWriteParameters of the endpoints to send samples to. See the official documentation for more information.
Type: list of (submodule)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.remoteWrite.*.basic_authSets the Authorization header on every remote write request with the
configured username and password.
password and password_file are mutually exclusive.
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.remoteWrite.*.basic_auth.passwordHTTP password
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.remoteWrite.*.basic_auth.password_fileHTTP password file
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.remoteWrite.*.basic_auth.usernameHTTP username
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.remoteWrite.*.bearer_tokenSets the Authorization header on every remote write request with
the configured bearer token. It is mutually exclusive with bearer_token_file.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.remoteWrite.*.bearer_token_fileSets the Authorization header on every remote write request with the bearer token
read from the configured file. It is mutually exclusive with bearer_token.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.remoteWrite.*.metadata_configConfigures the sending of series metadata to remote storage. Metadata configuration is subject to change at any point or be removed in future releases.
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.remoteWrite.*.metadata_config.sendWhether metric metadata is sent to remote storage or not.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.remoteWrite.*.metadata_config.send_intervalHow frequently metric metadata is sent to remote storage.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.remoteWrite.*.nameName of the remote write config, which if specified must be unique among remote write configs. The name will be used in metrics and logging in place of a generated value to help users distinguish between remote write configs.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.remoteWrite.*.proxy_urlOptional Proxy URL.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.remoteWrite.*.queue_configConfigures the queue used to write to remote storage.
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.remoteWrite.*.queue_config.batch_send_deadlineMaximum time a sample will wait in buffer.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.remoteWrite.*.queue_config.capacityNumber of samples to buffer per shard before we block reading of more samples from the WAL. It is recommended to have enough capacity in each shard to buffer several requests to keep throughput up while processing occasional slow remote requests.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.remoteWrite.*.queue_config.max_backoffMaximum retry delay.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.remoteWrite.*.queue_config.max_samples_per_sendMaximum number of samples per send.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.remoteWrite.*.queue_config.max_shardsMaximum number of shards, i.e. amount of concurrency.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.remoteWrite.*.queue_config.min_backoffInitial retry delay. Gets doubled for every retry.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.remoteWrite.*.queue_config.min_shardsMinimum number of shards, i.e. amount of concurrency.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.remoteWrite.*.remote_timeoutTimeout for requests to the remote write endpoint.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.remoteWrite.*.tls_configConfigures the remote write request's TLS settings.
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.remoteWrite.*.tls_config.ca_fileCA certificate to validate API server certificate with.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.remoteWrite.*.tls_config.cert_fileCertificate file for client cert authentication to the server.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.remoteWrite.*.tls_config.insecure_skip_verifyDisable validation of the server certificate.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.remoteWrite.*.tls_config.key_fileKey file for client cert authentication to the server.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.remoteWrite.*.tls_config.server_nameServerName extension to indicate the name of the server. http://tools.ietf.org/html/rfc4366#section-3.1
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.remoteWrite.*.urlServerName extension to indicate the name of the server. http://tools.ietf.org/html/rfc4366#section-3.1
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.remoteWrite.*.write_relabel_configsList of remote write relabel configurations.
Type: null or (list of (submodule))
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.remoteWrite.*.write_relabel_configs.*.actionAction to perform based on regex matching.
Defaults to replace in prometheus
when set to null.
Type: null or one of "replace", "keep", "drop", "hashmod", "labelmap", "labeldrop", "labelkeep"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.remoteWrite.*.write_relabel_configs.*.modulusModulus to take of the hash of the source label values.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.remoteWrite.*.write_relabel_configs.*.regexRegular expression against which the extracted value is matched.
Defaults to (.*) in prometheus
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.remoteWrite.*.write_relabel_configs.*.replacementReplacement value against which a regex replace is performed if the regular expression matches.
Defaults to $1 in prometheus
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.remoteWrite.*.write_relabel_configs.*.separatorSeparator placed between concatenated source label values.
Defaults to ; in prometheus
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.remoteWrite.*.write_relabel_configs.*.source_labelsThe source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression.
Type: null or (list of string)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.remoteWrite.*.write_relabel_configs.*.target_labelLabel to which the resulting value is written in a replace action. It is mandatory for replace actions.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.retentionTimeHow long to retain samples in storage.
Type: null or string
Default: null
Example: "15d"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.ruleFilesAny additional rules files to include in this configuration.
Type: list of path
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.rulesAlerting and/or Recording rules to evaluate at runtime.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.sachet.enableWhether to enable Sachet, an SMS alerting tool for the Prometheus Alertmanager.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/sachet.nix>
|
services.prometheus.sachet.addressThe address Sachet will listen to.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/sachet.nix>
|
services.prometheus.sachet.configurationSachet's configuration as a nix attribute set.
Type: null or (attribute set)
Default: null
Example:
{
providers = {
twilio = {
# environment variables gets expanded at runtime
account_sid = "$TWILIO_ACCOUNT";
auth_token = "$TWILIO_TOKEN";
};
};
templates = [ ./some-template.tmpl ];
receivers = [{
name = "pager";
provider = "twilio";
to = [ "+33123456789" ];
text = "{{ template \"message\" . }}";
}];
}
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/sachet.nix>
|
services.prometheus.sachet.portThe port Sachet will listen to.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9876
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/sachet.nix>
|
services.prometheus.scrapeConfigsA list of scrape configurations.
Type: list of (submodule)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.authorizationSets the Authorization header on every scrape request with the configured credentials.
Type: null or (attribute set)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.azure_sd_configsList of Azure service discovery configurations.
Type: null or (list of (submodule))
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.azure_sd_configs.*.authentication_methodThe authentication method, either OAuth or ManagedIdentity. See https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview
Defaults to OAuth in prometheus
when set to null.
Type: null or one of "OAuth", "ManagedIdentity"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.azure_sd_configs.*.client_idOptional client ID. Only required with authentication_method OAuth.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.azure_sd_configs.*.client_secretOptional client secret. Only required with authentication_method OAuth.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.azure_sd_configs.*.environmentThe Azure environment.
Defaults to AzurePublicCloud in prometheus
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.azure_sd_configs.*.follow_redirectsConfigure whether HTTP requests follow HTTP 3xx redirects.
Defaults to true in prometheus
when set to null.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.azure_sd_configs.*.portThe port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule.
Defaults to 80 in prometheus
when set to null.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.azure_sd_configs.*.proxy_urlOptional proxy URL.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.azure_sd_configs.*.refresh_intervalRefresh interval to re-read the instance list.
Defaults to 300s in prometheus
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.azure_sd_configs.*.subscription_idThe subscription ID.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.azure_sd_configs.*.tenant_idOptional tenant ID. Only required with authentication_method OAuth.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.azure_sd_configs.*.tls_configTLS configuration.
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.azure_sd_configs.*.tls_config.ca_fileCA certificate to validate API server certificate with.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.azure_sd_configs.*.tls_config.cert_fileCertificate file for client cert authentication to the server.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.azure_sd_configs.*.tls_config.insecure_skip_verifyDisable validation of the server certificate.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.azure_sd_configs.*.tls_config.key_fileKey file for client cert authentication to the server.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.azure_sd_configs.*.tls_config.server_nameServerName extension to indicate the name of the server. http://tools.ietf.org/html/rfc4366#section-3.1
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.basic_authSets the Authorization header on every scrape request with the
configured username and password.
password and password_file are mutually exclusive.
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.basic_auth.passwordHTTP password
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.basic_auth.password_fileHTTP password file
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.basic_auth.usernameHTTP username
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.bearer_tokenSets the Authorization header on every scrape request with
the configured bearer token. It is mutually exclusive with
bearer_token_file.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.bearer_token_fileSets the Authorization header on every scrape request with
the bearer token read from the configured file. It is mutually
exclusive with bearer_token.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.body_size_limitAn uncompressed response body larger than this many bytes will cause the scrape to fail. 0 means no limit. Example: 100MB. This is an experimental feature, this behaviour could change or be removed in the future.
Defaults to 0 in prometheus
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.consul_sd_configsList of Consul service discovery configurations.
Type: null or (list of (submodule))
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.consul_sd_configs.*.allow_staleAllow stale Consul results (see https://www.consul.io/api/index.html#consistency-modes).
Will reduce load on Consul.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.consul_sd_configs.*.authorizationOptional Authorization header configuration.
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.consul_sd_configs.*.authorization.credentialsSets the credentials. It is mutually exclusive with credentials_file.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.consul_sd_configs.*.authorization.credentials_fileSets the credentials to the credentials read from the configured file.
It is mutually exclusive with credentials.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.consul_sd_configs.*.authorization.typeSets the authentication type.
Defaults to Bearer in prometheus
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.consul_sd_configs.*.basic_authOptional HTTP basic authentication information.
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.consul_sd_configs.*.basic_auth.passwordHTTP password
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.consul_sd_configs.*.basic_auth.password_fileHTTP password file
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.consul_sd_configs.*.basic_auth.usernameHTTP username
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.consul_sd_configs.*.datacenterConsul datacenter
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.consul_sd_configs.*.follow_redirectsConfigure whether HTTP requests follow HTTP 3xx redirects.
Defaults to true in prometheus
when set to null.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.consul_sd_configs.*.node_metaNode metadata used to filter nodes for a given service.
Type: null or (attribute set of string)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.consul_sd_configs.*.oauth2Optional OAuth 2.0 configuration. Cannot be used at the same time as basic_auth or authorization.
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.consul_sd_configs.*.oauth2.client_idOAuth client ID.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.consul_sd_configs.*.oauth2.client_secretOAuth client secret.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.consul_sd_configs.*.oauth2.client_secret_fileRead the client secret from a file. It is mutually exclusive with client_secret.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.consul_sd_configs.*.oauth2.endpoint_paramsOptional parameters to append to the token URL.
Type: null or (attribute set of string)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.consul_sd_configs.*.oauth2.scopesScopes for the token request.
Type: null or (list of string)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.consul_sd_configs.*.oauth2.token_urlThe URL to fetch the token from.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.consul_sd_configs.*.passwordConsul password
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.consul_sd_configs.*.proxy_urlOptional proxy URL.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.consul_sd_configs.*.refresh_intervalThe time after which the provided names are refreshed.
On large setup it might be a good idea to increase this value because the catalog will change all the time.
Defaults to 30s in prometheus
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.consul_sd_configs.*.schemeConsul scheme
Defaults to http in prometheus
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.consul_sd_configs.*.serverConsul server to query.
Defaults to localhost:8500 in prometheus
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.consul_sd_configs.*.servicesA list of services for which targets are retrieved.
Type: null or (list of string)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.consul_sd_configs.*.tag_separatorThe string by which Consul tags are joined into the tag label.
Defaults to , in prometheus
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.consul_sd_configs.*.tagsAn optional list of tags used to filter nodes for a given service. Services must contain all tags in the list.
Type: null or (list of string)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.consul_sd_configs.*.tls_configConfigures the Consul request's TLS settings.
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.consul_sd_configs.*.tls_config.ca_fileCA certificate to validate API server certificate with.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.consul_sd_configs.*.tls_config.cert_fileCertificate file for client cert authentication to the server.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.consul_sd_configs.*.tls_config.insecure_skip_verifyDisable validation of the server certificate.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.consul_sd_configs.*.tls_config.key_fileKey file for client cert authentication to the server.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.consul_sd_configs.*.tls_config.server_nameServerName extension to indicate the name of the server. http://tools.ietf.org/html/rfc4366#section-3.1
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.consul_sd_configs.*.tokenConsul token
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.consul_sd_configs.*.usernameConsul username
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.digitalocean_sd_configsList of DigitalOcean service discovery configurations.
Type: null or (list of (submodule))
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.authorizationOptional Authorization header configuration.
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.authorization.credentialsSets the credentials. It is mutually exclusive with credentials_file.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.authorization.credentials_fileSets the credentials to the credentials read from the configured file.
It is mutually exclusive with credentials.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.authorization.typeSets the authentication type.
Defaults to Bearer in prometheus
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.basic_authOptional HTTP basic authentication information.
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.basic_auth.passwordHTTP password
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.basic_auth.password_fileHTTP password file
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.basic_auth.usernameHTTP username
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.follow_redirectsConfigure whether HTTP requests follow HTTP 3xx redirects.
Defaults to true in prometheus
when set to null.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.oauth2Optional OAuth 2.0 configuration. Cannot be used at the same time as basic_auth or authorization.
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.oauth2.client_idOAuth client ID.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.oauth2.client_secretOAuth client secret.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.oauth2.client_secret_fileRead the client secret from a file. It is mutually exclusive with client_secret.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.oauth2.endpoint_paramsOptional parameters to append to the token URL.
Type: null or (attribute set of string)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.oauth2.scopesScopes for the token request.
Type: null or (list of string)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.oauth2.token_urlThe URL to fetch the token from.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.portThe port to scrape metrics from.
Defaults to 80 in prometheus
when set to null.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.proxy_urlOptional proxy URL.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.refresh_intervalThe time after which the droplets are refreshed.
Defaults to 60s in prometheus
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.tls_configTLS configuration.
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.tls_config.ca_fileCA certificate to validate API server certificate with.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.tls_config.cert_fileCertificate file for client cert authentication to the server.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.tls_config.insecure_skip_verifyDisable validation of the server certificate.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.tls_config.key_fileKey file for client cert authentication to the server.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.digitalocean_sd_configs.*.tls_config.server_nameServerName extension to indicate the name of the server. http://tools.ietf.org/html/rfc4366#section-3.1
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.dns_sd_configsList of DNS service discovery configurations.
Type: null or (list of (submodule))
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.dns_sd_configs.*.namesA list of DNS SRV record names to be queried.
Type: list of string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.dns_sd_configs.*.portThe port number used if the query type is not SRV.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.dns_sd_configs.*.refresh_intervalThe time after which the provided names are refreshed.
Defaults to 30s in prometheus
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.dns_sd_configs.*.typeThe type of DNS query to perform. One of SRV, A, or AAAA.
Defaults to SRV in prometheus
when set to null.
Type: null or one of "SRV", "A", "AAAA"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.docker_sd_configsList of Docker service discovery configurations.
Type: null or (list of (submodule))
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.docker_sd_configs.*.authorizationOptional Authorization header configuration.
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.docker_sd_configs.*.authorization.credentialsSets the credentials. It is mutually exclusive with credentials_file.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.docker_sd_configs.*.authorization.credentials_fileSets the credentials to the credentials read from the configured file.
It is mutually exclusive with credentials.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.docker_sd_configs.*.authorization.typeSets the authentication type.
Defaults to Bearer in prometheus
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.docker_sd_configs.*.basic_authOptional HTTP basic authentication information.
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.docker_sd_configs.*.basic_auth.passwordHTTP password
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.docker_sd_configs.*.basic_auth.password_fileHTTP password file
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.docker_sd_configs.*.basic_auth.usernameHTTP username
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.docker_sd_configs.*.filtersOptional filters to limit the discovery process to a subset of available resources.
Type: null or (list of (submodule))
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.docker_sd_configs.*.filters.*.nameName of the filter. The available filters are listed in the upstream documentation: Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.docker_sd_configs.*.filters.*.valuesValue for the filter.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.docker_sd_configs.*.follow_redirectsConfigure whether HTTP requests follow HTTP 3xx redirects.
Defaults to true in prometheus
when set to null.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.docker_sd_configs.*.hostAddress of the Docker daemon.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.docker_sd_configs.*.host_networking_hostThe host to use if the container is in host networking mode.
Defaults to localhost in prometheus
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.docker_sd_configs.*.oauth2Optional OAuth 2.0 configuration. Cannot be used at the same time as basic_auth or authorization.
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.docker_sd_configs.*.oauth2.client_idOAuth client ID.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.docker_sd_configs.*.oauth2.client_secretOAuth client secret.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.docker_sd_configs.*.oauth2.client_secret_fileRead the client secret from a file. It is mutually exclusive with client_secret.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.docker_sd_configs.*.oauth2.endpoint_paramsOptional parameters to append to the token URL.
Type: null or (attribute set of string)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.docker_sd_configs.*.oauth2.scopesScopes for the token request.
Type: null or (list of string)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.docker_sd_configs.*.oauth2.token_urlThe URL to fetch the token from.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.docker_sd_configs.*.portThe port to scrape metrics from, when role is nodes, and for discovered
tasks and services that don't have published ports.
Defaults to 80 in prometheus
when set to null.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.docker_sd_configs.*.proxy_urlOptional proxy URL.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.docker_sd_configs.*.refresh_intervalThe time after which the containers are refreshed.
Defaults to 60s in prometheus
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.docker_sd_configs.*.tls_configTLS configuration.
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.docker_sd_configs.*.tls_config.ca_fileCA certificate to validate API server certificate with.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.docker_sd_configs.*.tls_config.cert_fileCertificate file for client cert authentication to the server.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.docker_sd_configs.*.tls_config.insecure_skip_verifyDisable validation of the server certificate.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.docker_sd_configs.*.tls_config.key_fileKey file for client cert authentication to the server.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.docker_sd_configs.*.tls_config.server_nameServerName extension to indicate the name of the server. http://tools.ietf.org/html/rfc4366#section-3.1
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.dockerswarm_sd_configsList of Docker Swarm service discovery configurations.
Type: null or (list of (submodule))
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.authorizationOptional Authorization header configuration.
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.authorization.credentialsSets the credentials. It is mutually exclusive with credentials_file.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.authorization.credentials_fileSets the credentials to the credentials read from the configured file.
It is mutually exclusive with credentials.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.authorization.typeSets the authentication type.
Defaults to Bearer in prometheus
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.basic_authOptional HTTP basic authentication information.
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.basic_auth.passwordHTTP password
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.basic_auth.password_fileHTTP password file
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.basic_auth.usernameHTTP username
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.filtersOptional filters to limit the discovery process to a subset of available resources.
Type: null or (list of (submodule))
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.filters.*.nameName of the filter. The available filters are listed in the upstream documentation: Services: https://docs.docker.com/engine/api/v1.40/#operation/ServiceList Tasks: https://docs.docker.com/engine/api/v1.40/#operation/TaskList Nodes: https://docs.docker.com/engine/api/v1.40/#operation/NodeList
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.filters.*.valuesValue for the filter.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.follow_redirectsConfigure whether HTTP requests follow HTTP 3xx redirects.
Defaults to true in prometheus
when set to null.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.hostAddress of the Docker daemon.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.oauth2Optional OAuth 2.0 configuration. Cannot be used at the same time as basic_auth or authorization.
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.oauth2.client_idOAuth client ID.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.oauth2.client_secretOAuth client secret.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.oauth2.client_secret_fileRead the client secret from a file. It is mutually exclusive with client_secret.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.oauth2.endpoint_paramsOptional parameters to append to the token URL.
Type: null or (attribute set of string)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.oauth2.scopesScopes for the token request.
Type: null or (list of string)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.oauth2.token_urlThe URL to fetch the token from.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.portThe port to scrape metrics from, when role is nodes, and for discovered
tasks and services that don't have published ports.
Defaults to 80 in prometheus
when set to null.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.proxy_urlOptional proxy URL.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.refresh_intervalThe time after which the containers are refreshed.
Defaults to 60s in prometheus
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.roleRole of the targets to retrieve. Must be services, tasks, or nodes.
Type: one of "services", "tasks", "nodes"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.tls_configTLS configuration.
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.tls_config.ca_fileCA certificate to validate API server certificate with.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.tls_config.cert_fileCertificate file for client cert authentication to the server.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.tls_config.insecure_skip_verifyDisable validation of the server certificate.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.tls_config.key_fileKey file for client cert authentication to the server.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.dockerswarm_sd_configs.*.tls_config.server_nameServerName extension to indicate the name of the server. http://tools.ietf.org/html/rfc4366#section-3.1
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.ec2_sd_configsList of EC2 service discovery configurations.
Type: null or (list of (submodule))
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.ec2_sd_configs.*.access_keyThe AWS API key id. If blank, the environment variable
AWS_ACCESS_KEY_ID is used.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.ec2_sd_configs.*.endpointCustom endpoint to be used.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.ec2_sd_configs.*.filtersFilters can be used optionally to filter the instance list by other criteria.
Type: null or (list of (submodule))
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.ec2_sd_configs.*.filters.*.nameSee this list for the available filters.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.ec2_sd_configs.*.filters.*.valuesValue of the filter.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.ec2_sd_configs.*.portThe port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule.
Defaults to 80 in prometheus
when set to null.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.ec2_sd_configs.*.profileNamed AWS profile used to connect to the API.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.ec2_sd_configs.*.refresh_intervalRefresh interval to re-read the instance list.
Defaults to 60s in prometheus
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.ec2_sd_configs.*.regionThe AWS Region. If blank, the region from the instance metadata is used.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.ec2_sd_configs.*.role_arnAWS Role ARN, an alternative to using AWS API keys.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.ec2_sd_configs.*.secret_keyThe AWS API key secret. If blank, the environment variable
AWS_SECRET_ACCESS_KEY is used.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.eureka_sd_configsList of Eureka service discovery configurations.
Type: null or (list of (submodule))
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.authorizationOptional Authorization header configuration.
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.authorization.credentialsSets the credentials. It is mutually exclusive with credentials_file.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.authorization.credentials_fileSets the credentials to the credentials read from the configured file.
It is mutually exclusive with credentials.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.authorization.typeSets the authentication type.
Defaults to Bearer in prometheus
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.basic_authOptional HTTP basic authentication information.
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.basic_auth.passwordHTTP password
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.basic_auth.password_fileHTTP password file
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.basic_auth.usernameHTTP username
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.follow_redirectsConfigure whether HTTP requests follow HTTP 3xx redirects.
Defaults to true in prometheus
when set to null.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.oauth2Optional OAuth 2.0 configuration. Cannot be used at the same time as basic_auth or authorization.
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.oauth2.client_idOAuth client ID.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.oauth2.client_secretOAuth client secret.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.oauth2.client_secret_fileRead the client secret from a file. It is mutually exclusive with client_secret.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.oauth2.endpoint_paramsOptional parameters to append to the token URL.
Type: null or (attribute set of string)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.oauth2.scopesScopes for the token request.
Type: null or (list of string)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.oauth2.token_urlThe URL to fetch the token from.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.proxy_urlOptional proxy URL.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.serverThe URL to connect to the Eureka server.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.tls_configTLS configuration.
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.tls_config.ca_fileCA certificate to validate API server certificate with.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.tls_config.cert_fileCertificate file for client cert authentication to the server.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.tls_config.insecure_skip_verifyDisable validation of the server certificate.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.tls_config.key_fileKey file for client cert authentication to the server.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.eureka_sd_configs.*.tls_config.server_nameServerName extension to indicate the name of the server. http://tools.ietf.org/html/rfc4366#section-3.1
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.file_sd_configsList of file service discovery configurations.
Type: null or (list of (submodule))
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.file_sd_configs.*.filesPatterns for files from which target groups are extracted. Refer to the Prometheus documentation for permitted filename patterns and formats.
Type: list of string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.file_sd_configs.*.refresh_intervalRefresh interval to re-read the files.
Defaults to 5m in prometheus
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.gce_sd_configsList of Google Compute Engine service discovery configurations.
See the relevant Prometheus configuration docs for more detail.
Type: null or (list of (submodule))
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.gce_sd_configs.*.filterFilter can be used optionally to filter the instance list by other criteria Syntax of this filter string is described here in the filter query parameter section: https://cloud.google.com/compute/docs/reference/latest/instances/list.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.gce_sd_configs.*.portThe port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule.
Defaults to 80 in prometheus
when set to null.
Type: null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.gce_sd_configs.*.projectThe GCP Project.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.gce_sd_configs.*.refresh_intervalRefresh interval to re-read the cloud instance list.
Defaults to 60s in prometheus
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.gce_sd_configs.*.tag_separatorThe tag separator used to separate concatenated GCE instance network tags.
See the GCP documentation on network tags for more information: https://cloud.google.com/vpc/docs/add-remove-network-tags
Defaults to , in prometheus
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.gce_sd_configs.*.zoneThe zone of the scrape targets. If you need multiple zones use multiple gce_sd_configs.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.hetzner_sd_configsList of Hetzner service discovery configurations.
Type: null or (list of (submodule))
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.authorizationOptional Authorization header configuration.
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.authorization.credentialsSets the credentials. It is mutually exclusive with credentials_file.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.authorization.credentials_fileSets the credentials to the credentials read from the configured file.
It is mutually exclusive with credentials.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.authorization.typeSets the authentication type.
Defaults to Bearer in prometheus
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.basic_authOptional HTTP basic authentication information.
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.basic_auth.passwordHTTP password
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.basic_auth.password_fileHTTP password file
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.basic_auth.usernameHTTP username
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.follow_redirectsConfigure whether HTTP requests follow HTTP 3xx redirects.
Defaults to true in prometheus
when set to null.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.oauth2Optional OAuth 2.0 configuration. Cannot be used at the same time as basic_auth or authorization.
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.oauth2.client_idOAuth client ID.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.oauth2.client_secretOAuth client secret.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.oauth2.client_secret_fileRead the client secret from a file. It is mutually exclusive with client_secret.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.oauth2.endpoint_paramsOptional parameters to append to the token URL.
Type: null or (attribute set of string)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.oauth2.scopesScopes for the token request.
Type: null or (list of string)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.oauth2.token_urlThe URL to fetch the token from.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.portThe port to scrape metrics from.
Defaults to 80 in prometheus
when set to null.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.proxy_urlOptional proxy URL.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.refresh_intervalThe time after which the servers are refreshed.
Defaults to 60s in prometheus
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.roleThe Hetzner role of entities that should be discovered.
One of robot or hcloud.
Type: one of "robot", "hcloud"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.tls_configTLS configuration.
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.tls_config.ca_fileCA certificate to validate API server certificate with.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.tls_config.cert_fileCertificate file for client cert authentication to the server.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.tls_config.insecure_skip_verifyDisable validation of the server certificate.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.tls_config.key_fileKey file for client cert authentication to the server.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.hetzner_sd_configs.*.tls_config.server_nameServerName extension to indicate the name of the server. http://tools.ietf.org/html/rfc4366#section-3.1
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.honor_labelsControls how Prometheus handles conflicts between labels that are already present in scraped data and labels that Prometheus would attach server-side ("job" and "instance" labels, manually configured target labels, and labels generated by service discovery implementations).
If honor_labels is set to "true", label conflicts are resolved by keeping label values from the scraped data and ignoring the conflicting server-side labels.
If honor_labels is set to "false", label conflicts are resolved by renaming conflicting labels in the scraped data to "exported_<original-label>" (for example "exported_instance", "exported_job") and then attaching server-side labels. This is useful for use cases such as federation, where all labels specified in the target should be preserved.
Defaults to false in prometheus
when set to null.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.honor_timestampshonor_timestamps controls whether Prometheus respects the timestamps present in scraped data.
If honor_timestamps is set to true, the timestamps of the metrics exposed
by the target will be used.
If honor_timestamps is set to false, the timestamps of the metrics exposed
by the target will be ignored.
Defaults to true in prometheus
when set to null.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.http_sd_configsList of HTTP service discovery configurations.
Type: null or (list of (submodule))
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.http_sd_configs.*.basic_authAuthentication information used to authenticate to the API server. password and password_file are mutually exclusive.
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.http_sd_configs.*.basic_auth.passwordHTTP password
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.http_sd_configs.*.basic_auth.password_fileHTTP password file
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.http_sd_configs.*.basic_auth.usernameHTTP username
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.http_sd_configs.*.follow_redirectsConfigure whether HTTP requests follow HTTP 3xx redirects.
Defaults to true in prometheus
when set to null.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.http_sd_configs.*.proxy_urlOptional proxy URL.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.http_sd_configs.*.refresh_intervalRefresh interval to re-query the endpoint.
Defaults to 60s in prometheus
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.http_sd_configs.*.tls_configConfigures the scrape request's TLS settings.
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.http_sd_configs.*.tls_config.ca_fileCA certificate to validate API server certificate with.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.http_sd_configs.*.tls_config.cert_fileCertificate file for client cert authentication to the server.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.http_sd_configs.*.tls_config.insecure_skip_verifyDisable validation of the server certificate.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.http_sd_configs.*.tls_config.key_fileKey file for client cert authentication to the server.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.http_sd_configs.*.tls_config.server_nameServerName extension to indicate the name of the server. http://tools.ietf.org/html/rfc4366#section-3.1
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.http_sd_configs.*.urlURL from which the targets are fetched.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.job_nameThe job name assigned to scraped metrics by default.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.kubernetes_sd_configsList of Kubernetes service discovery configurations.
Type: null or (list of (submodule))
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.api_serverThe API server addresses. If left empty, Prometheus is assumed to run inside of the cluster and will discover API servers automatically and use the pod's CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.authorizationOptional Authorization header configuration.
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.authorization.credentialsSets the credentials. It is mutually exclusive with credentials_file.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.authorization.credentials_fileSets the credentials to the credentials read from the configured file.
It is mutually exclusive with credentials.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.authorization.typeSets the authentication type.
Defaults to Bearer in prometheus
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.basic_authOptional HTTP basic authentication information.
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.basic_auth.passwordHTTP password
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.basic_auth.password_fileHTTP password file
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.basic_auth.usernameHTTP username
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.follow_redirectsConfigure whether HTTP requests follow HTTP 3xx redirects.
Defaults to true in prometheus
when set to null.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.kubeconfig_fileOptional path to a kubeconfig file. Note that api_server and kube_config are mutually exclusive.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.namespacesOptional namespace discovery. If omitted, all namespaces are used.
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.namespaces.namesNamespace name.
Type: null or (list of string)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.oauth2Optional OAuth 2.0 configuration. Cannot be used at the same time as basic_auth or authorization.
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.oauth2.client_idOAuth client ID.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.oauth2.client_secretOAuth client secret.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.oauth2.client_secret_fileRead the client secret from a file. It is mutually exclusive with client_secret.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.oauth2.endpoint_paramsOptional parameters to append to the token URL.
Type: null or (attribute set of string)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.oauth2.scopesScopes for the token request.
Type: null or (list of string)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.oauth2.token_urlThe URL to fetch the token from.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.proxy_urlOptional proxy URL.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.roleThe Kubernetes role of entities that should be discovered. One of endpoints, service, pod, node, or ingress.
Type: one of "endpoints", "service", "pod", "node", "ingress"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.selectorsOptional label and field selectors to limit the discovery process to a subset of available resources. See https://kubernetes.io/docs/concepts/overview/working-with-objects/field-selectors/ and https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ to learn more about the possible filters that can be used. Endpoints role supports pod, service and endpoints selectors, other roles only support selectors matching the role itself (e.g. node role can only contain node selectors).
Note: When making decision about using field/label selector make sure that this is the best approach - it will prevent Prometheus from reusing single list/watch for all scrape configs. This might result in a bigger load on the Kubernetes API, because per each selector combination there will be additional LIST/WATCH. On the other hand, if you just want to monitor small subset of pods in large cluster it's recommended to use selectors. Decision, if selectors should be used or not depends on the particular situation.
Type: null or (list of (submodule))
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.selectors.*.fieldSelector field
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.selectors.*.labelSelector label
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.selectors.*.roleSelector role
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.tls_configTLS configuration.
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.tls_config.ca_fileCA certificate to validate API server certificate with.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.tls_config.cert_fileCertificate file for client cert authentication to the server.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.tls_config.insecure_skip_verifyDisable validation of the server certificate.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.tls_config.key_fileKey file for client cert authentication to the server.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.kubernetes_sd_configs.*.tls_config.server_nameServerName extension to indicate the name of the server. http://tools.ietf.org/html/rfc4366#section-3.1
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.kuma_sd_configsList of Kuma service discovery configurations.
Type: null or (list of (submodule))
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.authorizationOptional Authorization header configuration.
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.authorization.credentialsSets the credentials. It is mutually exclusive with credentials_file.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.authorization.credentials_fileSets the credentials to the credentials read from the configured file.
It is mutually exclusive with credentials.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.authorization.typeSets the authentication type.
Defaults to Bearer in prometheus
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.basic_authOptional HTTP basic authentication information.
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.basic_auth.passwordHTTP password
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.basic_auth.password_fileHTTP password file
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.basic_auth.usernameHTTP username
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.fetch_timeoutThe time after which the monitoring assignments are refreshed.
Defaults to 2m in prometheus
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.follow_redirectsConfigure whether HTTP requests follow HTTP 3xx redirects.
Defaults to true in prometheus
when set to null.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.oauth2Optional OAuth 2.0 configuration. Cannot be used at the same time as basic_auth or authorization.
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.oauth2.client_idOAuth client ID.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.oauth2.client_secretOAuth client secret.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.oauth2.client_secret_fileRead the client secret from a file. It is mutually exclusive with client_secret.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.oauth2.endpoint_paramsOptional parameters to append to the token URL.
Type: null or (attribute set of string)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.oauth2.scopesScopes for the token request.
Type: null or (list of string)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.oauth2.token_urlThe URL to fetch the token from.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.proxy_urlOptional proxy URL.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.refresh_intervalThe time to wait between polling update requests.
Defaults to 30s in prometheus
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.serverAddress of the Kuma Control Plane's MADS xDS server.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.tls_configTLS configuration.
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.tls_config.ca_fileCA certificate to validate API server certificate with.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.tls_config.cert_fileCertificate file for client cert authentication to the server.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.tls_config.insecure_skip_verifyDisable validation of the server certificate.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.tls_config.key_fileKey file for client cert authentication to the server.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.kuma_sd_configs.*.tls_config.server_nameServerName extension to indicate the name of the server. http://tools.ietf.org/html/rfc4366#section-3.1
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.label_limitPer-scrape limit on number of labels that will be accepted for a sample. If more than this number of labels are present post metric-relabeling, the entire scrape will be treated as failed. 0 means no limit.
Defaults to 0 in prometheus
when set to null.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.label_name_length_limitPer-scrape limit on length of labels name that will be accepted for a sample. If a label name is longer than this number post metric-relabeling, the entire scrape will be treated as failed. 0 means no limit.
Defaults to 0 in prometheus
when set to null.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.label_value_length_limitPer-scrape limit on length of labels value that will be accepted for a sample. If a label value is longer than this number post metric-relabeling, the entire scrape will be treated as failed. 0 means no limit.
Defaults to 0 in prometheus
when set to null.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.lightsail_sd_configsList of Lightsail service discovery configurations.
Type: null or (list of (submodule))
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.lightsail_sd_configs.*.access_keyThe AWS API keys. If blank, the environment variable AWS_ACCESS_KEY_ID is used.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.lightsail_sd_configs.*.endpointCustom endpoint to be used.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.lightsail_sd_configs.*.portThe port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule.
Defaults to 80 in prometheus
when set to null.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.lightsail_sd_configs.*.profileNamed AWS profile used to connect to the API.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.lightsail_sd_configs.*.refresh_intervalRefresh interval to re-read the instance list.
Defaults to 60s in prometheus
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.lightsail_sd_configs.*.regionThe AWS region. If blank, the region from the instance metadata is used.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.lightsail_sd_configs.*.role_arnAWS Role ARN, an alternative to using AWS API keys.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.lightsail_sd_configs.*.secret_keyThe AWS API keys. If blank, the environment variable AWS_SECRET_ACCESS_KEY is used.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.linode_sd_configsList of Linode service discovery configurations.
Type: null or (list of (submodule))
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.linode_sd_configs.*.authorizationOptional Authorization header configuration.
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.linode_sd_configs.*.authorization.credentialsSets the credentials. It is mutually exclusive with credentials_file.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.linode_sd_configs.*.authorization.credentials_fileSets the credentials to the credentials read from the configured file.
It is mutually exclusive with credentials.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.linode_sd_configs.*.authorization.typeSets the authentication type.
Defaults to Bearer in prometheus
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.linode_sd_configs.*.basic_authOptional HTTP basic authentication information.
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.linode_sd_configs.*.basic_auth.passwordHTTP password
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.linode_sd_configs.*.basic_auth.password_fileHTTP password file
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.linode_sd_configs.*.basic_auth.usernameHTTP username
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.linode_sd_configs.*.follow_redirectsConfigure whether HTTP requests follow HTTP 3xx redirects.
Defaults to true in prometheus
when set to null.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.linode_sd_configs.*.oauth2Optional OAuth 2.0 configuration. Cannot be used at the same time as basic_auth or authorization.
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.linode_sd_configs.*.oauth2.client_idOAuth client ID.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.linode_sd_configs.*.oauth2.client_secretOAuth client secret.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.linode_sd_configs.*.oauth2.client_secret_fileRead the client secret from a file. It is mutually exclusive with client_secret.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.linode_sd_configs.*.oauth2.endpoint_paramsOptional parameters to append to the token URL.
Type: null or (attribute set of string)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.linode_sd_configs.*.oauth2.scopesScopes for the token request.
Type: null or (list of string)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.linode_sd_configs.*.oauth2.token_urlThe URL to fetch the token from.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.linode_sd_configs.*.portThe port to scrape metrics from.
Defaults to 80 in prometheus
when set to null.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.linode_sd_configs.*.proxy_urlOptional proxy URL.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.linode_sd_configs.*.refresh_intervalThe time after which the linode instances are refreshed.
Defaults to 60s in prometheus
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.linode_sd_configs.*.tag_separatorThe string by which Linode Instance tags are joined into the tag label.
Defaults to , in prometheus
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.linode_sd_configs.*.tls_configTLS configuration.
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.linode_sd_configs.*.tls_config.ca_fileCA certificate to validate API server certificate with.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.linode_sd_configs.*.tls_config.cert_fileCertificate file for client cert authentication to the server.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.linode_sd_configs.*.tls_config.insecure_skip_verifyDisable validation of the server certificate.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.linode_sd_configs.*.tls_config.key_fileKey file for client cert authentication to the server.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.linode_sd_configs.*.tls_config.server_nameServerName extension to indicate the name of the server. http://tools.ietf.org/html/rfc4366#section-3.1
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.marathon_sd_configsList of Marathon service discovery configurations.
Type: null or (list of (submodule))
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.auth_tokenOptional authentication information for token-based authentication:
https://docs.mesosphere.com/1.11/security/ent/iam-api/#passing-an-authentication-token
It is mutually exclusive with auth_token_file and other authentication mechanisms.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.auth_token_fileOptional authentication information for token-based authentication:
https://docs.mesosphere.com/1.11/security/ent/iam-api/#passing-an-authentication-token
It is mutually exclusive with auth_token and other authentication mechanisms.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.authorizationOptional Authorization header configuration.
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.authorization.credentialsSets the credentials. It is mutually exclusive with credentials_file.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.authorization.credentials_fileSets the credentials to the credentials read from the configured file.
It is mutually exclusive with credentials.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.authorization.typeSets the authentication type.
Defaults to Bearer in prometheus
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.basic_authOptional HTTP basic authentication information.
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.basic_auth.passwordHTTP password
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.basic_auth.password_fileHTTP password file
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.basic_auth.usernameHTTP username
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.follow_redirectsConfigure whether HTTP requests follow HTTP 3xx redirects.
Defaults to true in prometheus
when set to null.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.oauth2Optional OAuth 2.0 configuration. Cannot be used at the same time as basic_auth or authorization.
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.oauth2.client_idOAuth client ID.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.oauth2.client_secretOAuth client secret.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.oauth2.client_secret_fileRead the client secret from a file. It is mutually exclusive with client_secret.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.oauth2.endpoint_paramsOptional parameters to append to the token URL.
Type: null or (attribute set of string)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.oauth2.scopesScopes for the token request.
Type: null or (list of string)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.oauth2.token_urlThe URL to fetch the token from.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.proxy_urlOptional proxy URL.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.refresh_intervalPolling interval.
Defaults to 30s in prometheus
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.serversList of URLs to be used to contact Marathon servers. You need to provide at least one server URL.
Type: list of string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.tls_configTLS configuration.
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.tls_config.ca_fileCA certificate to validate API server certificate with.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.tls_config.cert_fileCertificate file for client cert authentication to the server.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.tls_config.insecure_skip_verifyDisable validation of the server certificate.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.tls_config.key_fileKey file for client cert authentication to the server.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.marathon_sd_configs.*.tls_config.server_nameServerName extension to indicate the name of the server. http://tools.ietf.org/html/rfc4366#section-3.1
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.metric_relabel_configsList of metric relabel configurations.
Type: null or (list of (submodule))
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.metric_relabel_configs.*.actionAction to perform based on regex matching.
Defaults to replace in prometheus
when set to null.
Type: null or one of "replace", "keep", "drop", "hashmod", "labelmap", "labeldrop", "labelkeep"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.metric_relabel_configs.*.modulusModulus to take of the hash of the source label values.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.metric_relabel_configs.*.regexRegular expression against which the extracted value is matched.
Defaults to (.*) in prometheus
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.metric_relabel_configs.*.replacementReplacement value against which a regex replace is performed if the regular expression matches.
Defaults to $1 in prometheus
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.metric_relabel_configs.*.separatorSeparator placed between concatenated source label values.
Defaults to ; in prometheus
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.metric_relabel_configs.*.source_labelsThe source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression.
Type: null or (list of string)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.metric_relabel_configs.*.target_labelLabel to which the resulting value is written in a replace action. It is mandatory for replace actions.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.metrics_pathThe HTTP resource path on which to fetch metrics from targets.
Defaults to /metrics in prometheus
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.nerve_sd_configsList of AirBnB's Nerve service discovery configurations.
Type: null or (list of (submodule))
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.nerve_sd_configs.*.pathsPaths can point to a single service, or the root of a tree of services.
Type: list of string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.nerve_sd_configs.*.serversThe Zookeeper servers.
Type: list of string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.nerve_sd_configs.*.timeoutTimeout value.
Defaults to 10s in prometheus
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.openstack_sd_configsList of OpenStack service discovery configurations.
Type: null or (list of (submodule))
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.all_tenantsWhether the service discovery should list all instances for all projects. It is only relevant for the 'instance' role and usually requires admin permissions.
Defaults to false in prometheus
when set to null.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.application_credential_idThe application_credential_id or application_credential_name fields are required if using an application credential to authenticate. Some providers allow you to create an application credential to authenticate rather than a password.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.application_credential_nameThe application_credential_id or application_credential_name fields are required if using an application credential to authenticate. Some providers allow you to create an application credential to authenticate rather than a password.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.application_credential_secretThe application_credential_secret field is required if using an application credential to authenticate.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.availabilityThe availability of the endpoint to connect to. Must be one of public, admin or internal.
Defaults to public in prometheus
when set to null.
Type: null or one of "public", "admin", "internal"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.domain_idAt most one of domain_id and domain_name must be provided if using username with Identity V3. Otherwise, either are optional.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.domain_nameAt most one of domain_id and domain_name must be provided if using username with Identity V3. Otherwise, either are optional.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.identity_endpointidentity_endpoint specifies the HTTP endpoint that is required to work with the Identity API of the appropriate version. While it's ultimately needed by all of the identity services, it will often be populated by a provider-level function.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.passwordpassword for the Identity V2 and V3 APIs. Consult with your provider's control panel to discover your account's preferred method of authentication.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.portThe port to scrape metrics from. If using the public IP address, this must instead be specified in the relabeling rule.
Defaults to 80 in prometheus
when set to null.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.project_idThe project_id and project_name fields are optional for the Identity V2 API. Some providers allow you to specify a project_name instead of the project_id. Some require both. Your provider's authentication policies will determine how these fields influence authentication.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.project_nameThe project_id and project_name fields are optional for the Identity V2 API. Some providers allow you to specify a project_name instead of the project_id. Some require both. Your provider's authentication policies will determine how these fields influence authentication.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.refresh_intervalRefresh interval to re-read the instance list.
Defaults to 60s in prometheus
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.regionThe OpenStack Region.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.roleThe OpenStack role of entities that should be discovered.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.tls_configTLS configuration.
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.tls_config.ca_fileCA certificate to validate API server certificate with.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.tls_config.cert_fileCertificate file for client cert authentication to the server.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.tls_config.insecure_skip_verifyDisable validation of the server certificate.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.tls_config.key_fileKey file for client cert authentication to the server.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.tls_config.server_nameServerName extension to indicate the name of the server. http://tools.ietf.org/html/rfc4366#section-3.1
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.useridusername is required if using Identity V2 API. Consult with your provider's control panel to discover your account's username. In Identity V3, either userid or a combination of username and domain_id or domain_name are needed.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.openstack_sd_configs.*.usernameusername is required if using Identity V2 API. Consult with your provider's control panel to discover your account's username. In Identity V3, either userid or a combination of username and domain_id or domain_name are needed.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.paramsOptional HTTP URL parameters.
Type: null or (attribute set of list of string)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.proxy_urlOptional proxy URL.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.puppetdb_sd_configsList of PuppetDB service discovery configurations.
Type: null or (list of (submodule))
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.authorizationOptional Authorization header configuration.
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.authorization.credentialsSets the credentials. It is mutually exclusive with credentials_file.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.authorization.credentials_fileSets the credentials to the credentials read from the configured file.
It is mutually exclusive with credentials.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.authorization.typeSets the authentication type.
Defaults to Bearer in prometheus
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.basic_authOptional HTTP basic authentication information.
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.basic_auth.passwordHTTP password
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.basic_auth.password_fileHTTP password file
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.basic_auth.usernameHTTP username
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.follow_redirectsConfigure whether HTTP requests follow HTTP 3xx redirects.
Defaults to true in prometheus
when set to null.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.include_parametersWhether to include the parameters as meta labels. Due to the differences between parameter types and Prometheus labels, some parameters might not be rendered. The format of the parameters might also change in future releases.
Note: Enabling this exposes parameters in the Prometheus UI and API. Make sure that you don't have secrets exposed as parameters if you enable this.
Defaults to false in prometheus
when set to null.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.oauth2Optional OAuth 2.0 configuration. Cannot be used at the same time as basic_auth or authorization.
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.oauth2.client_idOAuth client ID.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.oauth2.client_secretOAuth client secret.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.oauth2.client_secret_fileRead the client secret from a file. It is mutually exclusive with client_secret.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.oauth2.endpoint_paramsOptional parameters to append to the token URL.
Type: null or (attribute set of string)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.oauth2.scopesScopes for the token request.
Type: null or (list of string)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.oauth2.token_urlThe URL to fetch the token from.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.portThe port to scrape metrics from.
Defaults to 80 in prometheus
when set to null.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.proxy_urlOptional proxy URL.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.queryPuppet Query Language (PQL) query. Only resources are supported. https://puppet.com/docs/puppetdb/latest/api/query/v4/pql.html
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.refresh_intervalRefresh interval to re-read the resources list.
Defaults to 60s in prometheus
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.tls_configTLS configuration.
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.tls_config.ca_fileCA certificate to validate API server certificate with.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.tls_config.cert_fileCertificate file for client cert authentication to the server.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.tls_config.insecure_skip_verifyDisable validation of the server certificate.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.tls_config.key_fileKey file for client cert authentication to the server.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.tls_config.server_nameServerName extension to indicate the name of the server. http://tools.ietf.org/html/rfc4366#section-3.1
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.puppetdb_sd_configs.*.urlThe URL of the PuppetDB root query endpoint.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.relabel_configsList of relabel configurations.
Type: null or (list of (submodule))
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.relabel_configs.*.actionAction to perform based on regex matching.
Defaults to replace in prometheus
when set to null.
Type: null or one of "replace", "keep", "drop", "hashmod", "labelmap", "labeldrop", "labelkeep"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.relabel_configs.*.modulusModulus to take of the hash of the source label values.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.relabel_configs.*.regexRegular expression against which the extracted value is matched.
Defaults to (.*) in prometheus
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.relabel_configs.*.replacementReplacement value against which a regex replace is performed if the regular expression matches.
Defaults to $1 in prometheus
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.relabel_configs.*.separatorSeparator placed between concatenated source label values.
Defaults to ; in prometheus
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.relabel_configs.*.source_labelsThe source labels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression.
Type: null or (list of string)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.relabel_configs.*.target_labelLabel to which the resulting value is written in a replace action. It is mandatory for replace actions.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.sample_limitPer-scrape limit on number of scraped samples that will be accepted. If more than this number of samples are present after metric relabelling the entire scrape will be treated as failed. 0 means no limit.
Defaults to 0 in prometheus
when set to null.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.scaleway_sd_configsList of Scaleway service discovery configurations.
Type: null or (list of (submodule))
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.scaleway_sd_configs.*.access_keyAccess key to use. https://console.scaleway.com/project/credentials
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.scaleway_sd_configs.*.api_urlAPI URL to use when doing the server listing requests.
Defaults to https://api.scaleway.com in prometheus
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.scaleway_sd_configs.*.follow_redirectsConfigure whether HTTP requests follow HTTP 3xx redirects.
Defaults to true in prometheus
when set to null.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.scaleway_sd_configs.*.name_filterSpecify a name filter (works as a LIKE) to apply on the server listing request.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.scaleway_sd_configs.*.portThe port to scrape metrics from.
Defaults to 80 in prometheus
when set to null.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.scaleway_sd_configs.*.project_idProject ID of the targets.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.scaleway_sd_configs.*.proxy_urlOptional proxy URL.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.scaleway_sd_configs.*.refresh_intervalRefresh interval to re-read the managed targets list.
Defaults to 60s in prometheus
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.scaleway_sd_configs.*.roleRole of the targets to retrieve. Must be instance or baremetal.
Type: one of "instance", "baremetal"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.scaleway_sd_configs.*.secret_keySecret key to use when listing targets. https://console.scaleway.com/project/credentials
It is mutually exclusive with secret_key_file.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.scaleway_sd_configs.*.secret_key_fileSets the secret key with the credentials read from the configured file.
It is mutually exclusive with secret_key.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.scaleway_sd_configs.*.tags_filterSpecify a tag filter (a server needs to have all defined tags to be listed) to apply on the server listing request.
Type: null or (list of string)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.scaleway_sd_configs.*.tls_configTLS configuration.
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.scaleway_sd_configs.*.tls_config.ca_fileCA certificate to validate API server certificate with.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.scaleway_sd_configs.*.tls_config.cert_fileCertificate file for client cert authentication to the server.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.scaleway_sd_configs.*.tls_config.insecure_skip_verifyDisable validation of the server certificate.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.scaleway_sd_configs.*.tls_config.key_fileKey file for client cert authentication to the server.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.scaleway_sd_configs.*.tls_config.server_nameServerName extension to indicate the name of the server. http://tools.ietf.org/html/rfc4366#section-3.1
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.scaleway_sd_configs.*.zoneZone is the availability zone of your targets (e.g. fr-par-1).
Defaults to fr-par-1 in prometheus
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.schemeThe URL scheme with which to fetch metrics from targets.
Defaults to http in prometheus
when set to null.
Type: null or one of "http", "https"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.scrape_intervalHow frequently to scrape targets from this job. Defaults to the globally configured default.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.scrape_timeoutPer-target timeout when scraping this job. Defaults to the globally configured default.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.serverset_sd_configsList of Zookeeper Serverset service discovery configurations.
Type: null or (list of (submodule))
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.serverset_sd_configs.*.pathsPaths can point to a single service, or the root of a tree of services.
Type: list of string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.serverset_sd_configs.*.serversThe Zookeeper servers.
Type: list of string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.serverset_sd_configs.*.timeoutTimeout value.
Defaults to 10s in prometheus
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.static_configsList of labeled target groups for this job.
Type: null or (list of (submodule))
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.static_configs.*.labelsLabels assigned to all metrics scraped from the targets.
Type: attribute set of string
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.static_configs.*.targetsThe targets specified by the target group.
Type: list of string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.target_limitPer-scrape config limit on number of unique targets that will be accepted. If more than this number of targets are present after target relabeling, Prometheus will mark the targets as failed without scraping them. 0 means no limit. This is an experimental feature, this behaviour could change in the future.
Defaults to 0 in prometheus
when set to null.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.tls_configConfigures the scrape request's TLS settings.
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.tls_config.ca_fileCA certificate to validate API server certificate with.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.tls_config.cert_fileCertificate file for client cert authentication to the server.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.tls_config.insecure_skip_verifyDisable validation of the server certificate.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.tls_config.key_fileKey file for client cert authentication to the server.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.tls_config.server_nameServerName extension to indicate the name of the server. http://tools.ietf.org/html/rfc4366#section-3.1
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.triton_sd_configsList of Triton Serverset service discovery configurations.
Type: null or (list of (submodule))
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.triton_sd_configs.*.accountThe account to use for discovering new targets.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.triton_sd_configs.*.dns_suffixThe DNS suffix which should be applied to target.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.triton_sd_configs.*.endpointThe Triton discovery endpoint (e.g. cmon.us-east-3b.triton.zone). This is
often the same value as dns_suffix.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.triton_sd_configs.*.groupsA list of groups for which targets are retrieved, only supported when targeting the container role.
If omitted all containers owned by the requesting account are scraped.
Type: null or (list of string)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.triton_sd_configs.*.portThe port to use for discovery and metric scraping.
Defaults to 9163 in prometheus
when set to null.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.triton_sd_configs.*.refresh_intervalThe interval which should be used for refreshing targets.
Defaults to 60s in prometheus
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.triton_sd_configs.*.roleThe type of targets to discover, can be set to:
"container" to discover virtual machines (SmartOS zones, lx/KVM/bhyve branded zones) running on Triton
"cn" to discover compute nodes (servers/global zones) making up the Triton infrastructure
Defaults to container in prometheus
when set to null.
Type: null or one of "container", "cn"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.triton_sd_configs.*.tls_configTLS configuration.
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.triton_sd_configs.*.tls_config.ca_fileCA certificate to validate API server certificate with.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.triton_sd_configs.*.tls_config.cert_fileCertificate file for client cert authentication to the server.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.triton_sd_configs.*.tls_config.insecure_skip_verifyDisable validation of the server certificate.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.triton_sd_configs.*.tls_config.key_fileKey file for client cert authentication to the server.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.triton_sd_configs.*.tls_config.server_nameServerName extension to indicate the name of the server. http://tools.ietf.org/html/rfc4366#section-3.1
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.triton_sd_configs.*.versionThe Triton discovery API version.
Defaults to 1 in prometheus
when set to null.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.uyuni_sd_configsList of Uyuni Serverset service discovery configurations.
Type: null or (list of (submodule))
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.authorizationOptional Authorization header configuration.
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.authorization.credentialsSets the credentials. It is mutually exclusive with credentials_file.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.authorization.credentials_fileSets the credentials to the credentials read from the configured file.
It is mutually exclusive with credentials.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.authorization.typeSets the authentication type.
Defaults to Bearer in prometheus
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.basic_authOptional HTTP basic authentication information.
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.basic_auth.passwordHTTP password
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.basic_auth.password_fileHTTP password file
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.basic_auth.usernameHTTP username
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.entitlementThe entitlement string to filter eligible systems.
Defaults to monitoring_entitled in prometheus
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.follow_redirectsConfigure whether HTTP requests follow HTTP 3xx redirects.
Defaults to true in prometheus
when set to null.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.oauth2Optional OAuth 2.0 configuration. Cannot be used at the same time as basic_auth or authorization.
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.oauth2.client_idOAuth client ID.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.oauth2.client_secretOAuth client secret.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.oauth2.client_secret_fileRead the client secret from a file. It is mutually exclusive with client_secret.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.oauth2.endpoint_paramsOptional parameters to append to the token URL.
Type: null or (attribute set of string)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.oauth2.scopesScopes for the token request.
Type: null or (list of string)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.oauth2.token_urlThe URL to fetch the token from.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.passwordCredentials are used to authenticate the requests to Uyuni API.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.proxy_urlOptional proxy URL.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.refresh_intervalRefresh interval to re-read the managed targets list.
Defaults to 60s in prometheus
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.separatorThe string by which Uyuni group names are joined into the groups label
Defaults to , in prometheus
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.serverThe URL to connect to the Uyuni server.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.tls_configTLS configuration.
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.tls_config.ca_fileCA certificate to validate API server certificate with.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.tls_config.cert_fileCertificate file for client cert authentication to the server.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.tls_config.insecure_skip_verifyDisable validation of the server certificate.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.tls_config.key_fileKey file for client cert authentication to the server.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.tls_config.server_nameServerName extension to indicate the name of the server. http://tools.ietf.org/html/rfc4366#section-3.1
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.scrapeConfigs.*.uyuni_sd_configs.*.usernameCredentials are used to authenticate the requests to Uyuni API.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.stateDirDirectory below /var/lib to store Prometheus metrics data.
This directory will be created automatically using systemd's StateDirectory mechanism.
Type: string
Default: "prometheus2"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.webConfigFileSpecifies which file should be used as web.config.file and be passed on startup. See https://prometheus.io/docs/prometheus/latest/configuration/https/ for valid options.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.webExternalUrlThe URL under which Prometheus is externally reachable (for example, if Prometheus is served via a reverse proxy).
Type: null or string
Default: null
Example: "https://example.com/"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix>
|
services.prometheus.xmpp-alerts.enableWhether to enable XMPP Web hook service for Alertmanager.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/xmpp-alerts.nix>
|
services.prometheus.xmpp-alerts.settingsConfiguration for prometheus xmpp-alerts, see https://github.com/jelmer/prometheus-xmpp-alerts/blob/master/xmpp-alerts.yml.example for supported values.
Type: YAML value
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/monitoring/prometheus/xmpp-alerts.nix>
|
services.promtail.enableWhether to enable the Promtail ingresser.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/logging/promtail.nix>
|
services.promtail.configurationSpecify the configuration for Promtail in Nix.
Type: JSON value
Declared by:
<nixpkgs/nixos/modules/services/logging/promtail.nix>
|
services.promtail.extraFlagsSpecify a list of additional command line flags, which get escaped and are then passed to Loki.
Type: list of string
Default: [ ]
Example:
[ "--server.http-listen-port=3101" ]
Declared by:
<nixpkgs/nixos/modules/services/logging/promtail.nix>
|
services.prosody.enableWhether to enable the prosody server
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.packageProsody package to use
Type: package
Default: pkgs.prosody
Example:
pkgs.prosody.override {
withExtraLibs = [ pkgs.luaPackages.lpty ];
withCommunityModules = [ "auth_external" ];
};
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.adminsList of administrators of the current host
Type: list of string
Default: [ ]
Example:
[ "admin1@example.com" "admin2@example.com" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.allowRegistrationAllow account creation
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.authenticationAuthentication mechanism used for logins.
Type: one of "internal_plain", "internal_hashed", "cyrus", "anonymous"
Default: "internal_hashed"
Example: "internal_plain"
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.c2sRequireEncryptionForce clients to use encrypted connections? This option will prevent clients from authenticating unless they are using encryption.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.dataDirThe prosody home directory used to store all data. If left as the default value this directory will automatically be created before the prosody server starts, otherwise you are responsible for ensuring the directory exists with appropriate ownership and permissions.
Type: path
Default: "/var/lib/prosody"
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.disco_itemsList of discoverable items you want to advertise.
Type: list of (submodule)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.disco_items.*.descriptionA short description of the endpoint you want to advertise
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.disco_items.*.urlURL of the endpoint you want to make discoverable
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.extraConfigAdditional prosody configuration
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.extraModulesEnable custom modules
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.extraPluginPathsAdditional path in which to look find plugins/modules
Type: list of path
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.groupGroup account under which prosody runs.
If left as the default value this group will automatically be created on system activation, otherwise you are responsible for ensuring the group exists before the prosody service starts.
Type: string
Default: "prosody"
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.httpInterfacesInterfaces on which the HTTP server will listen on.
Type: list of string
Default:
[ "*" "::" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.httpPortsListening HTTP ports list for this service.
Type: list of signed integer
Default:
[ 5280 ]
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.httpsInterfacesInterfaces on which the HTTPS server will listen on.
Type: list of string
Default:
[ "*" "::" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.httpsPortsListening HTTPS ports list for this service.
Type: list of signed integer
Default:
[ 5281 ]
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.modules.admin_adhocAllows administration via an XMPP client that supports ad-hoc commands
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.modules.admin_telnetOpens telnet console interface on localhost port 5582
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.modules.announceSend announcement to all online users
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.modules.blocklistAllow users to block communications with other users
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.modules.bookmarksAllows interop between older clients that use XEP-0048: Bookmarks in its 1.0 version and recent clients which use it in PEP
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.modules.boshEnable BOSH clients, aka 'Jabber over HTTP'
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.modules.carbonsKeep multiple clients in sync
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.modules.cloud_notifyPush notifications to inform users of new messages or other pertinent information even when they have no XMPP clients online
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.modules.csiImplements the CSI protocol that allows clients to report their active/inactive state to the server
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.modules.dialbacks2s dialback support
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.modules.discoService discovery
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.modules.groupsShared roster support
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.modules.http_filesServe static files from a directory over HTTP
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.modules.legacyauthLegacy authentication. Only used by some old clients and bots
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.modules.limitsEnable bandwidth limiting for XMPP connections
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.modules.mamStore messages in an archive and allow users to access it
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.modules.motdSend a message to users when they log in
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.modules.pepEnables users to publish their mood, activity, playing music and more
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.modules.pingReplies to XMPP pings with pongs
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.modules.privatePrivate XML storage (for room bookmarks, etc.)
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.modules.proxy65Enables a file transfer proxy service which clients behind NAT can use
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.modules.registerAllow users to register on this server using a client and change passwords
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.modules.rosterAllow users to have a roster
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.modules.saslauthAuthentication for clients and servers. Recommended if you want to log in.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.modules.server_contact_infoPublish contact information for this service
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.modules.smacksAllow a client to resume a disconnected session, and prevent message loss
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.modules.timeLet others know the time here on this server
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.modules.tlsAdd support for secure TLS on c2s/s2s connections
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.modules.uptimeReport how long server has been running
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.modules.vcardAllow users to set vCards
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.modules.vcard_legacyConverts users profiles and Avatars between old and new formats
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.modules.versionReplies to server version requests
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.modules.watchregistrationsAlert admins of registrations
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.modules.websocketEnable WebSocket support
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.modules.welcomeWelcome users who register accounts
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.mucMulti User Chat (MUC) configuration
Type: list of (submodule)
Default: [ ]
Example:
[
{
domain = "conference.my-xmpp-example-host.org";
}
]Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.muc.*.domainDomain name of the MUC
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.muc.*.extraConfigAdditional MUC specific configuration
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.muc.*.maxHistoryMessagesSpecifies a limit on what each room can be configured to keep
Type: signed integer
Default: 20
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.muc.*.nameThe name to return in service discovery responses for the MUC service itself
Type: string
Default: "Prosody Chatrooms"
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.muc.*.restrictRoomCreationRestrict room creation to server admins
Type: one of true, false, "admin", "local"
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.muc.*.roomDefaultChangeSubjectIf set, the rooms will display the public JIDs by default.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.muc.*.roomDefaultHistoryLengthNumber of history message sent to participants by default.
Type: signed integer
Default: 20
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.muc.*.roomDefaultLanguageDefault room language.
Type: string
Default: "en"
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.muc.*.roomDefaultMembersOnlyIf set, the MUC rooms will only be accessible to the members by default.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.muc.*.roomDefaultModeratedIf set, the MUC rooms will be moderated by default.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.muc.*.roomDefaultPublicIf set, the MUC rooms will be public by default.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.muc.*.roomDefaultPublicJidsIf set, the MUC rooms will display the public JIDs by default.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.muc.*.roomLockTimeoutTimeout after which the room is destroyed or unlocked if not configured, in seconds
Type: signed integer
Default: 300
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.muc.*.roomLockingEnables room locking, which means that a room must be configured before it can be used. Locked rooms are invisible and cannot be entered by anyone but the creator
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.muc.*.tombstoneExpiryThis settings controls how long a tombstone is considered valid. It defaults to 31 days. After this time, the room in question can be created again.
Type: signed integer
Default: 2678400
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.muc.*.tombstonesWhen a room is destroyed, it leaves behind a tombstone which prevents the room being entered or recreated. It also allows anyone who was not in the room at the time it was destroyed to learn about it, and to update their bookmarks. Tombstones prevents the case where someone could recreate a previously semi-anonymous room in order to learn the real JIDs of those who often join there.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.muc.*.vcard_mucAdds the ability to set vCard for Multi User Chat rooms
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.s2sInsecureDomainsSome servers have invalid or self-signed certificates. You can list remote domains here that will not be required to authenticate using certificates. They will be authenticated using DNS instead, even when s2s_secure_auth is enabled.
Type: list of string
Default: [ ]
Example:
[ "insecure.example.com" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.s2sRequireEncryptionForce servers to use encrypted connections? This option will prevent servers from authenticating unless they are using encryption. Note that this is different from authentication.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.s2sSecureAuthForce certificate authentication for server-to-server connections? This provides ideal security, but requires servers you communicate with to support encryption AND present valid, trusted certificates. For more information see https://prosody.im/doc/s2s#security
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.s2sSecureDomainsEven if you leave s2s_secure_auth disabled, you can still require valid certificates for some domains by specifying a list here.
Type: list of string
Default: [ ]
Example:
[ "jabber.org" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.sslPaths to SSL files
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.ssl.certPath to the certificate file.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.ssl.extraOptionsExtra SSL configuration options.
Type: attribute set
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.ssl.keyPath to the key file.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.uploadHttpConfigures the Prosody builtin HTTP server to handle user uploads.
Type: null or (submodule)
Default: null
Example:
{
domain = "uploads.my-xmpp-example-host.org";
}Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.uploadHttp.domainDomain name for the http-upload service
Type: null or string
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.uploadHttp.httpUploadPathDirectory where the uploaded files will be stored. By default, uploaded files are put in a sub-directory of the default Prosody storage path (usually /var/lib/prosody).
Type: string
Default: "/var/lib/prosody"
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.uploadHttp.uploadExpireAfterMax age of a file before it gets deleted, in seconds.
Type: string
Default: "60 * 60 * 24 * 7"
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.uploadHttp.uploadFileSizeLimitMaximum file size, in bytes. Defaults to 50MB.
Type: string
Default: "50 * 1024 * 1024"
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.uploadHttp.userQuotaMaximum size of all uploaded files per user, in bytes. There will be no quota if this option is set to null.
Type: null or signed integer
Default: null
Example: 1234
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.userUser account under which prosody runs.
If left as the default value this user will automatically be created on system activation, otherwise you are responsible for ensuring the user exists before the prosody service starts.
Type: string
Default: "prosody"
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.virtualHostsDefine the virtual hosts
Type: attribute set of (submodule)
Default:
{
localhost = {
domain = "localhost";
enabled = true;
};
}Example:
{
myhost = {
domain = "my-xmpp-example-host.org";
enabled = true;
};
}Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.virtualHosts.<name>.enabledWhether to enable the virtual host
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.virtualHosts.<name>.domainDomain name
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.virtualHosts.<name>.extraConfigAdditional virtual host specific configuration
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.virtualHosts.<name>.sslPaths to SSL files
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.virtualHosts.<name>.ssl.certPath to the certificate file.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.virtualHosts.<name>.ssl.extraOptionsExtra SSL configuration options.
Type: attribute set
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.virtualHosts.<name>.ssl.keyPath to the key file.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody.xmppComplianceSuiteThe XEP-0423 defines a set of recommended XEPs to implement for a server. It's generally a good idea to implement this set of extensions if you want to provide your users with a good XMPP experience.
This NixOS module aims to provide a "advanced server" experience as per defined in the XEP-0423[1] specification.
Setting this option to true will prevent you from building a NixOS configuration which won't comply with this standard. You can explicitly decide to ignore this standard if you know what you are doing by setting this option to false.
[1] https://xmpp.org/extensions/xep-0423.html
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/prosody.nix>
|
services.prosody-filer.enableWhether to enable Prosody Filer XMPP upload file server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/prosody-filer.nix>
|
services.prosody-filer.settingsConfiguration for Prosody Filer. Refer to https://github.com/ThomasLeister/prosody-filer#configure-prosody-filer for details on supported values.
Type: TOML value
Example:
{
secret = "mysecret";
storeDir = "/srv/http/nginx/prosody-upload";
}Declared by:
<nixpkgs/nixos/modules/services/web-apps/prosody-filer.nix>
|
services.prowlarr.enableWhether to enable Prowlarr.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/prowlarr.nix>
|
services.prowlarr.openFirewallOpen ports in the firewall for the Prowlarr web interface.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/prowlarr.nix>
|
services.psd.enableWhether to enable the Profile Sync daemon.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/desktops/profile-sync-daemon.nix>
|
services.psd.resyncTimerThe amount of time to wait before syncing browser profiles back to the disk.
Takes a systemd.unit time span. The time unit defaults to seconds if omitted.
Type: string
Default: "1h"
Example: "1h 30min"
Declared by:
<nixpkgs/nixos/modules/services/desktops/profile-sync-daemon.nix>
|
services.public-inbox.enableWhether to enable the public-inbox mail archiver.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/mail/public-inbox.nix>
|
services.public-inbox.packagepublic-inbox package to use.
Type: package
Default: pkgs.public-inbox
Declared by:
<nixpkgs/nixos/modules/services/mail/public-inbox.nix>
|
services.public-inbox.http.enableWhether to enable the public-inbox HTTP server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/mail/public-inbox.nix>
|
services.public-inbox.http.argsCommand-line arguments to pass to public-inbox-httpd(1).
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/mail/public-inbox.nix>
|
services.public-inbox.http.mountsRoot paths or URLs that public-inbox will be served on. If domain parts are present, only requests to those domains will be accepted.
Type: list of string
Default:
[ "/" ]
Example:
[ "/lists/archives" ]
Declared by:
<nixpkgs/nixos/modules/services/mail/public-inbox.nix>
|
services.public-inbox.http.portListening port or systemd's ListenStream= entry
to be used as a reverse proxy, eg. in nginx:
locations."/inbox".proxyPass = "http://unix:${config.services.public-inbox.http.port}:/inbox";
Set to null and use systemd.sockets.public-inbox-httpd.listenStreams
if you need a more advanced listening.
Type: null or string or 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 80
Example: "/run/public-inbox-httpd.sock"
Declared by:
<nixpkgs/nixos/modules/services/mail/public-inbox.nix>
|
services.public-inbox.imap.enableWhether to enable the public-inbox IMAP server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/mail/public-inbox.nix>
|
services.public-inbox.imap.argsCommand-line arguments to pass to public-inbox-imapd(1).
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/mail/public-inbox.nix>
|
services.public-inbox.imap.certPath to TLS certificate to use for connections to public-inbox-imapd(1).
Type: null or string
Default: null
Example: "/path/to/fullchain.pem"
Declared by:
<nixpkgs/nixos/modules/services/mail/public-inbox.nix>
|
services.public-inbox.imap.keyPath to TLS key to use for connections to public-inbox-imapd(1).
Type: null or string
Default: null
Example: "/path/to/key.pem"
Declared by:
<nixpkgs/nixos/modules/services/mail/public-inbox.nix>
|
services.public-inbox.imap.portListening port.
Beware that public-inbox uses well-known ports number to decide whether to enable TLS or not.
Set to null and use systemd.sockets.public-inbox-imapd.listenStreams
if you need a more advanced listening.
Type: null or string or 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 993
Declared by:
<nixpkgs/nixos/modules/services/mail/public-inbox.nix>
|
services.public-inbox.inboxesInboxes to configure, where attribute names are inbox names.
Type: attribute set of (attribute set of (INI atom (null, bool, int, float or string) or a list of them for duplicate keys))
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/mail/public-inbox.nix>
|
services.public-inbox.inboxes.<name>.addressThe email addresses of the public-inbox.
Type: list of string
Example: "example-discuss@example.org"
Declared by:
<nixpkgs/nixos/modules/services/mail/public-inbox.nix>
|
services.public-inbox.inboxes.<name>.coderepoNicknames of a 'coderepo' section associated with the inbox.
Type: list of coderepo names
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/mail/public-inbox.nix>
|
services.public-inbox.inboxes.<name>.descriptionUser-visible description for the repository.
Type: string
Example: "user/dev discussion of public-inbox itself"
Declared by:
<nixpkgs/nixos/modules/services/mail/public-inbox.nix>
|
services.public-inbox.inboxes.<name>.inboxdirThe absolute path to the directory which hosts the public-inbox.
Type: string
Default: "/var/lib/public-inbox/inboxes/‹name›"
Declared by:
<nixpkgs/nixos/modules/services/mail/public-inbox.nix>
|
services.public-inbox.inboxes.<name>.newsgroupNNTP group name for the inbox.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/mail/public-inbox.nix>
|
services.public-inbox.inboxes.<name>.urlURL where this inbox can be accessed over HTTP.
Type: null or string
Default: null
Example: "https://example.org/lists/example-discuss"
Declared by:
<nixpkgs/nixos/modules/services/mail/public-inbox.nix>
|
services.public-inbox.inboxes.<name>.watchPaths for public-inbox-watch(1) to monitor for new mail.
Type: list of string
Default: [ ]
Example:
[ "maildir:/path/to/test.example.com.git" ]
Declared by:
<nixpkgs/nixos/modules/services/mail/public-inbox.nix>
|
services.public-inbox.inboxes.<name>.watchheaderIf specified, public-inbox-watch(1) will only process mail containing a matching header.
Type: null or string
Default: null
Example: "List-Id:<test@example.com>"
Declared by:
<nixpkgs/nixos/modules/services/mail/public-inbox.nix>
|
services.public-inbox.mda.enableWhether to enable the public-inbox Mail Delivery Agent.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/mail/public-inbox.nix>
|
services.public-inbox.mda.argsCommand-line arguments to pass to public-inbox-mda(1).
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/mail/public-inbox.nix>
|
services.public-inbox.nntp.enableWhether to enable the public-inbox NNTP server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/mail/public-inbox.nix>
|
services.public-inbox.nntp.argsCommand-line arguments to pass to public-inbox-nntpd(1).
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/mail/public-inbox.nix>
|
services.public-inbox.nntp.certPath to TLS certificate to use for connections to public-inbox-nntpd(1).
Type: null or string
Default: null
Example: "/path/to/fullchain.pem"
Declared by:
<nixpkgs/nixos/modules/services/mail/public-inbox.nix>
|
services.public-inbox.nntp.keyPath to TLS key to use for connections to public-inbox-nntpd(1).
Type: null or string
Default: null
Example: "/path/to/key.pem"
Declared by:
<nixpkgs/nixos/modules/services/mail/public-inbox.nix>
|
services.public-inbox.nntp.portListening port.
Beware that public-inbox uses well-known ports number to decide whether to enable TLS or not.
Set to null and use systemd.sockets.public-inbox-nntpd.listenStreams
if you need a more advanced listening.
Type: null or string or 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 563
Declared by:
<nixpkgs/nixos/modules/services/mail/public-inbox.nix>
|
services.public-inbox.openFirewallWhether to enable opening the firewall when using a port option.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/mail/public-inbox.nix>
|
services.public-inbox.pathAdditional packages to place in the path of public-inbox-mda, public-inbox-watch, etc.
Type: list of package
Default: [ ]
Example: with pkgs; [ spamassassin ]
Declared by:
<nixpkgs/nixos/modules/services/mail/public-inbox.nix>
|
services.public-inbox.postfix.enableWhether to enable the integration into Postfix.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/mail/public-inbox.nix>
|
services.public-inbox.settingsSettings for the public-inbox config file.
Type: attribute set of attribute set of ((INI atom (null, bool, int, float or string) or a list of them for duplicate keys) or attribute set of (INI atom (null, bool, int, float or string) or a list of them for duplicate keys))
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/mail/public-inbox.nix>
|
services.public-inbox.settings.coderepocode repositories
Type: attribute set of (attribute set of (INI atom (null, bool, int, float or string) or a list of them for duplicate keys))
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/mail/public-inbox.nix>
|
services.public-inbox.settings.coderepo.<name>.cgitUrlURL of a cgit instance
Type: string
Declared by:
<nixpkgs/nixos/modules/services/mail/public-inbox.nix>
|
services.public-inbox.settings.coderepo.<name>.dirPath to a git repository
Type: string
Declared by:
<nixpkgs/nixos/modules/services/mail/public-inbox.nix>
|
services.public-inbox.settings.publicinboxpublic inboxes
Type: attribute set of attribute set of (INI atom (null, bool, int, float or string) or a list of them for duplicate keys)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/mail/public-inbox.nix>
|
services.public-inbox.settings.publicinbox.cssThe local path name of a CSS file for the PSGI web interface.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/mail/public-inbox.nix>
|
services.public-inbox.settings.publicinbox.nntpserverNNTP URLs to this public-inbox instance
Type: list of string
Default: [ ]
Example:
[ "nntp://news.public-inbox.org" "nntps://news.public-inbox.org" ]
Declared by:
<nixpkgs/nixos/modules/services/mail/public-inbox.nix>
|
services.public-inbox.settings.publicinbox.wwwlistingControls which lists (if any) are listed for when the root public-inbox URL is accessed over HTTP.
Type: one of "all", "404", "match=domain"
Default: "404"
Declared by:
<nixpkgs/nixos/modules/services/mail/public-inbox.nix>
|
services.public-inbox.settings.publicinboxmda.spamcheckIf set to spamc, public-inbox-watch(1) will filter spam using SpamAssassin.
Type: one of "spamc", "none"
Default: "none"
Declared by:
<nixpkgs/nixos/modules/services/mail/public-inbox.nix>
|
services.public-inbox.settings.publicinboxwatch.spamcheckIf set to spamc, public-inbox-watch(1) will filter spam using SpamAssassin.
Type: one of "spamc", "none"
Default: "none"
Declared by:
<nixpkgs/nixos/modules/services/mail/public-inbox.nix>
|
services.public-inbox.settings.publicinboxwatch.watchspamIf set, mail in this maildir will be trained as spam and deleted from all watched inboxes
Type: null or string
Default: null
Example: "maildir:/path/to/spam"
Declared by:
<nixpkgs/nixos/modules/services/mail/public-inbox.nix>
|
services.public-inbox.spamAssassinRulesSpamAssassin configuration specific to public-inbox.
Type: null or path
Default: ${cfg.package.sa_config}/user/.spamassassin/user_prefs
Declared by:
<nixpkgs/nixos/modules/services/mail/public-inbox.nix>
|
services.pykms.enableWhether to enable the PyKMS service.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/pykms.nix>
|
services.pykms.extraArgsAdditional arguments
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/misc/pykms.nix>
|
services.pykms.listenAddressThe IP address on which to listen.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/misc/pykms.nix>
|
services.pykms.logLevelHow much to log
Type: one of "CRITICAL", "ERROR", "WARNING", "INFO", "DEBUG", "MININFO"
Default: "INFO"
Declared by:
<nixpkgs/nixos/modules/services/misc/pykms.nix>
|
services.pykms.memoryLimitHow much memory to use at most.
Type: string
Default: "64M"
Declared by:
<nixpkgs/nixos/modules/services/misc/pykms.nix>
|
services.pykms.openFirewallPortWhether the listening port should be opened automatically.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/pykms.nix>
|
services.pykms.portThe port on which to listen.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 1688
Declared by:
<nixpkgs/nixos/modules/services/misc/pykms.nix>
|
services.qemuGuest.enableWhether to enable the qemu guest agent.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/virtualisation/qemu-guest-agent.nix>
|
services.qemuGuest.packageThe QEMU guest agent package.
Type: package
Default: pkgs.qemu_kvm.ga
Declared by:
<nixpkgs/nixos/modules/virtualisation/qemu-guest-agent.nix>
|
services.quake3-server.enableWhether to enable Quake 3 dedicated server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/games/quake3-server.nix>
|
services.quake3-server.baseq3Path to the baseq3 files (pak*.pk3). If this is on the nix store (type = package) all .pk3 files should be saved in the top-level directory. If this is on another filesystem (e.g /var/lib/baseq3) the .pk3 files are searched in $baseq3/.q3a/baseq3/
Type: package or path
Default: Manually downloaded Quake 3 installation directory.
Example: "/var/lib/q3ds"
Declared by:
<nixpkgs/nixos/modules/services/games/quake3-server.nix>
|
services.quake3-server.extraConfigExtra configuration options. Note that options changed via RCON will not be persisted. To list all possible options, use "cvarlist 1" via RCON.
Type: strings concatenated with "\n"
Default: ""
Example:
'' seta rconPassword "superSecret" // sets RCON password for remote console seta sv_hostname "My Quake 3 server" // name that appears in server list ''
Declared by:
<nixpkgs/nixos/modules/services/games/quake3-server.nix>
|
services.quake3-server.openFirewallOpen the firewall.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/games/quake3-server.nix>
|
services.quake3-server.portUDP Port the server should listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 27960
Declared by:
<nixpkgs/nixos/modules/services/games/quake3-server.nix>
|
services.quassel.enableWhether to enable the Quassel IRC client daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/quassel.nix>
|
services.quassel.packageThe package of the quassel daemon.
Type: package
Default: pkgs.quasselDaemon
Declared by:
<nixpkgs/nixos/modules/services/networking/quassel.nix>
|
services.quassel.certificateFilePath to the certificate used for SSL connections with clients.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/quassel.nix>
|
services.quassel.dataDirThe directory holding configuration files, the SQlite database and the SSL Cert.
Type: string
Default:
"/home/${config.services.quassel.user}/.config/quassel-irc.org"
Declared by:
<nixpkgs/nixos/modules/services/networking/quassel.nix>
|
services.quassel.interfacesThe interfaces the Quassel daemon will be listening to. If [ 127.0.0.1 ],
only clients on the local host can connect to it; if [ 0.0.0.0 ], clients
can access it from any network interface.
Type: list of string
Default:
[ "127.0.0.1" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/quassel.nix>
|
services.quassel.portNumberThe port number the Quassel daemon will be listening to.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 4242
Declared by:
<nixpkgs/nixos/modules/services/networking/quassel.nix>
|
services.quassel.requireSSLRequire SSL for connections from clients.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/quassel.nix>
|
services.quassel.userThe existing user the Quassel daemon should run as. If left empty, a default "quassel" user will be created.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/quassel.nix>
|
services.quicktunQuickTun tunnels
Type: attribute set of (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/quicktun.nix>
|
services.quicktun.<name>.localAddress
Type: string
Example: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/networking/quicktun.nix>
|
services.quicktun.<name>.localPort
Type: signed integer
Default: 2998
Declared by:
<nixpkgs/nixos/modules/services/networking/quicktun.nix>
|
services.quicktun.<name>.privateKey
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/quicktun.nix>
|
services.quicktun.<name>.protocol
Type: string
Default: "nacltai"
Declared by:
<nixpkgs/nixos/modules/services/networking/quicktun.nix>
|
services.quicktun.<name>.publicKey
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/quicktun.nix>
|
services.quicktun.<name>.remoteAddress
Type: string
Example: "tunnel.example.com"
Declared by:
<nixpkgs/nixos/modules/services/networking/quicktun.nix>
|
services.quicktun.<name>.remoteFloat
Type: signed integer
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/networking/quicktun.nix>
|
services.quicktun.<name>.remotePort
Type: signed integer
Default: 2998
Declared by:
<nixpkgs/nixos/modules/services/networking/quicktun.nix>
|
services.quicktun.<name>.timeWindow
Type: signed integer
Default: 5
Declared by:
<nixpkgs/nixos/modules/services/networking/quicktun.nix>
|
services.quicktun.<name>.tunMode
Type: signed integer
Default: 0
Example: 1
Declared by:
<nixpkgs/nixos/modules/services/networking/quicktun.nix>
|
services.quicktun.<name>.upScript
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/quicktun.nix>
|
services.quorum.enableWhether to enable Quorum blockchain daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/quorum.nix>
|
services.quorum.blockperiodDefault minimum difference between two consecutive block's timestamps in seconds.
Type: signed integer
Default: 5
Declared by:
<nixpkgs/nixos/modules/services/networking/quorum.nix>
|
services.quorum.genesisBlockchain genesis settings.
Type: null or (attribute set)
Default: null
Example:
{
alloc = {
a47385db68718bdcbddc2d2bb7c54018066ec111 = {
balance = "1000000000000000000000000000";
};
};
coinbase = "0x0000000000000000000000000000000000000000";
config = {
byzantiumBlock = 4;
chainId = 494702925;
eip150Block = 2;
eip155Block = 3;
eip158Block = 3;
homesteadBlock = 1;
isQuorum = true;
istanbul = {
epoch = 30000;
policy = 0;
};
};
difficulty = "0x1";
extraData = "0x0000000000000000000000000000000000000000000000000000000000000000f85ad59438f0508111273d8e482f49410ca4078afc86a961b8410000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0";
gasLimit = "0x2FEFD800";
mixHash = "0x63746963616c2062797a616e74696e65201111756c7420746f6c6572616e6365";
nonce = "0x0";
parentHash = "0x0000000000000000000000000000000000000000000000000000000000000000";
timestamp = "0x00";
}Declared by:
<nixpkgs/nixos/modules/services/networking/quorum.nix>
|
services.quorum.groupThe group as which to run quorum.
Type: string
Default: config.services.quorum.user
Declared by:
<nixpkgs/nixos/modules/services/networking/quorum.nix>
|
services.quorum.nodekeyFilePath to the nodekey.
Type: path
Default: "/var/lib/quorum/nodekey"
Declared by:
<nixpkgs/nixos/modules/services/networking/quorum.nix>
|
services.quorum.permissionedAllow only a defined list of nodes to connect.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/quorum.nix>
|
services.quorum.portOverride the default port on which to listen for connections.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 21000
Declared by:
<nixpkgs/nixos/modules/services/networking/quorum.nix>
|
services.quorum.privateconfigConfiguration of privacy transaction manager.
Type: string
Default: "ignore"
Declared by:
<nixpkgs/nixos/modules/services/networking/quorum.nix>
|
services.quorum.rpc.enableEnable RPC interface.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/quorum.nix>
|
services.quorum.rpc.addressListening address for RPC connections.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/networking/quorum.nix>
|
services.quorum.rpc.apiAPI's offered over the HTTP-RPC interface.
Type: string
Default: "admin,db,eth,debug,miner,net,shh,txpool,personal,web3,quorum,istanbul"
Declared by:
<nixpkgs/nixos/modules/services/networking/quorum.nix>
|
services.quorum.rpc.portOverride the default port on which to listen for RPC connections.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 22004
Declared by:
<nixpkgs/nixos/modules/services/networking/quorum.nix>
|
services.quorum.staticNodesList of validator nodes.
Type: list of string
Default: [ ]
Example:
[ "enode://dd333ec28f0a8910c92eb4d336461eea1c20803eed9cf2c056557f986e720f8e693605bba2f4e8f289b1162e5ac7c80c914c7178130711e393ca76abc1d92f57@0.0.0.0:30303?discport=0" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/quorum.nix>
|
services.quorum.syncmodeBlockchain sync mode.
Type: one of "fast", "full", "light"
Default: "full"
Declared by:
<nixpkgs/nixos/modules/services/networking/quorum.nix>
|
services.quorum.userThe user as which to run quorum.
Type: string
Default: "quorum"
Declared by:
<nixpkgs/nixos/modules/services/networking/quorum.nix>
|
services.quorum.ws.enableEnable WS-RPC interface.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/quorum.nix>
|
services.quorum.ws.addressListening address for WS-RPC connections.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/networking/quorum.nix>
|
services.quorum.ws.apiAPI's offered over the WS-RPC interface.
Type: string
Default: "admin,db,eth,debug,miner,net,shh,txpool,personal,web3,quorum,istanbul"
Declared by:
<nixpkgs/nixos/modules/services/networking/quorum.nix>
|
services.quorum.ws.originsOrigins from which to accept websockets requests
Type: string
Default: "*"
Declared by:
<nixpkgs/nixos/modules/services/networking/quorum.nix>
|
services.quorum.ws.portOverride the default port on which to listen for WS-RPC connections.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8546
Declared by:
<nixpkgs/nixos/modules/services/networking/quorum.nix>
|
services.r53-ddns.enableWhether to enable r53-ddyns.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/r53-ddns.nix>
|
services.r53-ddns.domainThe name of your domain in Route53
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/r53-ddns.nix>
|
services.r53-ddns.environmentFileFile containing the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY in the format of an EnvironmentFile as described by systemd.exec(5)
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/r53-ddns.nix>
|
services.r53-ddns.hostnameManually specify the hostname. Otherwise the tool will try to use the name returned by the OS (Call to gethostname)
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/r53-ddns.nix>
|
services.r53-ddns.intervalHow often to update the entry
Type: string
Default: "15min"
Declared by:
<nixpkgs/nixos/modules/services/networking/r53-ddns.nix>
|
services.r53-ddns.zoneIDThe ID of your zone in Route53
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/r53-ddns.nix>
|
services.rabbitmq.enableWhether to enable the RabbitMQ server, an Advanced Message Queuing Protocol (AMQP) broker.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/amqp/rabbitmq.nix>
|
services.rabbitmq.packageWhich rabbitmq package to use.
Type: package
Default: pkgs.rabbitmq-server
Declared by:
<nixpkgs/nixos/modules/services/amqp/rabbitmq.nix>
|
services.rabbitmq.configVerbatim advanced configuration file contents using the Erlang syntax.
This is also known as the advanced.config file or the old config format.
configItems is preferred whenever possible. However, nested
data structures can only be expressed properly using the config option.
The contents of this option will be merged into the configItems
by RabbitMQ at runtime to form the final configuration.
See the second table on https://www.rabbitmq.com/configure.html#config-items For the distinct formats, see https://www.rabbitmq.com/configure.html#config-file-formats
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/amqp/rabbitmq.nix>
|
services.rabbitmq.configItemsConfiguration options in RabbitMQ's new config file format,
which is a simple key-value format that can not express nested
data structures. This is known as the rabbitmq.conf file,
although outside NixOS that filename may have Erlang syntax, particularly
prior to RabbitMQ 3.7.0.
If you do need to express nested data structures, you can use
config option. Configuration from config
will be merged into these options by RabbitMQ at runtime to
form the final configuration.
See https://www.rabbitmq.com/configure.html#config-items For the distinct formats, see https://www.rabbitmq.com/configure.html#config-file-formats
Type: attribute set of string
Default: { }
Example:
{
"auth_backends.1.authn" = "rabbit_auth_backend_ldap";
"auth_backends.1.authz" = "rabbit_auth_backend_internal";
}
Declared by:
<nixpkgs/nixos/modules/services/amqp/rabbitmq.nix>
|
services.rabbitmq.cookieErlang cookie is a string of arbitrary length which must be the same for several nodes to be allowed to communicate. Leave empty to generate automatically.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/amqp/rabbitmq.nix>
|
services.rabbitmq.dataDirData directory for rabbitmq.
Type: path
Default: "/var/lib/rabbitmq"
Declared by:
<nixpkgs/nixos/modules/services/amqp/rabbitmq.nix>
|
services.rabbitmq.listenAddressIP address on which RabbitMQ will listen for AMQP
connections. Set to the empty string to listen on all
interfaces. Note that RabbitMQ creates a user named
guest with password
guest by default, so you should delete
this user if you intend to allow external access.
Together with 'port' setting it's mostly an alias for configItems."listeners.tcp.1" and it's left for backwards compatibility with previous version of this module.
Type: string
Default: "127.0.0.1"
Example: ""
Declared by:
<nixpkgs/nixos/modules/services/amqp/rabbitmq.nix>
|
services.rabbitmq.managementPlugin.enableWhether to enable the management plugin.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/amqp/rabbitmq.nix>
|
services.rabbitmq.managementPlugin.portOn which port to run the management plugin
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 15672
Declared by:
<nixpkgs/nixos/modules/services/amqp/rabbitmq.nix>
|
services.rabbitmq.pluginDirsThe list of directories containing external plugins
Type: list of path
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/amqp/rabbitmq.nix>
|
services.rabbitmq.pluginsThe names of plugins to enable
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/amqp/rabbitmq.nix>
|
services.rabbitmq.portPort on which RabbitMQ will listen for AMQP connections.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 5672
Declared by:
<nixpkgs/nixos/modules/services/amqp/rabbitmq.nix>
|
services.radarr.enableWhether to enable Radarr.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/radarr.nix>
|
services.radarr.packageRadarr package to use
Type: package
Default: pkgs.radarr
Example: pkgs.radarr
Declared by:
<nixpkgs/nixos/modules/services/misc/radarr.nix>
|
services.radarr.dataDirThe directory where Radarr stores its data files.
Type: string
Default: "/var/lib/radarr/.config/Radarr"
Declared by:
<nixpkgs/nixos/modules/services/misc/radarr.nix>
|
services.radarr.groupGroup under which Radarr runs.
Type: string
Default: "radarr"
Declared by:
<nixpkgs/nixos/modules/services/misc/radarr.nix>
|
services.radarr.openFirewallOpen ports in the firewall for the Radarr web interface.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/radarr.nix>
|
services.radarr.userUser account under which Radarr runs.
Type: string
Default: "radarr"
Declared by:
<nixpkgs/nixos/modules/services/misc/radarr.nix>
|
services.radicale.enableWhether to enable Radicale CalDAV and CardDAV server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/radicale.nix>
|
services.radicale.packageRadicale package to use.
Type: package
Default: pkgs.radicale
Declared by:
<nixpkgs/nixos/modules/services/networking/radicale.nix>
|
services.radicale.configRadicale configuration, this will set the service
configuration file.
This option is mutually exclusive with settings.
This option is deprecated. Use settings instead.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/radicale.nix>
|
services.radicale.extraArgsExtra arguments passed to the Radicale daemon.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/radicale.nix>
|
services.radicale.rightsConfiguration for Radicale's rights file. See
https://radicale.org/3.0.html#documentation/authentication-and-rights.
This option only works in conjunction with settings.
Setting this will also set settings.rights.type and
settings.rights.file to appropriate values.
Type: attribute set of attribute set of (INI atom (null, bool, int, float or string) or a non-empty list of them)
Default: { }
Example:
root = {
user = ".+";
collection = "";
permissions = "R";
};
principal = {
user = ".+";
collection = "{user}";
permissions = "RW";
};
calendars = {
user = ".+";
collection = "{user}/[^/]+";
permissions = "rw";
};
Declared by:
<nixpkgs/nixos/modules/services/networking/radicale.nix>
|
services.radicale.settingsConfiguration for Radicale. See
https://radicale.org/3.0.html#documentation/configuration.
This option is mutually exclusive with config.
Type: attribute set of attribute set of (INI atom (null, bool, int, float or string) or a non-empty list of them)
Default: { }
Example:
server = {
hosts = [ "0.0.0.0:5232" "[::]:5232" ];
};
auth = {
type = "htpasswd";
htpasswd_filename = "/etc/radicale/users";
htpasswd_encryption = "bcrypt";
};
storage = {
filesystem_folder = "/var/lib/radicale/collections";
};
Declared by:
<nixpkgs/nixos/modules/services/networking/radicale.nix>
|
services.radvd.enableWhether to enable the Router Advertisement Daemon (radvd), which provides link-local advertisements of IPv6 router addresses and prefixes using the Neighbor Discovery Protocol (NDP). This enables stateless address autoconfiguration in IPv6 clients on the network.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/radvd.nix>
|
services.radvd.packageThe RADVD package to use for the RADVD service.
Type: package
Default: pkgs.radvd
Declared by:
<nixpkgs/nixos/modules/services/networking/radvd.nix>
|
services.radvd.configThe contents of the radvd configuration file.
Type: strings concatenated with "\n"
Example:
''
interface eth0 {
AdvSendAdvert on;
prefix 2001:db8:1234:5678::/64 { };
};
''Declared by:
<nixpkgs/nixos/modules/services/networking/radvd.nix>
|
services.ratbagd.enableWhether to enable ratbagd for configuring gaming mice.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/hardware/ratbagd.nix>
|
services.rdnssd.enableWhether to enable the RDNSS daemon
(rdnssd), which configures DNS servers in
/etc/resolv.conf from RDNSS
advertisements sent by IPv6 routers.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/rdnssd.nix>
|
services.redis.packageWhich Redis derivation to use.
Type: package
Default: pkgs.redis
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
|
services.redis.serversConfiguration of multiple redis-server instances.
Type: attribute set of (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
|
services.redis.servers.<name>.enableWhether to enable Redis server.
Note that the NixOS module for Redis disables kernel support for Transparent Huge Pages (THP), because this features causes major performance problems for Redis, e.g. (https://redis.io/topics/latency). .
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
|
services.redis.servers.<name>.appendFsyncHow often to fsync the append-only log, options: no, always, everysec.
Type: string
Default: "everysec"
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
|
services.redis.servers.<name>.appendOnlyBy default data is only periodically persisted to disk, enable this option to use an append-only file for improved persistence.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
|
services.redis.servers.<name>.bindThe IP interface to bind to.
null means "all interfaces".
Type: null or string
Default: "127.0.0.1"
Example: "192.0.2.1"
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
|
services.redis.servers.<name>.databasesSet the number of databases.
Type: signed integer
Default: 16
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
|
services.redis.servers.<name>.extraParamsExtra parameters to append to redis-server invocation
Type: list of string
Default: [ ]
Example:
[ "--sentinel" ]
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
|
services.redis.servers.<name>.logLevelSpecify the server verbosity level, options: debug, verbose, notice, warning.
Type: string
Default: "notice"
Example: "debug"
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
|
services.redis.servers.<name>.logfileSpecify the log file name. Also 'stdout' can be used to force Redis to log on the standard output.
Type: string
Default: "/dev/null"
Example: "/var/log/redis.log"
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
|
services.redis.servers.<name>.masterAuthIf the master is password protected (using the requirePass configuration) it is possible to tell the slave to authenticate before starting the replication synchronization process, otherwise the master will refuse the slave request. (STORED PLAIN TEXT, WORLD-READABLE IN NIX STORE)
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
|
services.redis.servers.<name>.maxclientsSet the max number of connected clients at the same time.
Type: signed integer
Default: 10000
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
|
services.redis.servers.<name>.openFirewallWhether to open ports in the firewall for the server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
|
services.redis.servers.<name>.portThe TCP port to accept connections. If port 0 is specified Redis will not listen on a TCP socket.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: if name == "" then 6379 else 0
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
|
services.redis.servers.<name>.requirePassPassword for database (STORED PLAIN TEXT, WORLD-READABLE IN NIX STORE). Use requirePassFile to store it outside of the nix store in a dedicated file.
Type: null or string
Default: null
Example: "letmein!"
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
|
services.redis.servers.<name>.requirePassFileFile with password for the database.
Type: null or path
Default: null
Example: "/run/keys/redis-password"
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
|
services.redis.servers.<name>.saveThe schedule in which data is persisted to disk, represented as a list of lists where the first element represent the amount of seconds and the second the number of changes.
If set to the empty list ([]) then RDB persistence will be disabled (useful if you are using AOF or don't want any persistence).
Type: list of list of signed integer
Default:
[
[
900
1
]
[
300
10
]
[
60
10000
]
]Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
|
services.redis.servers.<name>.settingsRedis configuration. Refer to https://redis.io/topics/config for details on supported values.
Type: attribute set of (boolean or signed integer or string or list of string)
Default: { }
Example:
{
loadmodule = [ "/path/to/my_module.so" "/path/to/other_module.so" ];
}
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
|
services.redis.servers.<name>.slaveOfIP and port to which this redis instance acts as a slave.
Type: null or (submodule)
Default: null
Example:
{
ip = "192.168.1.100";
port = 6379;
}Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
|
services.redis.servers.<name>.slaveOf.ipIP of the Redis master
Type: string
Example: "192.168.1.100"
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
|
services.redis.servers.<name>.slaveOf.portport of the Redis master
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 6379
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
|
services.redis.servers.<name>.slowLogLogSlowerThanLog queries whose execution take longer than X in milliseconds.
Type: signed integer
Default: 10000
Example: 1000
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
|
services.redis.servers.<name>.slowLogMaxLenMaximum number of items to keep in slow log.
Type: signed integer
Default: 128
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
|
services.redis.servers.<name>.syslogEnable logging to the system logger.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
|
services.redis.servers.<name>.unixSocketThe path to the socket to bind to.
Type: null or path
Default:
if name == "" then "/run/redis/redis.sock" else "/run/redis-${name}/redis.sock"
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
|
services.redis.servers.<name>.unixSocketPermChange permissions for the socket
Type: signed integer
Default: 660
Example: 600
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
|
services.redis.servers.<name>.userThe username and groupname for redis-server.
Type: string
Default:
if name == "" then "redis" else "redis-${name}"
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
|
services.redis.vmOverCommitWhether to enable setting of vm.overcommit_memory to 1 (Suggested for Background Saving: http://redis.io/topics/faq) .
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/databases/redis.nix>
|
services.redmine.enableWhether to enable Redmine.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/redmine.nix>
|
services.redmine.packageWhich Redmine package to use.
Type: package
Default: pkgs.redmine
Example: pkgs.redmine.override { ruby = pkgs.ruby_2_7; }
Declared by:
<nixpkgs/nixos/modules/services/misc/redmine.nix>
|
services.redmine.components.breezybazaar integration.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/redmine.nix>
|
services.redmine.components.cvscvs integration.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/redmine.nix>
|
services.redmine.components.ghostscriptAllows exporting Gant diagrams as PDF.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/redmine.nix>
|
services.redmine.components.gitgit integration.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/redmine.nix>
|
services.redmine.components.imagemagickAllows exporting Gant diagrams as PNG.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/redmine.nix>
|
services.redmine.components.mercurialMercurial integration.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/redmine.nix>
|
services.redmine.components.minimagick_font_pathMiniMagick font path
Type: string
Default: ""
Example: "/run/current-system/sw/share/X11/fonts/LiberationSans-Regular.ttf"
Declared by:
<nixpkgs/nixos/modules/services/misc/redmine.nix>
|
services.redmine.components.subversionSubversion integration.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/redmine.nix>
|
services.redmine.database.createLocallyCreate the database and database user locally.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/misc/redmine.nix>
|
services.redmine.database.hostDatabase host address.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/misc/redmine.nix>
|
services.redmine.database.nameDatabase name.
Type: string
Default: "redmine"
Declared by:
<nixpkgs/nixos/modules/services/misc/redmine.nix>
|
services.redmine.database.passwordFileA file containing the password corresponding to
database.user.
Type: null or path
Default: null
Example: "/run/keys/redmine-dbpassword"
Declared by:
<nixpkgs/nixos/modules/services/misc/redmine.nix>
|
services.redmine.database.portDatabase host port.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 3306
Declared by:
<nixpkgs/nixos/modules/services/misc/redmine.nix>
|
services.redmine.database.socketPath to the unix socket file to use for authentication.
Type: null or path
Default: /run/mysqld/mysqld.sock
Example: "/run/mysqld/mysqld.sock"
Declared by:
<nixpkgs/nixos/modules/services/misc/redmine.nix>
|
services.redmine.database.typeDatabase engine to use.
Type: one of "mysql2", "postgresql"
Default: "mysql2"
Example: "postgresql"
Declared by:
<nixpkgs/nixos/modules/services/misc/redmine.nix>
|
services.redmine.database.userDatabase user.
Type: string
Default: "redmine"
Declared by:
<nixpkgs/nixos/modules/services/misc/redmine.nix>
|
services.redmine.extraEnvExtra configuration in additional_environment.rb.
See https://svn.redmine.org/redmine/trunk/config/additional_environment.rb.example for details.
Type: strings concatenated with "\n"
Default: ""
Example:
'' config.logger.level = Logger::DEBUG ''
Declared by:
<nixpkgs/nixos/modules/services/misc/redmine.nix>
|
services.redmine.groupGroup under which Redmine is ran.
Type: string
Default: "redmine"
Declared by:
<nixpkgs/nixos/modules/services/misc/redmine.nix>
|
services.redmine.pluginsSet of plugins.
Type: attribute set of path
Default: { }
Example:
{
redmine_env_auth = builtins.fetchurl {
url = "https://github.com/Intera/redmine_env_auth/archive/0.6.zip";
sha256 = "0yyr1yjd8gvvh832wdc8m3xfnhhxzk2pk3gm2psg5w9jdvd6skak";
};
}
Declared by:
<nixpkgs/nixos/modules/services/misc/redmine.nix>
|
services.redmine.portPort on which Redmine is ran.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 3000
Declared by:
<nixpkgs/nixos/modules/services/misc/redmine.nix>
|
services.redmine.settingsRedmine configuration (configuration.yml). Refer to
https://guides.rubyonrails.org/action_mailer_basics.html#action-mailer-configuration
for details.
Type: YAML value
Default: { }
Example:
{
email_delivery = {
delivery_method = "smtp";
smtp_settings = {
address = "mail.example.com";
port = 25;
};
};
}
Declared by:
<nixpkgs/nixos/modules/services/misc/redmine.nix>
|
services.redmine.stateDirThe state directory, logs and plugins are stored here.
Type: string
Default: "/var/lib/redmine"
Declared by:
<nixpkgs/nixos/modules/services/misc/redmine.nix>
|
services.redmine.themesSet of themes.
Type: attribute set of path
Default: { }
Example:
{
dkuk-redmine_alex_skin = builtins.fetchurl {
url = "https://bitbucket.org/dkuk/redmine_alex_skin/get/1842ef675ef3.zip";
sha256 = "0hrin9lzyi50k4w2bd2b30vrf1i4fi1c0gyas5801wn8i7kpm9yl";
};
}
Declared by:
<nixpkgs/nixos/modules/services/misc/redmine.nix>
|
services.redmine.userUser under which Redmine is ran.
Type: string
Default: "redmine"
Declared by:
<nixpkgs/nixos/modules/services/misc/redmine.nix>
|
services.redshift.enableEnable Redshift to change your screen's colour temperature depending on the time of day.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/redshift.nix>
|
services.redshift.packageredshift derivation to use.
Type: package
Default: pkgs.redshift
Declared by:
<nixpkgs/nixos/modules/services/x11/redshift.nix>
|
services.redshift.brightness.dayScreen brightness to apply during the day,
between 0.1 and 1.0.
Type: string
Default: "1"
Declared by:
<nixpkgs/nixos/modules/services/x11/redshift.nix>
|
services.redshift.brightness.nightScreen brightness to apply during the night,
between 0.1 and 1.0.
Type: string
Default: "1"
Declared by:
<nixpkgs/nixos/modules/services/x11/redshift.nix>
|
services.redshift.executableRedshift executable to use within the package.
Type: string
Default: "/bin/redshift"
Example: "/bin/redshift-gtk"
Declared by:
<nixpkgs/nixos/modules/services/x11/redshift.nix>
|
services.redshift.extraOptionsAdditional command-line arguments to pass to redshift.
Type: list of string
Default: [ ]
Example:
[ "-v" "-m randr" ]
Declared by:
<nixpkgs/nixos/modules/services/x11/redshift.nix>
|
services.redshift.temperature.dayColour temperature to use during the day, between
1000 and 25000 K.
Type: signed integer
Default: 5500
Declared by:
<nixpkgs/nixos/modules/services/x11/redshift.nix>
|
services.redshift.temperature.nightColour temperature to use at night, between
1000 and 25000 K.
Type: signed integer
Default: 3700
Declared by:
<nixpkgs/nixos/modules/services/x11/redshift.nix>
|
services.redsocks.enableWhether to enable redsocks.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/redsocks.nix>
|
services.redsocks.chrootChroot under which to run redsocks. Log file is opened before chroot, but if logging to syslog /etc/localtime may be required.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/redsocks.nix>
|
services.redsocks.logWhere to send logs.
Possible values are:
stderr
file:/path/to/file
syslog:FACILITY where FACILITY is any of "daemon", "local0",
etc.
Type: string
Default: "stderr"
Declared by:
<nixpkgs/nixos/modules/services/networking/redsocks.nix>
|
services.redsocks.log_debugLog connection progress.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/redsocks.nix>
|
services.redsocks.log_infoLog start and end of client sessions.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/redsocks.nix>
|
services.redsocks.redsocksLocal port to proxy associations to be performed.
The example shows how to configure a proxy to handle port 80 as HTTP relay, and all other ports as HTTP connect.
Type: list of (submodule)
Example:
[
{
doNotRedirect = [
"-d 1.2.0.0/16"
];
port = 23456;
proxy = "1.2.3.4:8080";
redirectCondition = "--dport 80";
type = "http-relay";
}
{
doNotRedirect = [
"-d 1.2.0.0/16"
];
port = 23457;
proxy = "1.2.3.4:8080";
redirectCondition = true;
type = "http-connect";
}
]Declared by:
<nixpkgs/nixos/modules/services/networking/redsocks.nix>
|
services.redsocks.redsocks.*.disclose_srcWay to disclose client IP to the proxy.
"false": do not disclose
http-connect supports the following ways:
"X-Forwarded-For": add header "X-Forwarded-For: IP"
"Forwarded_ip": add header "Forwarded: for=IP" (see RFC7239)
"Forwarded_ipport": add header 'Forwarded: for="IP:port"'
Type: one of "false", "X-Forwarded-For", "Forwarded_ip", "Forwarded_ipport"
Default: "false"
Declared by:
<nixpkgs/nixos/modules/services/networking/redsocks.nix>
|
services.redsocks.redsocks.*.doNotRedirectIptables filters that if matched will get the packet off of redsocks.
Type: list of string
Default: [ ]
Example:
[ "-d 1.2.3.4" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/redsocks.nix>
|
services.redsocks.redsocks.*.ipIP on which redsocks should listen. Defaults to 127.0.0.1 for security reasons.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/redsocks.nix>
|
services.redsocks.redsocks.*.loginLogin to send to proxy.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/redsocks.nix>
|
services.redsocks.redsocks.*.passwordPassword to send to proxy. WARNING, this will end up world-readable in the store! Awaiting https://github.com/NixOS/nix/issues/8 to be able to fix.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/redsocks.nix>
|
services.redsocks.redsocks.*.portPort on which redsocks should listen.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 12345
Declared by:
<nixpkgs/nixos/modules/services/networking/redsocks.nix>
|
services.redsocks.redsocks.*.proxyProxy through which redsocks should forward incoming traffic. Example: "example.org:8080"
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/redsocks.nix>
|
services.redsocks.redsocks.*.redirectConditionConditions to make outbound packets go through this redsocks instance.
If set to false, no packet will be forwarded. If set to true, all packets will be forwarded (except packets excluded by redirectInternetOnly).
If set to a string, this is an iptables filter that will be matched against packets before getting them into redsocks. For example, setting it to "--dport 80" will only send packets to port 80 to redsocks. Note "-p tcp" is always implicitly added, as udp can only be proxied through redudp or the like.
Type: boolean or string
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/redsocks.nix>
|
services.redsocks.redsocks.*.redirectInternetOnlyExclude all non-globally-routable IPs from redsocks
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/redsocks.nix>
|
services.redsocks.redsocks.*.typeType of proxy.
Type: one of "socks4", "socks5", "http-connect", "http-relay"
Declared by:
<nixpkgs/nixos/modules/services/networking/redsocks.nix>
|
services.replay-sorcery.enableWhether to enable the ReplaySorcery service for instant-replays.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/video/replay-sorcery.nix>
|
services.replay-sorcery.enableSysAdminCapabilityWhether to enable the system admin capability to support hardware accelerated video capture. This is equivalent to running ReplaySorcery as root, so use with caution.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/video/replay-sorcery.nix>
|
services.replay-sorcery.autoStartAutomatically start ReplaySorcery when graphical-session.target starts.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/video/replay-sorcery.nix>
|
services.replay-sorcery.settingsSystem-wide configuration for ReplaySorcery (/etc/replay-sorcery.conf).
Type: attribute set of (string or signed integer)
Default: { }
Example:
{
videoInput = "hwaccel"; # requires `services.replay-sorcery.enableSysAdminCapability = true`
videoFramerate = 60;
}
Declared by:
<nixpkgs/nixos/modules/services/video/replay-sorcery.nix>
|
services.resilio.enableIf enabled, start the Resilio Sync daemon. Once enabled, you can interact with the service through the Web UI, or configure it in your NixOS configuration.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/resilio.nix>
|
services.resilio.enableWebUIEnable Web UI for administration. Bound to the specified
httpListenAddress and
httpListenPort.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/resilio.nix>
|
services.resilio.apiKeyAPI key, which enables the developer API.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/resilio.nix>
|
services.resilio.checkForUpdatesDetermines whether to check for updates and alert the user about them in the UI.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/resilio.nix>
|
services.resilio.deviceNameName of the Resilio Sync device.
Type: string
Default: config.networking.hostName
Example: "Voltron"
Declared by:
<nixpkgs/nixos/modules/services/networking/resilio.nix>
|
services.resilio.directoryRootDefault directory to add folders in the web UI.
Type: string
Default: ""
Example: "/media"
Declared by:
<nixpkgs/nixos/modules/services/networking/resilio.nix>
|
services.resilio.downloadLimitDownload speed limit. 0 is unlimited (default).
Type: signed integer
Default: 0
Example: 1024
Declared by:
<nixpkgs/nixos/modules/services/networking/resilio.nix>
|
services.resilio.encryptLANEncrypt LAN data.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/resilio.nix>
|
services.resilio.httpListenAddrHTTP address to bind to.
Type: string
Default: "[::1]"
Example: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/networking/resilio.nix>
|
services.resilio.httpListenPortHTTP port to bind on.
Type: signed integer
Default: 9000
Declared by:
<nixpkgs/nixos/modules/services/networking/resilio.nix>
|
services.resilio.httpLoginHTTP web login username.
Type: string
Default: ""
Example: "allyourbase"
Declared by:
<nixpkgs/nixos/modules/services/networking/resilio.nix>
|
services.resilio.httpPassHTTP web login password.
Type: string
Default: ""
Example: "arebelongtous"
Declared by:
<nixpkgs/nixos/modules/services/networking/resilio.nix>
|
services.resilio.listeningPortListening port. Defaults to 0 which randomizes the port.
Type: signed integer
Default: 0
Example: 44444
Declared by:
<nixpkgs/nixos/modules/services/networking/resilio.nix>
|
services.resilio.sharedFoldersShared folder list. If enabled, web UI must be
disabled. Secrets can be generated using rslsync --generate-secret.
If you would like to be able to modify the contents of this
directories, it is recommended that you make your user a
member of the rslsync group.
Directories in this list should be in the
rslsync group, and that group must have
write access to the directory. It is also recommended that
chmod g+s is applied to the directory
so that any sub directories created will also belong to
the rslsync group. Also,
setfacl -d -m group:rslsync:rwx and
setfacl -m group:rslsync:rwx should also
be applied so that the sub directories are writable by
the group.
Type: list of attribute set of anything
Default: [ ]
Example:
[
{
directory = "/home/user/sync_test";
knownHosts = [
"192.168.1.2:4444"
"192.168.1.3:4444"
];
searchLAN = true;
secretFile = "/run/resilio-secret";
useDHT = false;
useRelayServer = true;
useSyncTrash = true;
useTracker = true;
}
]Declared by:
<nixpkgs/nixos/modules/services/networking/resilio.nix>
|
services.resilio.storagePathWhere BitTorrent Sync will store it's database files (containing things like username info and licenses). Generally, you should not need to ever change this.
Type: path
Default: "/var/lib/resilio-sync/"
Declared by:
<nixpkgs/nixos/modules/services/networking/resilio.nix>
|
services.resilio.uploadLimitUpload speed limit. 0 is unlimited (default).
Type: signed integer
Default: 0
Example: 1024
Declared by:
<nixpkgs/nixos/modules/services/networking/resilio.nix>
|
services.resilio.useUpnpUse Universal Plug-n-Play (UPnP)
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/resilio.nix>
|
services.resolved.enableWhether to enable the systemd DNS resolver daemon.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/resolved.nix>
|
services.resolved.dnssecIf set to
"true":
all DNS lookups are DNSSEC-validated locally (excluding
LLMNR and Multicast DNS). Note that this mode requires a
DNS server that supports DNSSEC. If the DNS server does
not properly support DNSSEC all validations will fail.
"allow-downgrade":
DNSSEC validation is attempted, but if the server does not
support DNSSEC properly, DNSSEC mode is automatically
disabled. Note that this mode makes DNSSEC validation
vulnerable to "downgrade" attacks, where an attacker might
be able to trigger a downgrade to non-DNSSEC mode by
synthesizing a DNS response that suggests DNSSEC was not
supported.
"false": DNS lookups are not DNSSEC validated.
Type: one of "true", "allow-downgrade", "false"
Default: "allow-downgrade"
Example: "true"
Declared by:
<nixpkgs/nixos/modules/system/boot/resolved.nix>
|
services.resolved.domainsA list of domains. These domains are used as search suffixes when resolving single-label host names (domain names which contain no dot), in order to qualify them into fully-qualified domain names (FQDNs).
For compatibility reasons, if this setting is not specified,
the search domains listed in
/etc/resolv.conf are used instead, if
that file exists and any domains are configured in it.
Type: list of string
Default: config.networking.search
Example:
[ "example.com" ]
Declared by:
<nixpkgs/nixos/modules/system/boot/resolved.nix>
|
services.resolved.extraConfigExtra config to append to resolved.conf.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/system/boot/resolved.nix>
|
services.resolved.fallbackDnsA list of IPv4 and IPv6 addresses to use as the fallback DNS servers. If this option is empty, a compiled-in list of DNS servers is used instead.
Type: list of string
Default: [ ]
Example:
[ "8.8.8.8" "2001:4860:4860::8844" ]
Declared by:
<nixpkgs/nixos/modules/system/boot/resolved.nix>
|
services.resolved.llmnrControls Link-Local Multicast Name Resolution support (RFC 4795) on the local host.
If set to
"true": Enables full LLMNR responder and resolver support.
"false": Disables both.
"resolve": Only resolution support is enabled, but responding is disabled.
Type: one of "true", "resolve", "false"
Default: "true"
Example: "false"
Declared by:
<nixpkgs/nixos/modules/system/boot/resolved.nix>
|
services.restic.backupsPeriodic backups to create with Restic.
Type: attribute set of (submodule)
Default: { }
Example:
{
localbackup = {
initialize = true;
passwordFile = "/etc/nixos/secrets/restic-password";
paths = [
"/home"
];
repository = "/mnt/backup-hdd";
};
remotebackup = {
extraOptions = [
"sftp.command='ssh backup@host -i /etc/nixos/secrets/backup-private-key -s sftp'"
];
passwordFile = "/etc/nixos/secrets/restic-password";
paths = [
"/home"
];
repository = "sftp:backup@host:/backups/home";
timerConfig = {
OnCalendar = "00:05";
RandomizedDelaySec = "5h";
};
};
}Declared by:
<nixpkgs/nixos/modules/services/backup/restic.nix>
|
services.restic.backups.<name>.packageRestic package to use.
Type: package
Default: pkgs.restic
Declared by:
<nixpkgs/nixos/modules/services/backup/restic.nix>
|
services.restic.backups.<name>.backupCleanupCommandA script that must run after finishing the backup process.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/backup/restic.nix>
|
services.restic.backups.<name>.backupPrepareCommandA script that must run before starting the backup process.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/backup/restic.nix>
|
services.restic.backups.<name>.checkOptsA list of options for 'restic check', which is run after pruning.
Type: list of string
Default: [ ]
Example:
[ "--with-cache" ]
Declared by:
<nixpkgs/nixos/modules/services/backup/restic.nix>
|
services.restic.backups.<name>.dynamicFilesFromA script that produces a list of files to back up. The results of this command are given to the '--files-from' option.
Type: null or string
Default: null
Example: "find /home/matt/git -type d -name .git"
Declared by:
<nixpkgs/nixos/modules/services/backup/restic.nix>
|
services.restic.backups.<name>.environmentFilefile containing the credentials to access the repository, in the format of an EnvironmentFile as described by systemd.exec(5)
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/backup/restic.nix>
|
services.restic.backups.<name>.extraBackupArgsExtra arguments passed to restic backup.
Type: list of string
Default: [ ]
Example:
[ "--exclude-file=/etc/nixos/restic-ignore" ]
Declared by:
<nixpkgs/nixos/modules/services/backup/restic.nix>
|
services.restic.backups.<name>.extraOptionsExtra extended options to be passed to the restic --option flag.
Type: list of string
Default: [ ]
Example:
[ "sftp.command='ssh backup@192.168.1.100 -i /home/user/.ssh/id_rsa -s sftp'" ]
Declared by:
<nixpkgs/nixos/modules/services/backup/restic.nix>
|
services.restic.backups.<name>.initializeCreate the repository if it doesn't exist.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/backup/restic.nix>
|
services.restic.backups.<name>.passwordFileRead the repository password from a file.
Type: string
Example: "/etc/nixos/restic-password"
Declared by:
<nixpkgs/nixos/modules/services/backup/restic.nix>
|
services.restic.backups.<name>.pathsWhich paths to backup. If null or an empty array, no backup command will be run. This can be used to create a prune-only job.
Type: null or (list of string)
Default: null
Example:
[ "/var/lib/postgresql" "/home/user/backup" ]
Declared by:
<nixpkgs/nixos/modules/services/backup/restic.nix>
|
services.restic.backups.<name>.pruneOptsA list of options (--keep-* et al.) for 'restic forget --prune', to automatically prune old snapshots. The 'forget' command is run after the 'backup' command, so keep that in mind when constructing the --keep-* options.
Type: list of string
Default: [ ]
Example:
[ "--keep-daily 7" "--keep-weekly 5" "--keep-monthly 12" "--keep-yearly 75" ]
Declared by:
<nixpkgs/nixos/modules/services/backup/restic.nix>
|
services.restic.backups.<name>.rcloneConfigConfiguration for the rclone remote being used for backup.
See the remote's specific options under rclone's docs at
https://rclone.org/docs/. When specifying
option names, use the "config" name specified in the docs.
For example, to set --b2-hard-delete for a B2
remote, use hard_delete = true in the
attribute set.
Warning: Secrets set in here will be world-readable in the Nix
store! Consider using the rcloneConfigFile
option instead to specify secret values separately. Note that
options set here will override those set in the config file.
Type: null or (attribute set of (string or boolean))
Default: null
Example:
{
account = "xxx";
hard_delete = true;
key = "xxx";
type = "b2";
}Declared by:
<nixpkgs/nixos/modules/services/backup/restic.nix>
|
services.restic.backups.<name>.rcloneConfigFilePath to the file containing rclone configuration. This file
must contain configuration for the remote specified in this backup
set and also must be readable by root. Options set in
rcloneConfig will override those set in this
file.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/backup/restic.nix>
|
services.restic.backups.<name>.rcloneOptionsOptions to pass to rclone to control its behavior.
See https://rclone.org/docs/#options for
available options. When specifying option names, strip the
leading --. To set a flag such as
--drive-use-trash, which does not take a value,
set the value to the Boolean true.
Type: null or (attribute set of (string or boolean))
Default: null
Example:
{
bwlimit = "10M";
drive-use-trash = "true";
}Declared by:
<nixpkgs/nixos/modules/services/backup/restic.nix>
|
services.restic.backups.<name>.repositoryrepository to backup to.
Type: null or string
Default: null
Example: "sftp:backup@192.168.1.100:/backups/‹name›"
Declared by:
<nixpkgs/nixos/modules/services/backup/restic.nix>
|
services.restic.backups.<name>.repositoryFilePath to the file containing the repository location to backup to.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/backup/restic.nix>
|
services.restic.backups.<name>.s3CredentialsFilefile containing the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY for an S3-hosted repository, in the format of an EnvironmentFile as described by systemd.exec(5)
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/backup/restic.nix>
|
services.restic.backups.<name>.timerConfigWhen to run the backup. See man systemd.timer for details.
Type: attribute set of (systemd option)
Default:
{
OnCalendar = "daily";
}Example:
{
OnCalendar = "00:05";
RandomizedDelaySec = "5h";
}Declared by:
<nixpkgs/nixos/modules/services/backup/restic.nix>
|
services.restic.backups.<name>.userAs which user the backup should run.
Type: string
Default: "root"
Example: "postgresql"
Declared by:
<nixpkgs/nixos/modules/services/backup/restic.nix>
|
services.restic.server.enableWhether to enable Restic REST Server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/backup/restic-rest-server.nix>
|
services.restic.server.packageRestic REST server package to use.
Type: package
Default: pkgs.restic-rest-server
Declared by:
<nixpkgs/nixos/modules/services/backup/restic-rest-server.nix>
|
services.restic.server.appendOnlyEnable append only mode. This mode allows creation of new backups but prevents deletion and modification of existing backups. This can be useful when backing up systems that have a potential of being hacked.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/backup/restic-rest-server.nix>
|
services.restic.server.dataDirThe directory for storing the restic repository.
Type: path
Default: "/var/lib/restic"
Declared by:
<nixpkgs/nixos/modules/services/backup/restic-rest-server.nix>
|
services.restic.server.extraFlagsExtra commandline options to pass to Restic REST server.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/backup/restic-rest-server.nix>
|
services.restic.server.listenAddressListen on a specific IP address and port.
Type: string
Default: ":8000"
Example: "127.0.0.1:8080"
Declared by:
<nixpkgs/nixos/modules/services/backup/restic-rest-server.nix>
|
services.restic.server.privateReposEnable private repos. Grants access only when a subdirectory with the same name as the user is specified in the repository URL.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/backup/restic-rest-server.nix>
|
services.restic.server.prometheusEnable Prometheus metrics at /metrics.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/backup/restic-rest-server.nix>
|
services.restya-board.enableWhether to enable restya-board.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/restya-board.nix>
|
services.restya-board.dataDirData of the application.
Type: path
Default: "/var/lib/restya-board"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/restya-board.nix>
|
services.restya-board.database.hostHost of the database. Leave 'null' to use a local PostgreSQL database. A local PostgreSQL database is initialized automatically.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/restya-board.nix>
|
services.restya-board.database.nameName of the database. The database must exist.
Type: string
Default: "restya_board"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/restya-board.nix>
|
services.restya-board.database.passwordFileThe database user's password. 'null' if no password is set.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/restya-board.nix>
|
services.restya-board.database.portThe database's port.
Type: null or signed integer
Default: 5432
Declared by:
<nixpkgs/nixos/modules/services/web-apps/restya-board.nix>
|
services.restya-board.database.userThe database user. The user must exist and have access to the specified database.
Type: string
Default: "restya_board"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/restya-board.nix>
|
services.restya-board.email.loginSMTP authentication login used when sending outgoing mail.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/restya-board.nix>
|
services.restya-board.email.passwordSMTP authentication password used when sending outgoing mail.
ATTENTION: The password is stored world-readable in the nix-store!
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/restya-board.nix>
|
services.restya-board.email.portPort used to connect to SMTP server.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 25
Declared by:
<nixpkgs/nixos/modules/services/web-apps/restya-board.nix>
|
services.restya-board.email.serverHostname to send outgoing mail. Null to use the system MTA.
Type: null or string
Default: null
Example: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/restya-board.nix>
|
services.restya-board.groupGroup account under which the web-application runs.
Type: string
Default: "nginx"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/restya-board.nix>
|
services.restya-board.timezoneTimezone the web-app runs in.
Type: strings concatenated with "\n"
Default: "GMT"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/restya-board.nix>
|
services.restya-board.userUser account under which the web-application runs.
Type: string
Default: "restya-board"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/restya-board.nix>
|
services.restya-board.virtualHost.listenHostListen address for the virtualhost to use.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/restya-board.nix>
|
services.restya-board.virtualHost.listenPortListen port for the virtualhost to use.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 3000
Declared by:
<nixpkgs/nixos/modules/services/web-apps/restya-board.nix>
|
services.restya-board.virtualHost.serverNameName of the nginx virtualhost to use.
Type: string
Default: "restya.board"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/restya-board.nix>
|
services.riemann.enableWhether to enable Riemann network monitoring daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/riemann.nix>
|
services.riemann.configContents of the Riemann configuration file. For more complicated config you should use configFile.
Type: strings concatenated with "\n"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/riemann.nix>
|
services.riemann.configFileA Riemann config file. Any files in the same directory as this file will be added to the classpath by Riemann.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/riemann.nix>
|
services.riemann.configFilesExtra files containing Riemann configuration. These files will be
loaded at runtime by Riemann (with Clojure's
load-file function) at the end of the
configuration if you use the config option, this is ignored if you
use configFile.
Type: list of path
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/riemann.nix>
|
services.riemann.extraClasspathEntriesExtra entries added to the Java classpath when running Riemann.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/riemann.nix>
|
services.riemann.extraJavaOptsExtra Java options used when launching Riemann.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/riemann.nix>
|
services.riemann-dash.enableEnable the riemann-dash dashboard daemon.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/riemann-dash.nix>
|
services.riemann-dash.configContents added to the end of the riemann-dash configuration file.
Type: strings concatenated with "\n"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/riemann-dash.nix>
|
services.riemann-dash.dataDirLocation of the riemann-base dir. The dashboard configuration file is is stored to this directory. The directory is created automatically on service start, and owner is set to the riemanndash user.
Type: string
Default: "/var/riemann-dash"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/riemann-dash.nix>
|
services.riemann-tools.enableHealthEnable the riemann-health daemon.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/riemann-tools.nix>
|
services.riemann-tools.extraArgsA list of commandline-switches forwarded to a riemann-tool.
See for example riemann-health --help for available options.
Type: list of string
Default: [ ]
Example:
[ "-p 5555" "--timeout=30" "--attribute=myattribute=42" ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/riemann-tools.nix>
|
services.riemann-tools.riemannHostAddress of the host riemann node. Defaults to localhost.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/riemann-tools.nix>
|
services.rippleDataApi.enableWhether to enable ripple data api.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/ripple-data-api.nix>
|
services.rippleDataApi.couchdb.createWhether to create couchdb database needed by ripple data api.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/misc/ripple-data-api.nix>
|
services.rippleDataApi.couchdb.dbRipple data api couchdb database.
Type: string
Default: "rippled"
Declared by:
<nixpkgs/nixos/modules/services/misc/ripple-data-api.nix>
|
services.rippleDataApi.couchdb.hostRipple data api couchdb host.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/misc/ripple-data-api.nix>
|
services.rippleDataApi.couchdb.passRipple data api couchdb password.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/misc/ripple-data-api.nix>
|
services.rippleDataApi.couchdb.portRipple data api couchdb port.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 5984
Declared by:
<nixpkgs/nixos/modules/services/misc/ripple-data-api.nix>
|
services.rippleDataApi.couchdb.userRipple data api couchdb username.
Type: string
Default: "rippled"
Declared by:
<nixpkgs/nixos/modules/services/misc/ripple-data-api.nix>
|
services.rippleDataApi.importModeRipple data api import mode.
Type: one of "live", "liveOnly"
Default: "liveOnly"
Declared by:
<nixpkgs/nixos/modules/services/misc/ripple-data-api.nix>
|
services.rippleDataApi.maxLedgerRipple data api maximal ledger to fetch.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/ripple-data-api.nix>
|
services.rippleDataApi.minLedgerRipple data api minimal ledger to fetch.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/ripple-data-api.nix>
|
services.rippleDataApi.portRipple data api port
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 5993
Declared by:
<nixpkgs/nixos/modules/services/misc/ripple-data-api.nix>
|
services.rippleDataApi.redis.enableWhether to enable caching of ripple data to redis.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/misc/ripple-data-api.nix>
|
services.rippleDataApi.redis.hostRipple data api redis host.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/misc/ripple-data-api.nix>
|
services.rippleDataApi.redis.portRipple data api redis port.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 5984
Declared by:
<nixpkgs/nixos/modules/services/misc/ripple-data-api.nix>
|
services.rippleDataApi.rippledsList of rippleds to be used by ripple data api.
Type: list of string
Default:
[ "http://s_east.ripple.com:51234" "http://s_west.ripple.com:51234" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/ripple-data-api.nix>
|
services.rippled.enableWhether to enable rippled.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.packageWhich rippled package to use.
Type: package
Default: pkgs.rippled
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.databasePathPath to the ripple database.
Type: path
Default: "/var/lib/rippled"
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.extraConfigExtra lines to be added verbatim to the rippled.cfg configuration file.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.fetchDepthThe number of past ledgers to serve to other peers that request historical ledger data (or "full" for no limit).
Type: signed integer or value "full" (singular enum)
Default: "full"
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.importDbSettings for performing a one-time import.
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.importDb.advisoryDeleteIf set, then require administrative RPC call "can_delete" to enable online deletion of ledger records.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.importDb.compressionWhether to enable snappy compression.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.importDb.extraOptsExtra database options.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.importDb.onlineDeleteEnable automatic purging of older ledger information.
Type: null or signed integer
Default: config.services.rippled.ledgerHistory
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.importDb.pathLocation to store the database.
Type: path
Default: config.services.rippled.databasePath
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.importDb.typeRippled database type.
Type: one of "rocksdb", "nudb"
Default: "rocksdb"
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.ipsList of hostnames or ips where the Ripple protocol is served. For a starter list, you can either copy entries from: https://ripple.com/ripple.txt or if you prefer you can let it default to r.ripple.com 51235
A port may optionally be specified after adding a space to the address. By convention, if known, IPs are listed in from most to least trusted.
Type: list of string
Default:
[ "r.ripple.com 51235" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.ipsFixedList of IP addresses or hostnames to which rippled should always attempt to maintain peer connections with. This is useful for manually forming private networks, for example to configure a validation server that connects to the Ripple network through a public-facing server, or for building a set of cluster peers.
A port may optionally be specified after adding a space to the address
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.ledgerHistoryThe number of past ledgers to acquire on server startup and the minimum to maintain while running.
Type: signed integer or value "full" (singular enum)
Default: 1296000
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.logLevelLogging verbosity.
Type: one of "debug", "error", "info"
Default: "error"
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.nodeDbRippled main database options.
Type: null or (submodule)
Default:
{
extraOpts = ''
open_files=2000
filter_bits=12
cache_mb=256
file_size_pb=8
file_size_mult=2;
'';
type = "rocksdb";
}Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.nodeDb.advisoryDeleteIf set, then require administrative RPC call "can_delete" to enable online deletion of ledger records.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.nodeDb.compressionWhether to enable snappy compression.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.nodeDb.extraOptsExtra database options.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.nodeDb.onlineDeleteEnable automatic purging of older ledger information.
Type: null or signed integer
Default: config.services.rippled.ledgerHistory
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.nodeDb.pathLocation to store the database.
Type: path
Default: config.services.rippled.databasePath
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.nodeDb.typeRippled database type.
Type: one of "rocksdb", "nudb"
Default: "rocksdb"
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.nodeSizeRippled size of the node you are running. "tiny", "small", "medium", "large", and "huge"
Type: one of "tiny", "small", "medium", "large", "huge"
Default: "small"
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.portsPorts exposed by rippled
Type: attribute set of (submodule)
Default:
{
peer = {
ip = "0.0.0.0";
port = 51235;
protocol = [
"peer"
];
};
rpc = {
admin = [
"127.0.0.1"
];
port = 5005;
protocol = [
"http"
];
};
ws_public = {
ip = "0.0.0.0";
port = 5006;
protocol = [
"ws"
"wss"
];
};
}Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.ports.<name>.adminA comma-separated list of admin IP addresses.
Type: list of string
Default:
[ "127.0.0.1" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.ports.<name>.ipIp where rippled listens.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.ports.<name>.passwordWhen set, these credentials will be required on HTTP/S requests.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.ports.<name>.portPort where rippled listens.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.ports.<name>.protocolProtocols expose by rippled.
Type: list of (one of "http", "https", "ws", "wss", "peer")
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.ports.<name>.ssl.certSpecifies the path to the SSL certificate file in PEM format. This is not needed if the chain includes it.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.ports.<name>.ssl.chainIf you need a certificate chain, specify the path to the certificate chain here. The chain may include the end certificate.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.ports.<name>.ssl.keySpecifies the filename holding the SSL key in PEM format.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.ports.<name>.userWhen set, these credentials will be required on HTTP/S requests.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.sntpServersIP address or domain of NTP servers to use for time synchronization.;
Type: list of string
Default:
[ "time.windows.com" "time.apple.com" "time.nist.gov" "pool.ntp.org" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.statsd.enableWhether to enable statsd monitoring for rippled.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.statsd.addressThe UDP address and port of the listening StatsD server.
Type: string
Default: "127.0.0.1:8125"
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.statsd.prefixA string prepended to each collected metric.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.tempDbRippled temporary database options.
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.tempDb.advisoryDeleteIf set, then require administrative RPC call "can_delete" to enable online deletion of ledger records.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.tempDb.compressionWhether to enable snappy compression.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.tempDb.extraOptsExtra database options.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.tempDb.onlineDeleteEnable automatic purging of older ledger information.
Type: null or signed integer
Default: config.services.rippled.ledgerHistory
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.tempDb.pathLocation to store the database.
Type: path
Default: config.services.rippled.databasePath
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.tempDb.typeRippled database type.
Type: one of "rocksdb", "nudb"
Default: "rocksdb"
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.validationQuorumThe minimum number of trusted validations a ledger must have before the server considers it fully validated.
Type: signed integer
Default: 3
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rippled.validatorsList of nodes to always accept as validators. Nodes are specified by domain or public key.
Type: list of string
Default:
[ "n949f75evCHwgyP4fPVgaHqNHxUVN15PsJEZ3B3HnXPcPjcZAoy7 RL1" "n9MD5h24qrQqiyBC8aeqqCWvpiBiYQ3jxSr91uiDvmrkyHRdYLUj RL2" "n9L81uNCaPgtUJfaHh89gmdvXKAmSt5Gdsw2g1iPWaPkAHW5Nm4C RL3" "n9KiYM9CgngLvtRCQHZwgC2gjpdaZcCcbt3VboxiNFcKuwFVujzS RL4" "n9LdgEtkmGB9E2h3K4Vp7iGUaKuq23Zr32ehxiU8FWY7xoxbWTSA RL5" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/rippled.nix>
|
services.rmfakecloud.enableWhether to enable rmfakecloud remarkable self-hosted cloud.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/rmfakecloud.nix>
|
services.rmfakecloud.packagermfakecloud package to use.
The default does not include the web user interface.
Type: package
Default: pkgs.rmfakecloud
Declared by:
<nixpkgs/nixos/modules/services/misc/rmfakecloud.nix>
|
services.rmfakecloud.environmentFilePath to an environment file loaded for the rmfakecloud service.
This can be used to securely store tokens and secrets outside of the world-readable Nix store. Since this file is read by systemd, it may have permission 0400 and be owned by root.
Type: null or path
Default: null
Example: "/etc/secrets/rmfakecloud.env"
Declared by:
<nixpkgs/nixos/modules/services/misc/rmfakecloud.nix>
|
services.rmfakecloud.extraSettingsExtra settings in the form of a set of key-value pairs.
For tokens and secrets, use environmentFile instead.
Available settings are listed on https://ddvk.github.io/rmfakecloud/install/configuration/.
Type: attribute set of string
Default: { }
Example:
{
DATADIR = "/custom/path/for/rmfakecloud/data";
}Declared by:
<nixpkgs/nixos/modules/services/misc/rmfakecloud.nix>
|
services.rmfakecloud.logLevelLogging level.
Type: one of "info", "debug", "warn", "error"
Default: "info"
Declared by:
<nixpkgs/nixos/modules/services/misc/rmfakecloud.nix>
|
services.rmfakecloud.portListening port number.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 3000
Declared by:
<nixpkgs/nixos/modules/services/misc/rmfakecloud.nix>
|
services.rmfakecloud.storageUrlURL used by the tablet to access the rmfakecloud service.
Type: string
Example: "https://local.appspot.com"
Declared by:
<nixpkgs/nixos/modules/services/misc/rmfakecloud.nix>
|
services.robustirc-bridge.enableWhether to enable RobustIRC bridge.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/robustirc-bridge.nix>
|
services.robustirc-bridge.extraFlagsExtra flags passed to the robustirc-bridge command. See RobustIRC Documentation or robustirc-bridge(1) for details.
Type: list of string
Default: [ ]
Example:
[ "-network robustirc.net" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/robustirc-bridge.nix>
|
services.roon-bridge.enableWhether to enable Roon Bridge.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/audio/roon-bridge.nix>
|
services.roon-bridge.groupGroup to run the Roon Bridge as.
Type: string
Default: "roon-bridge"
Declared by:
<nixpkgs/nixos/modules/services/audio/roon-bridge.nix>
|
services.roon-bridge.openFirewallOpen ports in the firewall for the bridge.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/audio/roon-bridge.nix>
|
services.roon-bridge.userUser to run the Roon bridge as.
Type: string
Default: "roon-bridge"
Declared by:
<nixpkgs/nixos/modules/services/audio/roon-bridge.nix>
|
services.roon-server.enableWhether to enable Roon Server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/audio/roon-server.nix>
|
services.roon-server.groupGroup to run the Roon Server as.
Type: string
Default: "roon-server"
Declared by:
<nixpkgs/nixos/modules/services/audio/roon-server.nix>
|
services.roon-server.openFirewallOpen ports in the firewall for the server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/audio/roon-server.nix>
|
services.roon-server.userUser to run the Roon Server as.
Type: string
Default: "roon-server"
Declared by:
<nixpkgs/nixos/modules/services/audio/roon-server.nix>
|
services.roundcube.enableWhether to enable roundcube.
Also enables nginx virtual host management.
Further nginx configuration can be done by adapting services.nginx.virtualHosts.<name>.
See services.nginx.virtualHosts for further information.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/mail/roundcube.nix>
|
services.roundcube.packageThe package which contains roundcube's sources. Can be overridden to create an environment which contains roundcube and third-party plugins.
Type: package
Default: pkgs.roundcube
Example:
roundcube.withPlugins (plugins: [ plugins.persistent_login ])
Declared by:
<nixpkgs/nixos/modules/services/mail/roundcube.nix>
|
services.roundcube.database.dbnameName of the postgresql database
Type: string
Default: "roundcube"
Declared by:
<nixpkgs/nixos/modules/services/mail/roundcube.nix>
|
services.roundcube.database.hostHost of the postgresql server. If this is not set to
localhost, you have to create the
postgresql user and database yourself, with appropriate
permissions.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/mail/roundcube.nix>
|
services.roundcube.database.passwordPassword for the postgresql connection. Do not use: the password will be stored world readable in the store; use passwordFile instead.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/mail/roundcube.nix>
|
services.roundcube.database.passwordFilePassword file for the postgresql connection. Must be readable by user nginx. Ignored if database.host is set to localhost, as peer authentication will be used.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/mail/roundcube.nix>
|
services.roundcube.database.usernameUsername for the postgresql connection.
If database.host is set to localhost, a unix user and group of the same name will be created as well.
Type: string
Default: "roundcube"
Declared by:
<nixpkgs/nixos/modules/services/mail/roundcube.nix>
|
services.roundcube.dictsList of aspell dictionaries for spell checking. If empty, spell checking is disabled.
Type: list of package
Default: [ ]
Example: with pkgs.aspellDicts; [ en fr de ]
Declared by:
<nixpkgs/nixos/modules/services/mail/roundcube.nix>
|
services.roundcube.extraConfigExtra configuration for roundcube webmail instance
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/mail/roundcube.nix>
|
services.roundcube.hostNameHostname to use for the nginx vhost
Type: string
Example: "webmail.example.com"
Declared by:
<nixpkgs/nixos/modules/services/mail/roundcube.nix>
|
services.roundcube.maxAttachmentSizeThe maximum attachment size in MB.
Note: Since roundcube only uses 70% of max upload values configured in php
30% is added automatically to services.roundcube.maxAttachmentSize.
Type: signed integer
Default: 18
Declared by:
<nixpkgs/nixos/modules/services/mail/roundcube.nix>
|
services.roundcube.pluginsList of roundcube plugins to enable. Currently, only those directly shipped with Roundcube are supported.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/mail/roundcube.nix>
|
services.routedns.enableWhether to enable RouteDNS - DNS stub resolver, proxy and router.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/routedns.nix>
|
services.routedns.packageRouteDNS package to use.
Type: package
Default: pkgs.routedns
Declared by:
<nixpkgs/nixos/modules/services/networking/routedns.nix>
|
services.routedns.configFilePath to RouteDNS TOML configuration file.
Type: path
Default: "A RouteDNS configuration file automatically generated by values from services.routedns.*"
Example: "${pkgs.routedns}/cmd/routedns/example-config/use-case-1.toml"
Declared by:
<nixpkgs/nixos/modules/services/networking/routedns.nix>
|
services.routedns.settingsConfiguration for RouteDNS, see https://github.com/folbricht/routedns/blob/master/doc/configuration.md for more information.
Type: TOML value
Example:
{
resolvers.cloudflare-dot = {
address = "1.1.1.1:853";
protocol = "dot";
};
groups.cloudflare-cached = {
type = "cache";
resolvers = ["cloudflare-dot"];
};
listeners.local-udp = {
address = "127.0.0.1:53";
protocol = "udp";
resolver = "cloudflare-cached";
};
listeners.local-tcp = {
address = "127.0.0.1:53";
protocol = "tcp";
resolver = "cloudflare-cached";
};
}
Declared by:
<nixpkgs/nixos/modules/services/networking/routedns.nix>
|
services.rpcbind.enableWhether to enable rpcbind', an ONC RPC directory service notably used by NFS and NIS, and which can be queried using the rpcinfo(1) command.rpcbindis a replacement forportmap`.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/rpcbind.nix>
|
services.rsnapshot.enableWhether to enable rsnapshot backups.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/backup/rsnapshot.nix>
|
services.rsnapshot.enableManualRsnapshotWhether to enable manual usage of the rsnapshot command with this module.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/backup/rsnapshot.nix>
|
services.rsnapshot.cronIntervalsPeriodicity at which intervals should be run by cron. Note that the intervals also have to exist in configuration as retain options.
Type: attribute set of string
Default: { }
Example:
{
daily = "50 21 * * *";
hourly = "0 * * * *";
}Declared by:
<nixpkgs/nixos/modules/services/backup/rsnapshot.nix>
|
services.rsnapshot.extraConfigrsnapshot configuration option in addition to the defaults from rsnapshot and this module.
Note that tabs are required to separate option arguments, and directory names require trailing slashes.
The "extra" in the option name might be a little misleading right now, as it is required to get a functional configuration.
Type: strings concatenated with "\n"
Default: ""
Example:
'' retains hourly 24 retain daily 365 backup /home/ localhost/ ''
Declared by:
<nixpkgs/nixos/modules/services/backup/rsnapshot.nix>
|
services.rspamd.enableWhether to enable rspamd, the Rapid spam filtering system.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/mail/rspamd.nix>
|
services.rspamd.debugWhether to run the rspamd daemon in debug mode.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/mail/rspamd.nix>
|
services.rspamd.extraConfigExtra configuration to add at the end of the rspamd configuration file.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/mail/rspamd.nix>
|
services.rspamd.groupGroup to use when no root privileges are required.
Type: string
Default: "rspamd"
Declared by:
<nixpkgs/nixos/modules/services/mail/rspamd.nix>
|
services.rspamd.localLuaRulesPath of file to link to /etc/rspamd/rspamd.local.lua for local
rules written in Lua
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/mail/rspamd.nix>
|
services.rspamd.localsLocal configuration files, written into /etc/rspamd/local.d/{name}.
Type: attribute set of (submodule)
Default: { }
Example:
{ "redis.conf".source = "/nix/store/.../etc/dir/redis.conf";
"arc.conf".text = "allow_envfrom_empty = true;";
}
Declared by:
<nixpkgs/nixos/modules/services/mail/rspamd.nix>
|
services.rspamd.locals.<name>.enableWhether this file locals should be generated. This option allows specific locals files to be disabled.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/mail/rspamd.nix>
|
services.rspamd.locals.<name>.sourcePath of the source file.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/mail/rspamd.nix>
|
services.rspamd.locals.<name>.textText of the file.
Type: null or strings concatenated with "\n"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/mail/rspamd.nix>
|
services.rspamd.overridesOverridden configuration files, written into /etc/rspamd/override.d/{name}.
Type: attribute set of (submodule)
Default: { }
Example:
{ "redis.conf".source = "/nix/store/.../etc/dir/redis.conf";
"arc.conf".text = "allow_envfrom_empty = true;";
}
Declared by:
<nixpkgs/nixos/modules/services/mail/rspamd.nix>
|
services.rspamd.overrides.<name>.enableWhether this file overrides should be generated. This option allows specific overrides files to be disabled.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/mail/rspamd.nix>
|
services.rspamd.overrides.<name>.sourcePath of the source file.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/mail/rspamd.nix>
|
services.rspamd.overrides.<name>.textText of the file.
Type: null or strings concatenated with "\n"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/mail/rspamd.nix>
|
services.rspamd.postfix.enableAdd rspamd milter to postfix main.conf
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/mail/rspamd.nix>
|
services.rspamd.postfix.configAddon to postfix configuration
Type: attribute set of (boolean or string or list of string)
Default:
{
non_smtpd_milters = [
"unix:/run/rspamd/rspamd-milter.sock"
];
smtpd_milters = [
"unix:/run/rspamd/rspamd-milter.sock"
];
}Declared by:
<nixpkgs/nixos/modules/services/mail/rspamd.nix>
|
services.rspamd.userUser to use when no root privileges are required.
Type: string
Default: "rspamd"
Declared by:
<nixpkgs/nixos/modules/services/mail/rspamd.nix>
|
services.rspamd.workersAttribute set of workers to start.
Type: attribute set of (submodule)
Default:
{
controller = { };
normal = { };
}Example:
{
normal = {
includes = [ "$CONFDIR/worker-normal.inc" ];
bindSockets = [{
socket = "/run/rspamd/rspamd.sock";
mode = "0660";
owner = "${config.services.rspamd.user}";
group = "${config.services.rspamd.group}";
}];
};
controller = {
includes = [ "$CONFDIR/worker-controller.inc" ];
bindSockets = [ "[::1]:11334" ];
};
}
Declared by:
<nixpkgs/nixos/modules/services/mail/rspamd.nix>
|
services.rspamd.workers.<name>.enableWhether to run the rspamd worker.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/mail/rspamd.nix>
|
services.rspamd.workers.<name>.bindSocketsList of sockets to listen, in format acceptable by rspamd
Type: list of (string or (submodule))
Default: [ ]
Example:
[
{
mode = "0666";
owner = "rspamd";
socket = "/run/rspamd.sock";
}
"*:11333"
]Declared by:
<nixpkgs/nixos/modules/services/mail/rspamd.nix>
|
services.rspamd.workers.<name>.countNumber of worker instances to run
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/mail/rspamd.nix>
|
services.rspamd.workers.<name>.extraConfigAdditional entries to put verbatim into worker section of rspamd config file.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/mail/rspamd.nix>
|
services.rspamd.workers.<name>.includesList of files to include in configuration
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/mail/rspamd.nix>
|
services.rspamd.workers.<name>.nameName of the worker
Type: null or string
Default: "‹name›"
Declared by:
<nixpkgs/nixos/modules/services/mail/rspamd.nix>
|
services.rspamd.workers.<name>.typeThe type of this worker. The type proxy is
deprecated and only kept for backwards compatibility and should be
replaced with rspamd_proxy.
Type: null or one of "normal", "controller", "fuzzy", "rspamd_proxy", "lua", "proxy"
Declared by:
<nixpkgs/nixos/modules/services/mail/rspamd.nix>
|
services.rss-bridge.enableWhether to enable rss-bridge.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/rss-bridge.nix>
|
services.rss-bridge.dataDirLocation in which cache directory will be created.
You can put config.ini.php in here.
Type: string
Default: "/var/lib/rss-bridge"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/rss-bridge.nix>
|
services.rss-bridge.groupGroup under which the web-application run.
Type: string
Default: "nginx"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/rss-bridge.nix>
|
services.rss-bridge.poolName of existing phpfpm pool that is used to run web-application. If not specified a pool will be created automatically with default values.
Type: string
Default: "rss-bridge"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/rss-bridge.nix>
|
services.rss-bridge.userUser account under which both the service and the web-application run.
Type: string
Default: "nginx"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/rss-bridge.nix>
|
services.rss-bridge.virtualHostName of the nginx virtualhost to use and setup. If null, do not setup any virtualhost.
Type: null or string
Default: "rss-bridge"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/rss-bridge.nix>
|
services.rss-bridge.whitelistList of bridges to be whitelisted.
If the list is empty, rss-bridge will use whitelist.default.txt.
Use [ "*" ] to whitelist all.
Type: list of string
Default: [ ]
Example:
[ "Facebook" "Instagram" "Twitter" ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/rss-bridge.nix>
|
services.rss2email.enableWhether to enable rss2email.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/mail/rss2email.nix>
|
services.rss2email.configThe configuration to give rss2email.
Default will use system-wide sendmail to send the
email. This is rss2email's default when running
r2e new.
This set contains key-value associations that will be set in the
[DEFAULT] block along with the
to parameter.
See man r2e for more information on which
parameters are accepted.
Type: attribute set of (string or signed integer or boolean)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/mail/rss2email.nix>
|
services.rss2email.feedsThe feeds to watch.
Type: attribute set of (submodule)
Declared by:
<nixpkgs/nixos/modules/services/mail/rss2email.nix>
|
services.rss2email.feeds.<name>.toEmail address to which to send feed items.
If null, this will not be set in the
configuration file, and rss2email will make it default to
rss2email.to.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/mail/rss2email.nix>
|
services.rss2email.feeds.<name>.urlThe URL at which to fetch the feed.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/mail/rss2email.nix>
|
services.rss2email.intervalHow often to check the feeds, in systemd interval format
Type: string
Default: "12h"
Declared by:
<nixpkgs/nixos/modules/services/mail/rss2email.nix>
|
services.rss2email.toMail address to which to send emails
Type: string
Declared by:
<nixpkgs/nixos/modules/services/mail/rss2email.nix>
|
services.rstudio-server.enableWhether to enable RStudio server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/development/rstudio-server/default.nix>
|
services.rstudio-server.packageRstudio server package to use. Can be set to rstudioServerWrapper to provide packages.
Type: package
Default: pkgs.rstudio-server
Example: pkgs.rstudioServerWrapper.override { packages = [ pkgs.rPackages.ggplot2 ]; }
Declared by:
<nixpkgs/nixos/modules/services/development/rstudio-server/default.nix>
|
services.rstudio-server.listenAddrAddress to listen on (www-address in rserver.conf).
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/development/rstudio-server/default.nix>
|
services.rstudio-server.rserverExtraConfigExtra contents for rserver.conf.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/development/rstudio-server/default.nix>
|
services.rstudio-server.rsessionExtraConfigExtra contents for resssion.conf.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/development/rstudio-server/default.nix>
|
services.rstudio-server.serverWorkingDirDefault working directory for server (server-working-dir in rserver.conf).
Type: string
Default: "/var/lib/rstudio-server"
Declared by:
<nixpkgs/nixos/modules/services/development/rstudio-server/default.nix>
|
services.rsyncd.enableWhether to enable the rsync daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/rsyncd.nix>
|
services.rsyncd.portTCP port the daemon will listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 873
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/rsyncd.nix>
|
services.rsyncd.settingsConfiguration for rsyncd. See rsyncd.conf(5).
Type: attribute set of attribute set of (INI atom (null, bool, int, float or string))
Default: { }
Example:
{
cvs = {
"auth users" = [
"tridge"
"susan"
];
comment = "CVS repository (requires authentication)";
path = "/data/cvs";
"secrets file" = "/etc/rsyncd.secrets";
};
ftp = {
comment = "whole ftp area";
path = "/var/ftp/./pub";
};
global = {
gid = "nobody";
"max connections" = 4;
uid = "nobody";
"use chroot" = true;
};
}Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/rsyncd.nix>
|
services.rsyncd.socketActivatedIf enabled Rsync will be socket-activated rather than run persistently.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/rsyncd.nix>
|
services.rsyslogd.enableWhether to enable syslogd. Note that systemd also logs syslog messages, so you normally don't need to run syslogd.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/logging/rsyslogd.nix>
|
services.rsyslogd.defaultConfigThe default syslog.conf file configures a
fairly standard setup of log files, which can be extended by
means of extraConfig.
Type: strings concatenated with "\n"
Default:
'' # "local1" is used for dhcpd messages. local1.* -/var/log/dhcpd mail.* -/var/log/mail *.=warning;*.=err -/var/log/warn *.crit /var/log/warn *.*;mail.none;local1.none -/var/log/messages ''
Declared by:
<nixpkgs/nixos/modules/services/logging/rsyslogd.nix>
|
services.rsyslogd.extraConfigAdditional text appended to syslog.conf,
i.e. the contents of defaultConfig.
Type: strings concatenated with "\n"
Default: ""
Example: "news.* -/var/log/news"
Declared by:
<nixpkgs/nixos/modules/services/logging/rsyslogd.nix>
|
services.rsyslogd.extraParamsAdditional parameters passed to rsyslogd.
Type: list of string
Default: [ ]
Example:
[ "-m 0" ]
Declared by:
<nixpkgs/nixos/modules/services/logging/rsyslogd.nix>
|
services.rtorrent.enableWhether to enable rtorrent.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/torrent/rtorrent.nix>
|
services.rtorrent.packageThe rtorrent package to use.
Type: package
Default: pkgs.rtorrent
Declared by:
<nixpkgs/nixos/modules/services/torrent/rtorrent.nix>
|
services.rtorrent.configTextThe content of rtorrent.rc. The modernized configuration template with the values specified in this module will be prepended using mkBefore. You can use mkForce to overwrite the config completely.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/torrent/rtorrent.nix>
|
services.rtorrent.dataDirThe directory where rtorrent stores its data files.
Type: string
Default: "/var/lib/rtorrent"
Declared by:
<nixpkgs/nixos/modules/services/torrent/rtorrent.nix>
|
services.rtorrent.downloadDirWhere to put downloaded files.
Type: string
Default: "${config.services.rtorrent.dataDir}/download"
Declared by:
<nixpkgs/nixos/modules/services/torrent/rtorrent.nix>
|
services.rtorrent.groupGroup under which rtorrent runs.
Type: string
Default: "rtorrent"
Declared by:
<nixpkgs/nixos/modules/services/torrent/rtorrent.nix>
|
services.rtorrent.openFirewallWhether to open the firewall for the port in services.rtorrent.port.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/torrent/rtorrent.nix>
|
services.rtorrent.portThe rtorrent port.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 50000
Declared by:
<nixpkgs/nixos/modules/services/torrent/rtorrent.nix>
|
services.rtorrent.rpcSocketRPC socket path.
Type: string (read only)
Default: "/run/rtorrent/rpc.sock"
Declared by:
<nixpkgs/nixos/modules/services/torrent/rtorrent.nix>
|
services.rtorrent.userUser account under which rtorrent runs.
Type: string
Default: "rtorrent"
Declared by:
<nixpkgs/nixos/modules/services/torrent/rtorrent.nix>
|
services.rtsp-simple-server.enableWhether to enable RTSP Simple Server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/video/rtsp-simple-server.nix>
|
services.rtsp-simple-server.envExtra environment variables for RTSP Simple Server
Type: attribute set of anything
Default: { }
Example:
{
RTSP_CONFKEY = "mykey";
}Declared by:
<nixpkgs/nixos/modules/services/video/rtsp-simple-server.nix>
|
services.rtsp-simple-server.settingsSettings for rtsp-simple-server. Read more at https://github.com/aler9/rtsp-simple-server/blob/main/rtsp-simple-server.yml
Type: YAML value
Default:
{
logDestinations = [
"stdout"
];
logFile = "/var/log/rtsp-simple-server/rtsp-simple-server.log";
logLevel = "info";
}Example:
{
paths = {
cam = {
runOnInit = "ffmpeg -f v4l2 -i /dev/video0 -f rtsp rtsp://localhost:$RTSP_PORT/$RTSP_PATH";
runOnInitRestart = true;
};
};
}Declared by:
<nixpkgs/nixos/modules/services/video/rtsp-simple-server.nix>
|
services.sabnzbd.enableWhether to enable the sabnzbd server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/sabnzbd.nix>
|
services.sabnzbd.packageThe sabnzbd executable package run by the service.
Type: package
Default: pkgs.sabnzbd
Declared by:
<nixpkgs/nixos/modules/services/networking/sabnzbd.nix>
|
services.sabnzbd.configFilePath to config file.
Type: path
Default: "/var/lib/sabnzbd/sabnzbd.ini"
Declared by:
<nixpkgs/nixos/modules/services/networking/sabnzbd.nix>
|
services.sabnzbd.groupGroup to run the service as
Type: string
Default: "sabnzbd"
Declared by:
<nixpkgs/nixos/modules/services/networking/sabnzbd.nix>
|
services.sabnzbd.userUser to run the service as
Type: string
Default: "sabnzbd"
Declared by:
<nixpkgs/nixos/modules/services/networking/sabnzbd.nix>
|
services.safeeyes.enableWhether to enable the safeeyes OSGi service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/safeeyes.nix>
|
services.salt.master.enableWhether to enable Salt master service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/admin/salt/master.nix>
|
services.salt.master.configurationSalt master configuration as Nix attribute set.
Type: attribute set
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/admin/salt/master.nix>
|
services.salt.minion.enableWhether to enable Salt minion service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/admin/salt/minion.nix>
|
services.salt.minion.configurationSalt minion configuration as Nix attribute set. See https://docs.saltstack.com/en/latest/ref/configuration/minion.html for details.
Type: attribute set
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/admin/salt/minion.nix>
|
services.samba.enableWhether to enable Samba, which provides file and print services to Windows clients through the SMB/CIFS protocol.
If you use the firewall consider adding the following:
services.samba.openFirewall = true;
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/samba.nix>
|
services.samba.enableNmbdWhether to enable Samba's nmbd, which replies to NetBIOS over IP name service requests. It also participates in the browsing protocols which make up the Windows "Network Neighborhood" view.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/samba.nix>
|
services.samba.enableWinbinddWhether to enable Samba's winbindd, which provides a number of services to the Name Service Switch capability found in most modern C libraries, to arbitrary applications via PAM and ntlm_auth and to Samba itself.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/samba.nix>
|
services.samba.packageDefines which package should be used for the samba server.
Type: package
Default: pkgs.samba
Example: pkgs.samba4Full
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/samba.nix>
|
services.samba.configTextVerbatim contents of smb.conf. If null (default), use the autogenerated file from NixOS instead.
Type: null or strings concatenated with "\n"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/samba.nix>
|
services.samba.extraConfigAdditional global section and extra section lines go in here.
Type: strings concatenated with "\n"
Default: ""
Example:
'' guest account = nobody map to guest = bad user ''
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/samba.nix>
|
services.samba.invalidUsersList of users who are denied to login via Samba.
Type: list of string
Default:
[ "root" ]
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/samba.nix>
|
services.samba.nsswinsWhether to enable the WINS NSS (Name Service Switch) plug-in. Enabling it allows applications to resolve WINS/NetBIOS names (a.k.a. Windows machine names) by transparently querying the winbindd daemon.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/samba.nix>
|
services.samba.openFirewallWhether to automatically open the necessary ports in the firewall.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/samba.nix>
|
services.samba.securityTypeSamba security type
Type: string
Default: "user"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/samba.nix>
|
services.samba.sharesA set describing shared resources. See man smb.conf for options.
Type: attribute set of attribute set of unspecified value
Default: { }
Example:
{ public =
{ path = "/srv/public";
"read only" = true;
browseable = "yes";
"guest ok" = "yes";
comment = "Public samba share.";
};
}
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/samba.nix>
|
services.samba-wsdd.enableWhether to enable Web Services Dynamic Discovery host daemon. This enables (Samba) hosts, like your local NAS device, to be found by Web Service Discovery Clients like Windows.
If you use the firewall consider adding the following:
networking.firewall.allowedTCPPorts = [ 5357 ]; networking.firewall.allowedUDPPorts = [ 3702 ];
.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/samba-wsdd.nix>
|
services.samba-wsdd.discoveryEnable discovery operation mode.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/samba-wsdd.nix>
|
services.samba-wsdd.domainSet domain name (disables workgroup).
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/samba-wsdd.nix>
|
services.samba-wsdd.extraOptionsAdditional wsdd options.
Type: list of string
Default:
[ "--shortlog" ]
Example:
[ "--verbose" "--no-http" "--ipv4only" "--no-host" ]
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/samba-wsdd.nix>
|
services.samba-wsdd.hoplimitHop limit for multicast packets (default = 1).
Type: null or signed integer
Default: null
Example: 2
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/samba-wsdd.nix>
|
services.samba-wsdd.hostnameOverride (NetBIOS) hostname to be used (default hostname).
Type: null or string
Default: null
Example: "FILESERVER"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/samba-wsdd.nix>
|
services.samba-wsdd.interfaceInterface or address to use.
Type: null or string
Default: null
Example: "eth0"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/samba-wsdd.nix>
|
services.samba-wsdd.listenListen on path or localhost port in discovery mode.
Type: string
Default: "/run/wsdd/wsdd.sock"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/samba-wsdd.nix>
|
services.samba-wsdd.workgroupSet workgroup name (default WORKGROUP).
Type: null or string
Default: null
Example: "HOME"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/samba-wsdd.nix>
|
services.saned.enableEnable saned network daemon for remote connection to scanners.
saned would be run from scanner user; to allow
access to hardware that doesn't have scanner group
you should add needed groups to this user.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/hardware/sane.nix>
|
services.saned.extraConfigExtra saned configuration lines.
Type: strings concatenated with "\n"
Default: ""
Example: "192.168.0.0/24"
Declared by:
<nixpkgs/nixos/modules/services/hardware/sane.nix>
|
services.sanoid.enableWhether to enable Sanoid ZFS snapshotting service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/backup/sanoid.nix>
|
services.sanoid.datasetsDatasets to snapshot.
Type: attribute set of (dataset/template options)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/backup/sanoid.nix>
|
services.sanoid.datasets.<name>.autopruneWhether to automatically prune old snapshots.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/backup/sanoid.nix>
|
services.sanoid.datasets.<name>.autosnapWhether to automatically take snapshots.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/backup/sanoid.nix>
|
services.sanoid.datasets.<name>.dailyNumber of daily snapshots.
Type: null or unsigned integer, meaning >=0
Default: null
Declared by:
<nixpkgs/nixos/modules/services/backup/sanoid.nix>
|
services.sanoid.datasets.<name>.hourlyNumber of hourly snapshots.
Type: null or unsigned integer, meaning >=0
Default: null
Declared by:
<nixpkgs/nixos/modules/services/backup/sanoid.nix>
|
services.sanoid.datasets.<name>.monthlyNumber of monthly snapshots.
Type: null or unsigned integer, meaning >=0
Default: null
Declared by:
<nixpkgs/nixos/modules/services/backup/sanoid.nix>
|
services.sanoid.datasets.<name>.processChildrenOnlyWhether to only snapshot child datasets if recursing.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/backup/sanoid.nix>
|
services.sanoid.datasets.<name>.process_children_onlyWhether to only snapshot child datasets if recursing.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/backup/sanoid.nix>
|
services.sanoid.datasets.<name>.recursiveWhether to recursively snapshot dataset children.
You can also set this to "zfs" to handle datasets
recursively in an atomic way without the possibility to
override settings for child datasets.
Type: boolean or value "zfs" (singular enum)
Default: false
Declared by:
<nixpkgs/nixos/modules/services/backup/sanoid.nix>
|
services.sanoid.datasets.<name>.useTemplateNames of the templates to use for this dataset.
Type: list of configured template name
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/backup/sanoid.nix>
|
services.sanoid.datasets.<name>.use_templateNames of the templates to use for this dataset.
Type: list of configured template name
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/backup/sanoid.nix>
|
services.sanoid.datasets.<name>.yearlyNumber of yearly snapshots.
Type: null or unsigned integer, meaning >=0
Default: null
Declared by:
<nixpkgs/nixos/modules/services/backup/sanoid.nix>
|
services.sanoid.extraArgsExtra arguments to pass to sanoid. See https://github.com/jimsalterjrs/sanoid/#sanoid-command-line-options for allowed options.
Type: list of string
Default: [ ]
Example:
[ "--verbose" "--readonly" "--debug" ]
Declared by:
<nixpkgs/nixos/modules/services/backup/sanoid.nix>
|
services.sanoid.intervalRun sanoid at this interval. The default is to run hourly.
The format is described in systemd.time(7).
Type: string
Default: "hourly"
Example: "daily"
Declared by:
<nixpkgs/nixos/modules/services/backup/sanoid.nix>
|
services.sanoid.settingsFree-form settings written directly to the config file. See https://github.com/jimsalterjrs/sanoid/blob/master/sanoid.defaults.conf for allowed values.
Type: attribute set of dataset/template options
Declared by:
<nixpkgs/nixos/modules/services/backup/sanoid.nix>
|
services.sanoid.templatesTemplates for datasets.
Type: attribute set of (dataset/template options)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/backup/sanoid.nix>
|
services.sanoid.templates.<name>.autopruneWhether to automatically prune old snapshots.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/backup/sanoid.nix>
|
services.sanoid.templates.<name>.autosnapWhether to automatically take snapshots.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/backup/sanoid.nix>
|
services.sanoid.templates.<name>.dailyNumber of daily snapshots.
Type: null or unsigned integer, meaning >=0
Default: null
Declared by:
<nixpkgs/nixos/modules/services/backup/sanoid.nix>
|
services.sanoid.templates.<name>.hourlyNumber of hourly snapshots.
Type: null or unsigned integer, meaning >=0
Default: null
Declared by:
<nixpkgs/nixos/modules/services/backup/sanoid.nix>
|
services.sanoid.templates.<name>.monthlyNumber of monthly snapshots.
Type: null or unsigned integer, meaning >=0
Default: null
Declared by:
<nixpkgs/nixos/modules/services/backup/sanoid.nix>
|
services.sanoid.templates.<name>.yearlyNumber of yearly snapshots.
Type: null or unsigned integer, meaning >=0
Default: null
Declared by:
<nixpkgs/nixos/modules/services/backup/sanoid.nix>
|
services.saslauthd.enableWhether to enable saslauthd, the Cyrus SASL authentication daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/system/saslauthd.nix>
|
services.saslauthd.packageCyrus SASL package to use.
Type: package
Default: pkgs.cyrus_sasl.bin
Declared by:
<nixpkgs/nixos/modules/services/system/saslauthd.nix>
|
services.saslauthd.configConfiguration to use for Cyrus SASL authentication daemon.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/system/saslauthd.nix>
|
services.saslauthd.mechanismAuth mechanism to use
Type: string
Default: "pam"
Declared by:
<nixpkgs/nixos/modules/services/system/saslauthd.nix>
|
services.schleuder.enableWhether to enable Schleuder secure remailer.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/mail/schleuder.nix>
|
services.schleuder.enablePostfixWhether to enable automatic postfix integration.
Type: boolean
Default: true
Example: true
Declared by:
<nixpkgs/nixos/modules/services/mail/schleuder.nix>
|
services.schleuder.extraSettingsFileYAML file to merge into the schleuder config at runtime. This can be used for secrets such as API keys.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/mail/schleuder.nix>
|
services.schleuder.listDefaultsDefault settings for lists (list-defaults.yml).
Check the example configuration for possible values.
Type: YAML value
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/mail/schleuder.nix>
|
services.schleuder.listsList of list addresses that should be handled by Schleuder.
Note that this is only handled by the postfix integration, and the setup of the lists, their members and their keys has to be performed separately via schleuder's API, using a tool such as schleuder-cli.
Type: list of string
Default: [ ]
Example:
[ "widget-team@example.com" "security@example.com" ]
Declared by:
<nixpkgs/nixos/modules/services/mail/schleuder.nix>
|
services.schleuder.settingsSettings for schleuder.yml.
Check the example configuration for possible values.
Type: YAML value
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/mail/schleuder.nix>
|
services.schleuder.settings.keyserverKey server from which to fetch and update keys.
Note that NixOS uses a different default from upstream, since the upstream default sks-keyservers.net is deprecated.
Type: string
Default: "keys.openpgp.org"
Declared by:
<nixpkgs/nixos/modules/services/mail/schleuder.nix>
|
services.scollector.enableWhether to run scollector.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/scollector.nix>
|
services.scollector.packagescollector binary to use.
Type: package
Default: pkgs.scollector
Declared by:
<nixpkgs/nixos/modules/services/monitoring/scollector.nix>
|
services.scollector.bosunHostHost and port of the bosun server that will store the collected data.
Type: string
Default: "localhost:8070"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/scollector.nix>
|
services.scollector.collectorsAn attribute set mapping the frequency of collection to a list of binaries that should be executed at that frequency. You can use "0" to run a binary forever.
Type: attribute set of list of path
Default: { }
Example: { "0" = [ "${postgresStats}/bin/collect-stats" ]; }
Declared by:
<nixpkgs/nixos/modules/services/monitoring/scollector.nix>
|
services.scollector.extraConfigExtra scollector configuration added to the end of scollector.toml
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/scollector.nix>
|
services.scollector.extraOptsExtra scollector command line options
Type: list of string
Default: [ ]
Example:
[ "-d" ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/scollector.nix>
|
services.scollector.groupGroup account under which scollector runs.
Type: string
Default: "scollector"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/scollector.nix>
|
services.scollector.userUser account under which scollector runs.
Type: string
Default: "scollector"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/scollector.nix>
|
services.sdrplayApi.enableWhether to enable the SDRplay API service and udev rules.
To enable integration with SoapySDR and GUI applications like gqrx create an overlay containing
soapysdr-with-plugins = super.soapysdr.override { extraPackages = [ super.soapysdrplay ]; };
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/sdrplay.nix>
|
services.seafile.enableWhether to enable Seafile server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/seafile.nix>
|
services.seafile.adminEmailSeafile Seahub Admin Account Email.
Type: string
Example: "john@example.com"
Declared by:
<nixpkgs/nixos/modules/services/networking/seafile.nix>
|
services.seafile.ccnetSettingsConfiguration for ccnet, see https://manual.seafile.com/config/ccnet-conf/ for supported values.
Type: attribute set of attribute set of (INI atom (null, bool, int, float or string))
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/seafile.nix>
|
services.seafile.ccnetSettings.General.SERVICE_URLSeahub public URL.
Type: string
Example: "https://www.example.com"
Declared by:
<nixpkgs/nixos/modules/services/networking/seafile.nix>
|
services.seafile.initialAdminPasswordSeafile Seahub Admin Account initial password. Should be change via Seahub web front-end.
Type: string
Example: "someStrongPass"
Declared by:
<nixpkgs/nixos/modules/services/networking/seafile.nix>
|
services.seafile.seafilePackageWhich package to use for the seafile server.
Type: package
Default: pkgs.seafile-server
Declared by:
<nixpkgs/nixos/modules/services/networking/seafile.nix>
|
services.seafile.seafileSettingsConfiguration for seafile-server, see https://manual.seafile.com/config/seafile-conf/ for supported values.
Type: attribute set of attribute set of (INI atom (null, bool, int, float or string))
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/seafile.nix>
|
services.seafile.seafileSettings.fileserver.hostThe binding address used by seafile fileserver.
Type: string
Default: "127.0.0.1"
Example: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/networking/seafile.nix>
|
services.seafile.seafileSettings.fileserver.portThe tcp port used by seafile fileserver.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8082
Declared by:
<nixpkgs/nixos/modules/services/networking/seafile.nix>
|
services.seafile.seahubExtraConfExtra config to append to seahub_settings.py file.
Refer to https://manual.seafile.com/config/seahub_settings_py/
for all available options.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/seafile.nix>
|
services.seafile.workersThe number of gunicorn worker processes for handling requests.
Type: signed integer
Default: 4
Example: 10
Declared by:
<nixpkgs/nixos/modules/services/networking/seafile.nix>
|
services.searx.enableWhether to enable Searx, the meta search engine.
Type: boolean
Default: false
Related packages:
Declared by:
<nixpkgs/nixos/modules/services/networking/searx.nix>
|
services.searx.packagesearx package to use.
Type: package
Default: pkgs.searx
Declared by:
<nixpkgs/nixos/modules/services/networking/searx.nix>
|
services.searx.environmentFileEnvironment file (see systemd.exec(5)
"EnvironmentFile=" section for the syntax) to define variables for
Searx. This option can be used to safely include secret keys into the
Searx configuration.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/searx.nix>
|
services.searx.runInUwsgiWhether to run searx in uWSGI as a "vassal", instead of using its built-in HTTP server. This is the recommended mode for public or large instances, but is unnecessary for LAN or local-only use.
The built-in HTTP server logs all queries by default.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/searx.nix>
|
services.searx.settingsSearx settings. These will be merged with (taking precedence over)
the default configuration. It's also possible to refer to
environment variables
(defined in services.searx.environmentFile)
using the syntax @VARIABLE_NAME@.
For available settings, see the Searx docs.
Type: attribute set of (JSON value)
Default: { }
Example:
{ server.port = 8080;
server.bind_address = "0.0.0.0";
server.secret_key = "@SEARX_SECRET_KEY@";
engines = lib.singleton
{ name = "wolframalpha";
shortcut = "wa";
api_key = "@WOLFRAM_API_KEY@";
engine = "wolframalpha_api";
};
}
Declared by:
<nixpkgs/nixos/modules/services/networking/searx.nix>
|
services.searx.settingsFileThe path of the Searx server settings.yml file. If no file is
specified, a default file is used (default config file has debug mode
enabled). Note: setting this options overrides
services.searx.settings.
This file, along with any secret key it contains, will be copied into the world-readable Nix store.
Type: path
Default: "/run/searx/settings.yml"
Declared by:
<nixpkgs/nixos/modules/services/networking/searx.nix>
|
services.searx.uwsgiConfigAdditional configuration of the uWSGI vassal running searx. It should notably specify on which interfaces and ports the vassal should listen.
Type: Json value or lambda
Default:
{
http = ":8080";
}Example:
{
disable-logging = true;
http = ":8080"; # serve via HTTP...
socket = "/run/searx/searx.sock"; # ...or UNIX socket
chmod-socket = "660"; # allow the searx group to read/write to the socket
}
Declared by:
<nixpkgs/nixos/modules/services/networking/searx.nix>
|
services.self-deploy.enableWhether to enable self-deploy.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/system/self-deploy.nix>
|
services.self-deploy.branchBranch to track
Technically speaking any ref can be specified here, as this is
passed directly to a git fetch, but for the use-case of
continuous deployment you're likely to want to specify a branch.
Type: string
Default: "master"
Declared by:
<nixpkgs/nixos/modules/services/system/self-deploy.nix>
|
services.self-deploy.nixArgsArguments to nix-build passed as --argstr or --arg depending on
the type.
Type: attribute set
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/system/self-deploy.nix>
|
services.self-deploy.nixAttributeAttribute of nixFile that builds the current system.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/system/self-deploy.nix>
|
services.self-deploy.nixFilePath to nix file in repository. Leading '/' refers to root of git repository.
Type: path
Default: "/default.nix"
Declared by:
<nixpkgs/nixos/modules/services/system/self-deploy.nix>
|
services.self-deploy.repositoryThe repository to fetch from. Must be properly formatted for git.
If this value is set to a path (must begin with /) then it's
assumed that the repository is local and the resulting service
won't wait for the network to be up.
If the repository will be fetched over SSH, you must add an
entry to programs.ssh.knownHosts for the SSH host for the fetch
to be successful.
Type: path or string
Declared by:
<nixpkgs/nixos/modules/services/system/self-deploy.nix>
|
services.self-deploy.sshKeyFilePath to SSH private key used to fetch private repositories over SSH.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/system/self-deploy.nix>
|
services.self-deploy.startAtThe schedule on which to run the self-deploy service. Format
specified by systemd.time 7.
This value can also be a list of systemd.time 7 formatted
strings, in which case the service will be started on multiple
schedules.
Type: string or list of string
Default: "hourly"
Declared by:
<nixpkgs/nixos/modules/services/system/self-deploy.nix>
|
services.self-deploy.switchCommandThe switch-to-configuration subcommand used.
Type: one of "boot", "switch", "dry-activate", "test"
Default: "switch"
Declared by:
<nixpkgs/nixos/modules/services/system/self-deploy.nix>
|
services.selfoss.enableWhether to enable selfoss.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/selfoss.nix>
|
services.selfoss.database.hostHost of the database (has no effect if type is "sqlite").
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/selfoss.nix>
|
services.selfoss.database.nameName of the existing database (has no effect if type is "sqlite").
Type: string
Default: "tt_rss"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/selfoss.nix>
|
services.selfoss.database.passwordThe database user's password (has no effect if type is "sqlite").
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/selfoss.nix>
|
services.selfoss.database.portThe database's port. If not set, the default ports will be provided (5432 and 3306 for pgsql and mysql respectively) (has no effect if type is "sqlite").
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/selfoss.nix>
|
services.selfoss.database.typeDatabase to store feeds. Supported are sqlite, pgsql and mysql.
Type: one of "pgsql", "mysql", "sqlite"
Default: "sqlite"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/selfoss.nix>
|
services.selfoss.database.userThe database user. The user must exist and has access to the specified database (has no effect if type is "sqlite").
Type: string
Default: "tt_rss"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/selfoss.nix>
|
services.selfoss.extraConfigExtra configuration added to config.ini
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/selfoss.nix>
|
services.selfoss.poolName of existing phpfpm pool that is used to run web-application. If not specified a pool will be created automatically with default values.
Type: string
Default: "selfoss_pool"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/selfoss.nix>
|
services.selfoss.userUser account under which both the service and the web-application run.
Type: string
Default: "nginx"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/selfoss.nix>
|
services.serviio.enableWhether to enable the Serviio Media Server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/serviio.nix>
|
services.serviio.dataDirThe directory where serviio stores its state, data, etc.
Type: path
Default: "/var/lib/serviio"
Declared by:
<nixpkgs/nixos/modules/services/misc/serviio.nix>
|
services.shadowsocks.enableWhether to run shadowsocks-libev shadowsocks server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/shadowsocks.nix>
|
services.shadowsocks.encryptionMethodEncryption method. See https://github.com/shadowsocks/shadowsocks-org/wiki/AEAD-Ciphers.
Type: string
Default: "chacha20-ietf-poly1305"
Declared by:
<nixpkgs/nixos/modules/services/networking/shadowsocks.nix>
|
services.shadowsocks.extraConfigAdditional configuration for shadowsocks that is not covered by the provided options. The provided attrset will be serialized to JSON and has to contain valid shadowsocks options. Unfortunately most additional options are undocumented but it's easy to find out what is available by looking into the source code of https://github.com/shadowsocks/shadowsocks-libev/blob/master/src/jconf.c
Type: attribute set
Default: { }
Example:
{
nameserver = "8.8.8.8";
}Declared by:
<nixpkgs/nixos/modules/services/networking/shadowsocks.nix>
|
services.shadowsocks.fastOpenuse TCP fast-open
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/shadowsocks.nix>
|
services.shadowsocks.localAddressLocal addresses to which the server binds.
Type: (list of string) or string convertible to it
Default:
[ "[::0]" "0.0.0.0" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/shadowsocks.nix>
|
services.shadowsocks.modeRelay protocols.
Type: one of "tcp_only", "tcp_and_udp", "udp_only"
Default: "tcp_and_udp"
Declared by:
<nixpkgs/nixos/modules/services/networking/shadowsocks.nix>
|
services.shadowsocks.passwordPassword for connecting clients.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/shadowsocks.nix>
|
services.shadowsocks.passwordFilePassword file with a password for connecting clients.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/shadowsocks.nix>
|
services.shadowsocks.pluginSIP003 plugin for shadowsocks
Type: null or string
Default: null
Example: "${pkgs.shadowsocks-v2ray-plugin}/bin/v2ray-plugin"
Declared by:
<nixpkgs/nixos/modules/services/networking/shadowsocks.nix>
|
services.shadowsocks.pluginOptsOptions to pass to the plugin if one was specified
Type: string
Default: ""
Example: "server;host=example.com"
Declared by:
<nixpkgs/nixos/modules/services/networking/shadowsocks.nix>
|
services.shadowsocks.portPort which the server uses.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8388
Declared by:
<nixpkgs/nixos/modules/services/networking/shadowsocks.nix>
|
services.shairport-sync.enableEnable the shairport-sync daemon.
Running with a local system-wide or remote pulseaudio server is recommended.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/shairport-sync.nix>
|
services.shairport-sync.argumentsArguments to pass to the daemon. Defaults to a local pulseaudio server.
Type: string
Default: "-v -o pa"
Declared by:
<nixpkgs/nixos/modules/services/networking/shairport-sync.nix>
|
services.shairport-sync.groupGroup account name under which to run shairport-sync. The account will be created.
Type: string
Default: "shairport"
Declared by:
<nixpkgs/nixos/modules/services/networking/shairport-sync.nix>
|
services.shairport-sync.openFirewallWhether to automatically open ports in the firewall.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/shairport-sync.nix>
|
services.shairport-sync.userUser account name under which to run shairport-sync. The account will be created.
Type: string
Default: "shairport"
Declared by:
<nixpkgs/nixos/modules/services/networking/shairport-sync.nix>
|
services.shellhub-agent.enableWhether to enable ShellHub Agent daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/shellhub-agent.nix>
|
services.shellhub-agent.packageThe shellhub-agent package to use.
Type: package
Default: pkgs.shellhub-agent
Declared by:
<nixpkgs/nixos/modules/services/networking/shellhub-agent.nix>
|
services.shellhub-agent.keepAliveIntervalDetermine the interval to send the keep alive message to the server. This has a direct impact of the bandwidth used by the device.
Type: signed integer
Default: 30
Declared by:
<nixpkgs/nixos/modules/services/networking/shellhub-agent.nix>
|
services.shellhub-agent.preferredHostnameSet the device preferred hostname. This provides a hint to the server to use this as hostname if it is available.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/shellhub-agent.nix>
|
services.shellhub-agent.privateKeyLocation where to store the ShellHub Agent private key.
Type: path
Default: "/var/lib/shellhub-agent/private.key"
Declared by:
<nixpkgs/nixos/modules/services/networking/shellhub-agent.nix>
|
services.shellhub-agent.serverServer address of ShellHub Gateway to connect.
Type: string
Default: "https://cloud.shellhub.io"
Declared by:
<nixpkgs/nixos/modules/services/networking/shellhub-agent.nix>
|
services.shellhub-agent.tenantIdThe tenant ID to use when connecting to the ShellHub Gateway.
Type: string
Example: "ba0a880c-2ada-11eb-a35e-17266ef329d6"
Declared by:
<nixpkgs/nixos/modules/services/networking/shellhub-agent.nix>
|
services.shibboleth-sp.enableWhether to enable the shibboleth service
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/security/shibboleth-sp.nix>
|
services.shibboleth-sp.configFilePath to shibboleth config file
Type: path
Example: "${pkgs.shibboleth-sp}/etc/shibboleth/shibboleth2.xml"
Declared by:
<nixpkgs/nixos/modules/services/security/shibboleth-sp.nix>
|
services.shibboleth-sp.fastcgi.enableWhether to include the shibauthorizer and shibresponder FastCGI processes
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/security/shibboleth-sp.nix>
|
services.shibboleth-sp.fastcgi.shibAuthorizerPortPort for shibauthorizer FastCGI process to bind to
Type: signed integer
Default: 9100
Declared by:
<nixpkgs/nixos/modules/services/security/shibboleth-sp.nix>
|
services.shibboleth-sp.fastcgi.shibResponderPortPort for shibauthorizer FastCGI process to bind to
Type: signed integer
Default: 9101
Declared by:
<nixpkgs/nixos/modules/services/security/shibboleth-sp.nix>
|
services.shiori.enableWhether to enable Shiori simple bookmarks manager.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/shiori.nix>
|
services.shiori.packageThe Shiori package to use.
Type: package
Default: pkgs.shiori
Declared by:
<nixpkgs/nixos/modules/services/web-apps/shiori.nix>
|
services.shiori.addressThe IP address on which Shiori will listen. If empty, listens on all interfaces.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/shiori.nix>
|
services.shiori.portThe port of the Shiori web application
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8080
Declared by:
<nixpkgs/nixos/modules/services/web-apps/shiori.nix>
|
services.shorewall.enableWhether to enable Shorewall IPv4 Firewall.
Enabling this service WILL disable the existing NixOS firewall! Default firewall rules provided by packages are not considered at the moment.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/shorewall.nix>
|
services.shorewall.packageThe shorewall package to use.
Type: package
Default: pkgs.shorewall
Declared by:
<nixpkgs/nixos/modules/services/networking/shorewall.nix>
|
services.shorewall.configsThis option defines the Shorewall configs. The attribute name defines the name of the config, and the attribute value defines the content of the config.
Type: attribute set of strings concatenated with "\n"
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/shorewall.nix>
|
services.shorewall6.enableWhether to enable Shorewall IPv6 Firewall.
Enabling this service WILL disable the existing NixOS firewall! Default firewall rules provided by packages are not considered at the moment.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/shorewall6.nix>
|
services.shorewall6.packageThe shorewall package to use.
Type: package
Default: pkgs.shorewall
Declared by:
<nixpkgs/nixos/modules/services/networking/shorewall6.nix>
|
services.shorewall6.configsThis option defines the Shorewall configs. The attribute name defines the name of the config, and the attribute value defines the content of the config.
Type: attribute set of strings concatenated with "\n"
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/shorewall6.nix>
|
services.shout.enableWhether to enable Shout web IRC client.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/shout.nix>
|
services.shout.configShout config.js contents as attribute set (will be
converted to JSON to generate the configuration file).
The options defined here will be merged to the default configuration file.
Documentation: http://shout-irc.com/docs/server/configuration.html
Type: attribute set
Default: { }
Example:
{
defaults = {
host = "localhost";
name = "Your Network";
port = 6697;
};
displayNetwork = false;
}Declared by:
<nixpkgs/nixos/modules/services/networking/shout.nix>
|
services.shout.configFileContents of Shout's config.js file.
Used for backward compatibility, recommended way is now to use
the config option.
Documentation: http://shout-irc.com/docs/server/configuration.html
Type: null or strings concatenated with "\n"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/shout.nix>
|
services.shout.listenAddressIP interface to listen on for http connections.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/networking/shout.nix>
|
services.shout.portTCP port to listen on for http connections.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9000
Declared by:
<nixpkgs/nixos/modules/services/networking/shout.nix>
|
services.shout.privateMake your shout instance private. You will need to configure user
accounts by adding entries in /var/lib/shout/users.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/shout.nix>
|
services.sickbeard.enableWhether to enable the sickbeard server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/sickbeard.nix>
|
services.sickbeard.packageEnable pkgs.sickrage or pkgs.sickgear
as an alternative to SickBeard
Type: package
Default: pkgs.sickbeard
Example: pkgs.sickrage
Declared by:
<nixpkgs/nixos/modules/services/misc/sickbeard.nix>
|
services.sickbeard.configFilePath to config file.
Type: path
Default: "${config.services.sickbeard.dataDir}/config.ini"
Declared by:
<nixpkgs/nixos/modules/services/misc/sickbeard.nix>
|
services.sickbeard.dataDirPath where to store data files.
Type: path
Default: "/var/lib/sickbeard"
Declared by:
<nixpkgs/nixos/modules/services/misc/sickbeard.nix>
|
services.sickbeard.groupGroup to run the service as
Type: string
Default: "sickbeard"
Declared by:
<nixpkgs/nixos/modules/services/misc/sickbeard.nix>
|
services.sickbeard.portPort to bind to.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8081
Declared by:
<nixpkgs/nixos/modules/services/misc/sickbeard.nix>
|
services.sickbeard.userUser to run the service as
Type: string
Default: "sickbeard"
Declared by:
<nixpkgs/nixos/modules/services/misc/sickbeard.nix>
|
services.signald.enableWhether to enable the signald service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/signald.nix>
|
services.signald.groupGroup under which signald runs.
Type: string
Default: "signald"
Declared by:
<nixpkgs/nixos/modules/services/misc/signald.nix>
|
services.signald.socketPathPath to the signald socket
Type: string
Default: "/run/signald/signald.sock"
Declared by:
<nixpkgs/nixos/modules/services/misc/signald.nix>
|
services.signald.userUser under which signald runs.
Type: string
Default: "signald"
Declared by:
<nixpkgs/nixos/modules/services/misc/signald.nix>
|
services.siproxd.enableWhether to enable the Siproxd SIP proxy/masquerading daemon.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/siproxd.nix>
|
services.siproxd.extraConfigExtra configuration to add to siproxd configuration.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/misc/siproxd.nix>
|
services.siproxd.hostsAllowRegAcess control list for incoming SIP registrations.
Type: list of string
Default: [ ]
Example:
[ "192.168.1.0/24" "192.168.2.0/24" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/siproxd.nix>
|
services.siproxd.hostsAllowSipAcess control list for incoming SIP traffic.
Type: list of string
Default: [ ]
Example:
[ "123.45.0.0/16" "123.46.0.0/16" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/siproxd.nix>
|
services.siproxd.hostsDenySipAcess control list for denying incoming SIP registrations and traffic.
Type: list of string
Default: [ ]
Example:
[ "10.0.0.0/8" "11.0.0.0/8" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/siproxd.nix>
|
services.siproxd.ifInboundLocal network interface
Type: string
Example: "eth0"
Declared by:
<nixpkgs/nixos/modules/services/misc/siproxd.nix>
|
services.siproxd.ifOutboundPublic network interface
Type: string
Example: "ppp0"
Declared by:
<nixpkgs/nixos/modules/services/misc/siproxd.nix>
|
services.siproxd.passwordFilePath to per-user password file.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/misc/siproxd.nix>
|
services.siproxd.rtpDscpDSCP (differentiated services) value to be assigned to RTP packets. Allows QOS aware routers to handle different types traffic with different priorities.
Type: signed integer
Default: 46
Declared by:
<nixpkgs/nixos/modules/services/misc/siproxd.nix>
|
services.siproxd.rtpPortHighTop of UDP port range for incoming and outgoing RTP traffic
Type: signed integer
Default: 7089
Declared by:
<nixpkgs/nixos/modules/services/misc/siproxd.nix>
|
services.siproxd.rtpPortLowBottom of UDP port range for incoming and outgoing RTP traffic
Type: signed integer
Default: 7070
Declared by:
<nixpkgs/nixos/modules/services/misc/siproxd.nix>
|
services.siproxd.rtpTimeoutTimeout for an RTP stream. If for the specified number of seconds no data is relayed on an active stream, it is considered dead and will be killed.
Type: signed integer
Default: 300
Declared by:
<nixpkgs/nixos/modules/services/misc/siproxd.nix>
|
services.siproxd.sipDscpDSCP (differentiated services) value to be assigned to SIP packets. Allows QOS aware routers to handle different types traffic with different priorities.
Type: signed integer
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/misc/siproxd.nix>
|
services.siproxd.sipListenPortPort to listen for incoming SIP messages.
Type: signed integer
Default: 5060
Declared by:
<nixpkgs/nixos/modules/services/misc/siproxd.nix>
|
services.sks.enableWhether to enable SKS (synchronizing key server for OpenPGP) and start the database server. You need to create "${dataDir}/dump/*.gpg" for the initial import.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/security/sks.nix>
|
services.sks.packageWhich SKS derivation to use.
Type: package
Default: pkgs.sks
Declared by:
<nixpkgs/nixos/modules/services/security/sks.nix>
|
services.sks.dataDirData directory (-basedir) for SKS, where the database and all configuration files are located (e.g. KDB, PTree, membership and sksconf).
Type: path
Default: "/var/db/sks"
Example: "/var/lib/sks"
Declared by:
<nixpkgs/nixos/modules/services/security/sks.nix>
|
services.sks.extraDbConfigSet contents of the files "KDB/DB_CONFIG" and "PTree/DB_CONFIG" within the ${dataDir} directory. This is used to configure options for the database for the sks key server.
Documentation of available options are available in the file named "sampleConfig/DB_CONFIG" in the following repository: https://bitbucket.org/skskeyserver/sks-keyserver/src
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/security/sks.nix>
|
services.sks.hkpAddressDomain names, IPv4 and/or IPv6 addresses to listen on for HKP requests.
Type: list of string
Default:
[ "127.0.0.1" "::1" ]
Declared by:
<nixpkgs/nixos/modules/services/security/sks.nix>
|
services.sks.hkpPortHKP port to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 11371
Declared by:
<nixpkgs/nixos/modules/services/security/sks.nix>
|
services.sks.webrootSource directory (will be symlinked, if not null) for the files the built-in webserver should serve. SKS (${pkgs.sks.webSamples}) provides the following examples: "HTML5", "OpenPKG", and "XHTML+ES". The index file can be named index.html, index.htm, index.xhtm, or index.xhtml. Files with the extensions .css, .es, .js, .jpg, .jpeg, .png, or .gif are supported. Subdirectories and filenames with anything other than alphanumeric characters and the '.' character will be ignored.
Type: null or path
Default: "${package.webSamples}/OpenPKG"
Declared by:
<nixpkgs/nixos/modules/services/security/sks.nix>
|
services.skydns.enableWhether to enable skydns service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/skydns.nix>
|
services.skydns.packageSkydns package to use.
Type: package
Default: pkgs.skydns
Declared by:
<nixpkgs/nixos/modules/services/networking/skydns.nix>
|
services.skydns.addressSkydns address to bind to.
Type: string
Default: "0.0.0.0:53"
Declared by:
<nixpkgs/nixos/modules/services/networking/skydns.nix>
|
services.skydns.domainSkydns default domain if not specified by etcd config.
Type: string
Default: "skydns.local."
Declared by:
<nixpkgs/nixos/modules/services/networking/skydns.nix>
|
services.skydns.etcd.caCertSkydns path of TLS certificate authority public key.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/skydns.nix>
|
services.skydns.etcd.machinesSkydns list of etcd endpoints to connect to.
Type: list of string
Default:
[ "http://127.0.0.1:2379" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/skydns.nix>
|
services.skydns.etcd.tlsKeySkydns path of TLS client certificate - private key.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/skydns.nix>
|
services.skydns.etcd.tlsPemSkydns path of TLS client certificate - public key.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/skydns.nix>
|
services.skydns.extraConfigSkydns attribute set of extra config options passed as environment variables.
Type: attribute set of string
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/skydns.nix>
|
services.skydns.nameserversSkydns list of nameservers to forward DNS requests to when not authoritative for a domain.
Type: list of string
Default: map (n: n + ":53") config.networking.nameservers
Example:
[ "8.8.8.8:53" "8.8.4.4:53" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/skydns.nix>
|
services.slimserver.enableWhether to enable slimserver.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/audio/slimserver.nix>
|
services.slimserver.packageSlimserver package to use.
Type: package
Default: pkgs.slimserver
Declared by:
<nixpkgs/nixos/modules/services/audio/slimserver.nix>
|
services.slimserver.dataDirThe directory where slimserver stores its state, tag cache, playlists etc.
Type: path
Default: "/var/lib/slimserver"
Declared by:
<nixpkgs/nixos/modules/services/audio/slimserver.nix>
|
services.slurm.enableSrunX11If enabled srun will accept the option "--x11" to allow for X11 forwarding
from within an interactive session or a batch job. This activates the
slurm-spank-x11 module. Note that this option also enables
services.openssh.forwardX11 on the client.
This option requires slurm to be compiled without native X11 support. The default behavior is to re-compile the slurm package with native X11 support disabled if this option is set to true.
To use the native X11 support add PrologFlags=X11 in extraConfig.
Note that this method will only work RSA SSH host keys.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/computing/slurm/slurm.nix>
|
services.slurm.enableStoolsWhether to provide a slurm.conf file.
Enable this option if you do not run a slurm daemon on this host
(i.e. server.enable and client.enable are false)
but you still want to run slurm commands from this host.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/computing/slurm/slurm.nix>
|
services.slurm.packageThe package to use for slurm binaries.
Type: package
Default: pkgs.slurm
Example: pkgs.slurm-full
Declared by:
<nixpkgs/nixos/modules/services/computing/slurm/slurm.nix>
|
services.slurm.client.enableWhether to enable slurm client daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/computing/slurm/slurm.nix>
|
services.slurm.clusterNameNecessary to distinguish accounting records in a multi-cluster environment.
Type: string
Default: "default"
Example: "myCluster"
Declared by:
<nixpkgs/nixos/modules/services/computing/slurm/slurm.nix>
|
services.slurm.controlAddrName that ControlMachine should be referred to in establishing a communications path.
Type: null or string
Default: config.services.slurm.controlMachine
Example: null
Declared by:
<nixpkgs/nixos/modules/services/computing/slurm/slurm.nix>
|
services.slurm.controlMachineThe short hostname of the machine where SLURM control functions are executed (i.e. the name returned by the command "hostname -s", use "tux001" rather than "tux001.my.com").
Type: null or string
Default: null
Example: null
Declared by:
<nixpkgs/nixos/modules/services/computing/slurm/slurm.nix>
|
services.slurm.dbdserver.enableWhether to enable SlurmDBD service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/computing/slurm/slurm.nix>
|
services.slurm.dbdserver.dbdHostHostname of the machine where slurmdbd
is running (i.e. name returned by hostname -s).
Type: string
Default: config.networking.hostName
Declared by:
<nixpkgs/nixos/modules/services/computing/slurm/slurm.nix>
|
services.slurm.dbdserver.extraConfigExtra configuration for slurmdbd.conf See also:
slurmdbd.conf(8).
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/computing/slurm/slurm.nix>
|
services.slurm.dbdserver.storagePassFilePath to file with database password. The content of this will be used to
create the password for the StoragePass option.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/computing/slurm/slurm.nix>
|
services.slurm.dbdserver.storageUserDatabase user name.
Type: string
Default: config.services.slurm.user
Declared by:
<nixpkgs/nixos/modules/services/computing/slurm/slurm.nix>
|
services.slurm.extraCgroupConfigExtra configuration for cgroup.conf. This file is
used when procTrackType=proctrack/cgroup.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/computing/slurm/slurm.nix>
|
services.slurm.extraConfigExtra configuration options that will be added verbatim at the end of the slurm configuration file.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/computing/slurm/slurm.nix>
|
services.slurm.extraConfigPathsSlurm expects config files for plugins in the same path
as slurm.conf. Add extra nix store
paths that should be merged into same directory as
slurm.conf.
Type: list of path
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/computing/slurm/slurm.nix>
|
services.slurm.extraPlugstackConfigExtra configuration that will be added to the end of plugstack.conf.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/computing/slurm/slurm.nix>
|
services.slurm.nodeNameName that SLURM uses to refer to a node (or base partition for BlueGene systems). Typically this would be the string that "/bin/hostname -s" returns. Note that now you have to write node's parameters after the name.
Type: list of string
Default: [ ]
Example: [ "linux[1-32] CPUs=1 State=UNKNOWN" ];
Declared by:
<nixpkgs/nixos/modules/services/computing/slurm/slurm.nix>
|
services.slurm.partitionNameName by which the partition may be referenced. Note that now you have to write the partition's parameters after the name.
Type: list of string
Default: [ ]
Example: [ "debug Nodes=linux[1-32] Default=YES MaxTime=INFINITE State=UP" ];
Declared by:
<nixpkgs/nixos/modules/services/computing/slurm/slurm.nix>
|
services.slurm.procTrackTypePlugin to be used for process tracking on a job step basis. The slurmd daemon uses this mechanism to identify all processes which are children of processes it spawns for a user job step.
Type: string
Default: "proctrack/linuxproc"
Declared by:
<nixpkgs/nixos/modules/services/computing/slurm/slurm.nix>
|
services.slurm.server.enableWhether to enable the slurm control daemon.
Note that the standard authentication method is "munge".
The "munge" service needs to be provided with a password file in order for
slurm to work properly (see services.munge.password).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/computing/slurm/slurm.nix>
|
services.slurm.stateSaveLocationDirectory into which the Slurm controller, slurmctld, saves its state.
Type: string
Default: "/var/spool/slurmctld"
Declared by:
<nixpkgs/nixos/modules/services/computing/slurm/slurm.nix>
|
services.slurm.userSet this option when you want to run the slurmctld daemon as something else than the default slurm user "slurm". Note that the UID of this user needs to be the same on all nodes.
Type: string
Default: "slurm"
Declared by:
<nixpkgs/nixos/modules/services/computing/slurm/slurm.nix>
|
services.smartd.enableWhether to enable smartd daemon from smartmontools package.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/smartd.nix>
|
services.smartd.autodetectWhenever smartd should monitor all devices connected to the machine at the time it's being started (the default).
Set to false to monitor the devices listed in
services.smartd.devices only.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/smartd.nix>
|
services.smartd.defaults.autodetectedLike services.smartd.defaults.monitored, but for the
autodetected devices.
Type: strings concatenated with " "
Default: config.services.smartd.defaults.monitored
Declared by:
<nixpkgs/nixos/modules/services/monitoring/smartd.nix>
|
services.smartd.defaults.monitoredCommon default options for explicitly monitored (listed in
services.smartd.devices) devices.
The default value turns on monitoring of all the things (see
man 5 smartd.conf).
The example also turns on SMART Automatic Offline Testing on startup, and schedules short self-tests daily, and long self-tests weekly.
Type: strings concatenated with " "
Default: "-a"
Example: "-a -o on -s (S/../.././02|L/../../7/04)"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/smartd.nix>
|
services.smartd.devicesList of devices to monitor.
Type: list of (submodule)
Default: [ ]
Example:
[
{
device = "/dev/sda";
}
{
device = "/dev/sdb";
options = "-d sat";
}
]Declared by:
<nixpkgs/nixos/modules/services/monitoring/smartd.nix>
|
services.smartd.devices.*.deviceLocation of the device.
Type: string
Example: "/dev/sda"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/smartd.nix>
|
services.smartd.devices.*.optionsOptions that determine how smartd monitors the device.
Type: strings concatenated with " "
Default: ""
Example: "-d sat"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/smartd.nix>
|
services.smartd.extraOptionsExtra command-line options passed to the smartd
daemon on startup.
(See man 8 smartd.)
Type: list of string
Default: [ ]
Example:
[ "-A /var/log/smartd/" "--interval=3600" ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/smartd.nix>
|
services.smartd.notifications.mail.enableWhenever to send e-mail notifications.
Type: boolean
Default: config.services.mail.sendmailSetuidWrapper != null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/smartd.nix>
|
services.smartd.notifications.mail.mailerSendmail-compatible binary to be used to send the messages.
You should probably enable
services.postfix or some other MTA for
this to work.
Type: path
Default: "/run/wrappers/bin/sendmail"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/smartd.nix>
|
services.smartd.notifications.mail.recipientRecipient of the notification messages.
Type: string
Default: "root"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/smartd.nix>
|
services.smartd.notifications.mail.senderSender of the notification messages.
Acts as the value of email in the emails' From: ... field.
Type: string
Default: "root"
Example: "example@domain.tld"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/smartd.nix>
|
services.smartd.notifications.testWhenever to send a test notification on startup.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/smartd.nix>
|
services.smartd.notifications.wall.enableWhenever to send wall notifications to all users.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/smartd.nix>
|
services.smartd.notifications.x11.enableWhenever to send X11 xmessage notifications.
Type: boolean
Default: config.services.xserver.enable
Declared by:
<nixpkgs/nixos/modules/services/monitoring/smartd.nix>
|
services.smartd.notifications.x11.displayDISPLAY to send X11 notifications to.
Type: string
Default: ":${toString config.services.xserver.display}"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/smartd.nix>
|
services.smartdns.enableWhether to enable SmartDNS DNS server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/smartdns.nix>
|
services.smartdns.bindPortDNS listening port number.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 53
Declared by:
<nixpkgs/nixos/modules/services/networking/smartdns.nix>
|
services.smartdns.settingsA set that will be generated into configuration file, see the SmartDNS README for details of configuration parameters.
You could override the options here like services.smartdns.bindPort by writing settings.bind = ":5353 -no-rule -group example";.
Type: attribute set of ((list of (string or signed integer or boolean)) or (string or signed integer or boolean) convertible to it)
Example:
{
bind = ":5353 -no-rule -group example";
cache-size = 4096;
server-tls = [ "8.8.8.8:853" "1.1.1.1:853" ];
server-https = "https://cloudflare-dns.com/dns-query -exclude-default-group";
prefetch-domain = true;
speed-check-mode = "ping,tcp:80";
};
Declared by:
<nixpkgs/nixos/modules/services/networking/smartdns.nix>
|
services.smokeping.enableWhether to enable smokeping service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/smokeping.nix>
|
services.smokeping.packageSpecify a custom smokeping package
Type: package
Default: pkgs.smokeping
Declared by:
<nixpkgs/nixos/modules/services/networking/smokeping.nix>
|
services.smokeping.alertConfigConfiguration for alerts.
Type: strings concatenated with "\n"
Default:
'' to = root@localhost from = smokeping@localhost ''
Example:
'' to = alertee@address.somewhere from = smokealert@company.xy +someloss type = loss # in percent pattern = >0%,*12*,>0%,*12*,>0% comment = loss 3 times in a row; ''
Declared by:
<nixpkgs/nixos/modules/services/networking/smokeping.nix>
|
services.smokeping.cgiUrlURL to the smokeping cgi.
Type: string
Default: "http://${hostName}:${toString port}/smokeping.cgi"
Example: "https://somewhere.example.com/smokeping.cgi"
Declared by:
<nixpkgs/nixos/modules/services/networking/smokeping.nix>
|
services.smokeping.configFull smokeping config supplied by the user. Overrides and replaces any other configuration supplied.
Type: null or strings concatenated with "\n"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/smokeping.nix>
|
services.smokeping.databaseConfigConfigure the ping frequency and retention of the rrd files. Once set, changing the interval will require deletion or migration of all the collected data.
Type: strings concatenated with "\n"
Default:
''
step = 300
pings = 20
# consfn mrhb steps total
AVERAGE 0.5 1 1008
AVERAGE 0.5 12 4320
MIN 0.5 12 4320
MAX 0.5 12 4320
AVERAGE 0.5 144 720
MAX 0.5 144 720
MIN 0.5 144 720
''Example:
''
# near constant pings.
step = 30
pings = 20
# consfn mrhb steps total
AVERAGE 0.5 1 10080
AVERAGE 0.5 12 43200
MIN 0.5 12 43200
MAX 0.5 12 43200
AVERAGE 0.5 144 7200
MAX 0.5 144 7200
MIN 0.5 144 7200
''Declared by:
<nixpkgs/nixos/modules/services/networking/smokeping.nix>
|
services.smokeping.extraConfigAny additional customization not already included.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/smokeping.nix>
|
services.smokeping.hostHost/IP to bind to for the web server.
Setting it to null skips passing the -h option to thttpd,
which makes it bind to all interfaces.
Type: null or string
Default: "localhost"
Example: "192.0.2.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/smokeping.nix>
|
services.smokeping.hostNameDNS name for the urls generated in the cgi.
Type: string
Default: config.networking.fqdn
Example: "somewhere.example.com"
Declared by:
<nixpkgs/nixos/modules/services/networking/smokeping.nix>
|
services.smokeping.imgUrlBase url for images generated in the cgi.
The default is a relative URL to ensure it works also when e.g. forwarding the GUI port via SSH.
Type: string
Default: "cache"
Example: "https://somewhere.example.com/cache"
Declared by:
<nixpkgs/nixos/modules/services/networking/smokeping.nix>
|
services.smokeping.linkStyleDNS name for the urls generated in the cgi.
Type: one of "original", "absolute", "relative"
Default: "relative"
Example: "absolute"
Declared by:
<nixpkgs/nixos/modules/services/networking/smokeping.nix>
|
services.smokeping.mailHostUse this SMTP server to send alerts
Type: string
Default: ""
Example: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/networking/smokeping.nix>
|
services.smokeping.ownerReal name of the owner of the instance
Type: string
Default: "nobody"
Example: "Bob Foobawr"
Declared by:
<nixpkgs/nixos/modules/services/networking/smokeping.nix>
|
services.smokeping.ownerEmailEmail contact for owner
Type: string
Default: "no-reply@${hostName}"
Example: "no-reply@yourdomain.com"
Declared by:
<nixpkgs/nixos/modules/services/networking/smokeping.nix>
|
services.smokeping.portTCP port to use for the web server.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8081
Declared by:
<nixpkgs/nixos/modules/services/networking/smokeping.nix>
|
services.smokeping.presentationConfigpresentation graph style
Type: strings concatenated with "\n"
Default:
'' + charts menu = Charts title = The most interesting destinations ++ stddev sorter = StdDev(entries=>4) title = Top Standard Deviation menu = Std Deviation format = Standard Deviation %f ++ max sorter = Max(entries=>5) title = Top Max Roundtrip Time menu = by Max format = Max Roundtrip Time %f seconds ++ loss sorter = Loss(entries=>5) title = Top Packet Loss menu = Loss format = Packets Lost %f ++ median sorter = Median(entries=>5) title = Top Median Roundtrip Time menu = by Median format = Median RTT %f seconds + overview width = 600 height = 50 range = 10h + detail width = 600 height = 200 unison_tolerance = 2 "Last 3 Hours" 3h "Last 30 Hours" 30h "Last 10 Days" 10d "Last 360 Days" 360d ''
Declared by:
<nixpkgs/nixos/modules/services/networking/smokeping.nix>
|
services.smokeping.presentationTemplateDefault page layout for the web UI.
Type: string
Default: "${pkgs.smokeping}/etc/basepage.html.dist"
Declared by:
<nixpkgs/nixos/modules/services/networking/smokeping.nix>
|
services.smokeping.probeConfigProbe configuration
Type: strings concatenated with "\n"
Default:
''
+ FPing
binary = ${config.security.wrapperDir}/fping
''
Declared by:
<nixpkgs/nixos/modules/services/networking/smokeping.nix>
|
services.smokeping.sendmailUse this sendmail compatible script to deliver alerts
Type: null or path
Default: null
Example: "/run/wrappers/bin/sendmail"
Declared by:
<nixpkgs/nixos/modules/services/networking/smokeping.nix>
|
services.smokeping.smokeMailTemplateSpecify the smokemail template for alerts.
Type: string
Default: "${package}/etc/smokemail.dist"
Declared by:
<nixpkgs/nixos/modules/services/networking/smokeping.nix>
|
services.smokeping.targetConfigTarget configuration
Type: strings concatenated with "\n"
Default:
''
probe = FPing
menu = Top
title = Network Latency Grapher
remark = Welcome to the SmokePing website of xxx Company. \
Here you will learn all about the latency of our network.
+ Local
menu = Local
title = Local Network
++ LocalMachine
menu = Local Machine
title = This host
host = localhost
''Declared by:
<nixpkgs/nixos/modules/services/networking/smokeping.nix>
|
services.smokeping.userUser that runs smokeping and (optionally) thttpd. A group of the same name will be created as well.
Type: string
Default: "smokeping"
Declared by:
<nixpkgs/nixos/modules/services/networking/smokeping.nix>
|
services.smokeping.webServiceEnable a smokeping web interface
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/smokeping.nix>
|
services.snapper.cleanupIntervalCleanup interval.
The format is described in systemd.time(7).
Type: string
Default: "1d"
Declared by:
<nixpkgs/nixos/modules/services/misc/snapper.nix>
|
services.snapper.configsSubvolume configuration
Type: attribute set of (submodule)
Default: { }
Example:
{
home = {
subvolume = "/home";
extraConfig = ''
ALLOW_USERS="alice"
TIMELINE_CREATE=yes
TIMELINE_CLEANUP=yes
'';
};
}
Declared by:
<nixpkgs/nixos/modules/services/misc/snapper.nix>
|
services.snapper.configs.<name>.extraConfigAdditional configuration next to SUBVOLUME and FSTYPE. See man:snapper-configs(5).
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/misc/snapper.nix>
|
services.snapper.configs.<name>.fstypeFilesystem type. Only btrfs is stable and tested.
Type: value "btrfs" (singular enum)
Default: "btrfs"
Declared by:
<nixpkgs/nixos/modules/services/misc/snapper.nix>
|
services.snapper.configs.<name>.subvolumePath of the subvolume or mount point. This path is a subvolume and has to contain a subvolume named .snapshots. See also man:snapper(8) section PERMISSIONS.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/misc/snapper.nix>
|
services.snapper.filtersGlobal display difference filter. See man:snapper(8) for more details.
Type: null or strings concatenated with "\n"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/snapper.nix>
|
services.snapper.snapshotIntervalSnapshot interval.
The format is described in systemd.time(7).
Type: string
Default: "hourly"
Declared by:
<nixpkgs/nixos/modules/services/misc/snapper.nix>
|
services.snapper.snapshotRootOnBootWhether to snapshot root on boot
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/snapper.nix>
|
services.snapserver.enableWhether to enable snapserver.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/audio/snapserver.nix>
|
services.snapserver.bufferNetwork buffer in ms.
Type: null or signed integer
Default: null
Example: 1000
Declared by:
<nixpkgs/nixos/modules/services/audio/snapserver.nix>
|
services.snapserver.codecDefault audio compression method.
Type: null or string
Default: null
Example: "flac"
Declared by:
<nixpkgs/nixos/modules/services/audio/snapserver.nix>
|
services.snapserver.http.enableWhether to enable the JSON-RPC via HTTP.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/audio/snapserver.nix>
|
services.snapserver.http.docRootPath to serve from the HTTP servers root.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/audio/snapserver.nix>
|
services.snapserver.http.listenAddressThe address where the HTTP JSON-RPC listens on.
Type: string
Default: "::"
Example: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/audio/snapserver.nix>
|
services.snapserver.http.portThe port where the HTTP JSON-RPC listens on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 1780
Declared by:
<nixpkgs/nixos/modules/services/audio/snapserver.nix>
|
services.snapserver.listenAddressThe address where snapclients can connect.
Type: string
Default: "::"
Example: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/audio/snapserver.nix>
|
services.snapserver.openFirewallWhether to automatically open the specified ports in the firewall.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/audio/snapserver.nix>
|
services.snapserver.portThe port that snapclients can connect to.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 1704
Declared by:
<nixpkgs/nixos/modules/services/audio/snapserver.nix>
|
services.snapserver.sampleFormatDefault sample format.
Type: null or string
Default: null
Example: "48000:16:2"
Declared by:
<nixpkgs/nixos/modules/services/audio/snapserver.nix>
|
services.snapserver.sendToMutedSend audio to muted clients.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/audio/snapserver.nix>
|
services.snapserver.streamBufferStream read (input) buffer in ms.
Type: null or signed integer
Default: null
Example: 20
Declared by:
<nixpkgs/nixos/modules/services/audio/snapserver.nix>
|
services.snapserver.streamsThe definition for an input source.
Type: attribute set of (submodule)
Default:
{
default = { };
}Example:
{
mpd = {
type = "pipe";
location = "/run/snapserver/mpd";
sampleFormat = "48000:16:2";
codec = "pcm";
};
};
Declared by:
<nixpkgs/nixos/modules/services/audio/snapserver.nix>
|
services.snapserver.streams.<name>.codecDefault audio compression method.
Type: null or string
Default: null
Example: "flac"
Declared by:
<nixpkgs/nixos/modules/services/audio/snapserver.nix>
|
services.snapserver.streams.<name>.locationFor type pipe or file, the path to the pipe or file.
For type librespot, airplay or process, the path to the corresponding binary.
For type tcp, the host:port address to connect to or listen on.
For type meta, a list of stream names in the form /one/two/.... Don't forget the leading slash.
For type alsa, use an empty string.
Type: path or string
Example:
"/path/to/pipe" "/path/to/librespot" "192.168.1.2:4444" "/MyTCP/Spotify/MyPipe"
Declared by:
<nixpkgs/nixos/modules/services/audio/snapserver.nix>
|
services.snapserver.streams.<name>.queryKey-value pairs that convey additional parameters about a stream.
Type: attribute set of string
Default: { }
Example:
# for type == "pipe":
{
mode = "create";
};
# for type == "process":
{
params = "--param1 --param2";
logStderr = "true";
};
# for type == "tcp":
{
mode = "client";
}
# for type == "alsa":
{
device = "hw:0,0";
}
Declared by:
<nixpkgs/nixos/modules/services/audio/snapserver.nix>
|
services.snapserver.streams.<name>.sampleFormatDefault sample format.
Type: null or string
Default: null
Example: "48000:16:2"
Declared by:
<nixpkgs/nixos/modules/services/audio/snapserver.nix>
|
services.snapserver.streams.<name>.typeThe type of input stream.
Type: one of "pipe", "librespot", "airplay", "file", "process", "tcp", "alsa", "spotify", "meta"
Default: "pipe"
Declared by:
<nixpkgs/nixos/modules/services/audio/snapserver.nix>
|
services.snapserver.tcp.enableWhether to enable the JSON-RPC via TCP.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/audio/snapserver.nix>
|
services.snapserver.tcp.listenAddressThe address where the TCP JSON-RPC listens on.
Type: string
Default: "::"
Example: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/audio/snapserver.nix>
|
services.snapserver.tcp.portThe port where the TCP JSON-RPC listens on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 1705
Declared by:
<nixpkgs/nixos/modules/services/audio/snapserver.nix>
|
services.snipe-it.enableWhether to enable A free open source IT asset/license management system.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/snipe-it.nix>
|
services.snipe-it.appKeyFileA file containing the Laravel APP_KEY - a 32 character long,
base64 encoded key used for encryption where needed. Can be
generated with head -c 32 /dev/urandom | base64.
Type: path
Example: "/run/keys/snipe-it/appkey"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/snipe-it.nix>
|
services.snipe-it.appURLThe root URL that you want to host Snipe-IT on. All URLs in Snipe-IT will be generated using this value.
If you change this in the future you may need to run a command to update stored URLs in the database.
Command example: snipe-it snipe-it:update-url https://old.example.com https://new.example.com
Type: string
Default:
''
http''${lib.optionalString tlsEnabled "s"}://''${cfg.hostName}
''Example: "https://example.com"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/snipe-it.nix>
|
services.snipe-it.configSnipe-IT configuration options to set in the
.env file.
Refer to https://snipe-it.readme.io/docs/configuration
for details on supported values.
Settings containing secret data should be set to an attribute
set containing the attribute _secret - a
string pointing to a file containing the value the option
should be set to. See the example to get a better picture of
this: in the resulting .env file, the
OIDC_CLIENT_SECRET key will be set to the
contents of the /run/keys/oidc_secret
file.
Type: attribute set of (null or boolean or signed integer or 16 bit unsigned integer; between 0 and 65535 (both inclusive) or path or string or (submodule))
Default: { }
Example:
{
ALLOWED_IFRAME_HOSTS = "https://example.com";
WKHTMLTOPDF = "${pkgs.wkhtmltopdf}/bin/wkhtmltopdf";
AUTH_METHOD = "oidc";
OIDC_NAME = "MyLogin";
OIDC_DISPLAY_NAME_CLAIMS = "name";
OIDC_CLIENT_ID = "snipe-it";
OIDC_CLIENT_SECRET = {_secret = "/run/keys/oidc_secret"};
OIDC_ISSUER = "https://keycloak.example.com/auth/realms/My%20Realm";
OIDC_ISSUER_DISCOVER = true;
}
Declared by:
<nixpkgs/nixos/modules/services/web-apps/snipe-it.nix>
|
services.snipe-it.dataDirsnipe-it data directory
Type: path
Default: "/var/lib/snipe-it"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/snipe-it.nix>
|
services.snipe-it.database.createLocallyCreate the database and database user locally.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/snipe-it.nix>
|
services.snipe-it.database.hostDatabase host address.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/snipe-it.nix>
|
services.snipe-it.database.nameDatabase name.
Type: string
Default: "snipeit"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/snipe-it.nix>
|
services.snipe-it.database.passwordFileA file containing the password corresponding to
database.user.
Type: null or path
Default: null
Example: "/run/keys/snipe-it/dbpassword"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/snipe-it.nix>
|
services.snipe-it.database.portDatabase host port.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 3306
Declared by:
<nixpkgs/nixos/modules/services/web-apps/snipe-it.nix>
|
services.snipe-it.database.userDatabase username.
Type: string
Default: user
Declared by:
<nixpkgs/nixos/modules/services/web-apps/snipe-it.nix>
|
services.snipe-it.groupGroup snipe-it runs as.
Type: string
Default: "snipeit"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/snipe-it.nix>
|
services.snipe-it.hostNameThe hostname to serve Snipe-IT on.
Type: string
Default: config.networking.fqdnOrHostName
Example: "snipe-it.example.com"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/snipe-it.nix>
|
services.snipe-it.mail.backupNotificationAddressEmail Address to send Backup Notifications to.
Type: string
Default: "backup@example.com"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/snipe-it.nix>
|
services.snipe-it.mail.driverMail driver to use.
Type: one of "smtp", "sendmail"
Default: "smtp"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/snipe-it.nix>
|
services.snipe-it.mail.encryptionSMTP encryption mechanism to use.
Type: null or one of "tls", "ssl"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/snipe-it.nix>
|
services.snipe-it.mail.from.addressMail "from" address.
Type: string
Default: "mail@example.com"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/snipe-it.nix>
|
services.snipe-it.mail.from.nameMail "from" name.
Type: string
Default: "Snipe-IT Asset Management"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/snipe-it.nix>
|
services.snipe-it.mail.hostMail host address.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/snipe-it.nix>
|
services.snipe-it.mail.passwordFileA file containing the password corresponding to
mail.user.
Type: null or path
Default: null
Example: "/run/keys/snipe-it/mailpassword"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/snipe-it.nix>
|
services.snipe-it.mail.portMail host port.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 1025
Declared by:
<nixpkgs/nixos/modules/services/web-apps/snipe-it.nix>
|
services.snipe-it.mail.replyTo.addressMail "reply-to" address.
Type: string
Default: "mail@example.com"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/snipe-it.nix>
|
services.snipe-it.mail.replyTo.nameMail "reply-to" name.
Type: string
Default: "Snipe-IT Asset Management"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/snipe-it.nix>
|
services.snipe-it.mail.userMail username.
Type: null or string
Default: null
Example: "snipeit"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/snipe-it.nix>
|
services.snipe-it.maxUploadSizeThe maximum size for uploads (e.g. images).
Type: string
Default: "18M"
Example: "1G"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/snipe-it.nix>
|
services.snipe-it.nginxWith this option, you can customize the nginx virtualHost settings.
Type: submodule
Default: { }
Example:
{
serverAliases = [
"snipe-it.${config.networking.domain}"
];
# To enable encryption and let let's encrypt take care of certificate
forceSSL = true;
enableACME = true;
}
Declared by:
<nixpkgs/nixos/modules/services/web-apps/snipe-it.nix>
|
services.snipe-it.nginx.enableACMEWhether to ask Let's Encrypt to sign a certificate for this vhost.
Alternately, you can use an existing certificate through useACMEHost.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/snipe-it.nix>
|
services.snipe-it.nginx.acmeFallbackHostHost which to proxy requests to if ACME challenge is not found. Useful if you want multiple hosts to be able to verify the same domain name.
With this option, you could request certificates for the present domain with an ACME client that is running on another host, which you would specify here.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/snipe-it.nix>
|
services.snipe-it.nginx.acmeRootDirectory for the ACME challenge, which is public. Don't put certs or keys in here. Set to null to inherit from config.security.acme.
Type: null or string
Default: "/var/lib/acme/acme-challenge"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/snipe-it.nix>
|
services.snipe-it.nginx.addSSLWhether to enable HTTPS in addition to plain HTTP. This will set defaults for
listen to listen on all interfaces on the respective default
ports (80, 443).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/snipe-it.nix>
|
services.snipe-it.nginx.basicAuthBasic Auth protection for a vhost.
WARNING: This is implemented to store the password in plain text in the Nix store.
Type: attribute set of string
Default: { }
Example:
{
user = "password";
};
Declared by:
<nixpkgs/nixos/modules/services/web-apps/snipe-it.nix>
|
services.snipe-it.nginx.basicAuthFileBasic Auth password file for a vhost. Can be created via: htpasswd -c <filename> <username>.
WARNING: The generate file contains the users' passwords in a non-cryptographically-securely hashed way.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/snipe-it.nix>
|
services.snipe-it.nginx.defaultMakes this vhost the default.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/snipe-it.nix>
|
services.snipe-it.nginx.extraConfigThese lines go to the end of the vhost verbatim.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/snipe-it.nix>
|
services.snipe-it.nginx.forceSSLWhether to add a separate nginx server block that permanently redirects (301)
all plain HTTP traffic to HTTPS. This will set defaults for
listen to listen on all interfaces on the respective default
ports (80, 443), where the non-SSL listens are used for the redirect vhosts.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/snipe-it.nix>
|
services.snipe-it.nginx.globalRedirectIf set, all requests for this host are redirected permanently to the given hostname.
Type: null or string
Default: null
Example: "newserver.example.org"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/snipe-it.nix>
|
services.snipe-it.nginx.http2Whether to enable HTTP 2. Note that (as of writing) due to nginx's implementation, to disable HTTP 2 you have to disable it on all vhosts that use a given IP address / port. If there is one server block configured to enable http2,then it is enabled for all server blocks on this IP. See https://stackoverflow.com/a/39466948/263061.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/snipe-it.nix>
|
services.snipe-it.nginx.http3Whether to enable HTTP 3.
This requires using pkgs.nginxQuic package
which can be achieved by setting services.nginx.package = pkgs.nginxQuic;.
Note that HTTP 3 support is experimental and
not yet recommended for production.
Read more at https://quic.nginx.org/
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/snipe-it.nix>
|
services.snipe-it.nginx.kTLSWhether to enable kTLS support. Implementing TLS in the kernel (kTLS) improves performance by significantly reducing the need for copying operations between user space and the kernel. Required Nginx version 1.21.4 or later.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/snipe-it.nix>
|
services.snipe-it.nginx.listenListen addresses and ports for this virtual host.
IPv6 addresses must be enclosed in square brackets.
Note: this option overrides addSSL
and onlySSL.
If you only want to set the addresses manually and not
the ports, take a look at listenAddresses
Type: list of (submodule)
Default: [ ]
Example:
[
{
addr = "195.154.1.1";
port = 443;
ssl = true;
}
{
addr = "192.154.1.1";
port = 80;
}
]Declared by:
<nixpkgs/nixos/modules/services/web-apps/snipe-it.nix>
|
services.snipe-it.nginx.listen.*.addrIP address.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/snipe-it.nix>
|
services.snipe-it.nginx.listen.*.extraParametersExtra parameters of this listen directive.
Type: list of string
Default: [ ]
Example:
[ "backlog=1024" "deferred" ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/snipe-it.nix>
|
services.snipe-it.nginx.listen.*.portPort number.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 80
Declared by:
<nixpkgs/nixos/modules/services/web-apps/snipe-it.nix>
|
services.snipe-it.nginx.listen.*.sslEnable SSL.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/snipe-it.nix>
|
services.snipe-it.nginx.listenAddressesListen addresses for this virtual host.
Compared to listen this only sets the addresses
and the ports are chosen automatically.
Note: This option overrides enableIPv6
Type: list of string
Default: [ ]
Example:
[ "127.0.0.1" "[::1]" ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/snipe-it.nix>
|
services.snipe-it.nginx.locationsDeclarative location config
Type: attribute set of (submodule)
Default: { }
Example:
{
"/" = {
proxyPass = "http://localhost:3000";
};
};
Declared by:
<nixpkgs/nixos/modules/services/web-apps/snipe-it.nix>
|
services.snipe-it.nginx.locations.<name>.aliasAlias directory for requests.
Type: null or path
Default: null
Example: "/your/alias/directory"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/snipe-it.nix>
|
services.snipe-it.nginx.locations.<name>.basicAuthBasic Auth protection for a vhost.
WARNING: This is implemented to store the password in plain text in the Nix store.
Type: attribute set of string
Default: { }
Example:
{
user = "password";
};
Declared by:
<nixpkgs/nixos/modules/services/web-apps/snipe-it.nix>
|
services.snipe-it.nginx.locations.<name>.basicAuthFileBasic Auth password file for a vhost. Can be created via: htpasswd -c <filename> <username>.
WARNING: The generate file contains the users' passwords in a non-cryptographically-securely hashed way.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/snipe-it.nix>
|
services.snipe-it.nginx.locations.<name>.extraConfigThese lines go to the end of the location verbatim.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/snipe-it.nix>
|
services.snipe-it.nginx.locations.<name>.fastcgiParamsFastCGI parameters to override. Unlike in the Nginx configuration file, overriding only some default parameters won't unset the default values for other parameters.
Type: attribute set of (string or path)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/web-apps/snipe-it.nix>
|
services.snipe-it.nginx.locations.<name>.indexAdds index directive.
Type: null or string
Default: null
Example: "index.php index.html"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/snipe-it.nix>
|
services.snipe-it.nginx.locations.<name>.priorityOrder of this location block in relation to the others in the vhost.
The semantics are the same as with lib.mkOrder. Smaller values have
a greater priority.
Type: signed integer
Default: 1000
Declared by:
<nixpkgs/nixos/modules/services/web-apps/snipe-it.nix>
|
services.snipe-it.nginx.locations.<name>.proxyPassAdds proxy_pass directive and sets recommended proxy headers if recommendedProxySettings is enabled.
Type: null or string
Default: null
Example: "http://www.example.org/"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/snipe-it.nix>
|
services.snipe-it.nginx.locations.<name>.proxyWebsocketsWhether to support proxying websocket connections with HTTP/1.1.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/snipe-it.nix>
|
services.snipe-it.nginx.locations.<name>.recommendedProxySettingsEnable recommended proxy settings.
Type: boolean
Default: config.services.nginx.recommendedProxySettings
Declared by:
<nixpkgs/nixos/modules/services/web-apps/snipe-it.nix>
|
services.snipe-it.nginx.locations.<name>.returnAdds a return directive, for e.g. redirections.
Type: null or string
Default: null
Example: "301 http://example.com$request_uri"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/snipe-it.nix>
|
services.snipe-it.nginx.locations.<name>.rootRoot directory for requests.
Type: null or path
Default: null
Example: "/your/root/directory"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/snipe-it.nix>
|
services.snipe-it.nginx.locations.<name>.tryFilesAdds try_files directive.
Type: null or string
Default: null
Example: "$uri =404"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/snipe-it.nix>
|
services.snipe-it.nginx.onlySSLWhether to enable HTTPS and reject plain HTTP connections. This will set
defaults for listen to listen on all interfaces on port 443.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/snipe-it.nix>
|
services.snipe-it.nginx.rejectSSLWhether to listen for and reject all HTTPS connections to this vhost. Useful in
default
server blocks to avoid serving the certificate for another vhost. Uses the
ssl_reject_handshake directive available in nginx versions
1.19.4 and above.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/snipe-it.nix>
|
services.snipe-it.nginx.reuseportCreate an individual listening socket . It is required to specify only once on one of the hosts.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/snipe-it.nix>
|
services.snipe-it.nginx.rootThe path of the web root directory.
Type: null or path
Default: null
Example: "/data/webserver/docs"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/snipe-it.nix>
|
services.snipe-it.nginx.serverAliasesAdditional names of virtual hosts served by this virtual host configuration.
Type: list of string
Default: [ ]
Example:
[ "www.example.org" "example.org" ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/snipe-it.nix>
|
services.snipe-it.nginx.serverNameName of this virtual host. Defaults to attribute name in virtualHosts.
Type: null or string
Default: null
Example: "example.org"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/snipe-it.nix>
|
services.snipe-it.nginx.sslCertificatePath to server SSL certificate.
Type: path
Example: "/var/host.cert"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/snipe-it.nix>
|
services.snipe-it.nginx.sslCertificateKeyPath to server SSL certificate key.
Type: path
Example: "/var/host.key"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/snipe-it.nix>
|
services.snipe-it.nginx.sslTrustedCertificatePath to root SSL certificate for stapling and client certificates.
Type: null or path
Default: null
Example: "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/snipe-it.nix>
|
services.snipe-it.nginx.useACMEHostA host of an existing Let's Encrypt certificate to use.
This is useful if you have many subdomains and want to avoid hitting the
rate limit.
Alternately, you can generate a certificate through enableACME.
Note that this option does not create any certificates, nor it does add subdomains to existing ones – you will need to create them manually using security.acme.certs.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/snipe-it.nix>
|
services.snipe-it.poolConfigOptions for the snipe-it PHP pool. See the documentation on php-fpm.conf
for details on configuration directives.
Type: attribute set of (string or signed integer or boolean)
Default:
{
pm = "dynamic";
"pm.max_children" = 32;
"pm.max_requests" = 500;
"pm.max_spare_servers" = 4;
"pm.min_spare_servers" = 2;
"pm.start_servers" = 2;
}Declared by:
<nixpkgs/nixos/modules/services/web-apps/snipe-it.nix>
|
services.snipe-it.userUser snipe-it runs as.
Type: string
Default: "snipeit"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/snipe-it.nix>
|
services.sniproxy.enableWhether to enable sniproxy server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/sniproxy.nix>
|
services.sniproxy.configsniproxy.conf configuration excluding the daemon username and pid file.
Type: strings concatenated with "\n"
Default: ""
Example:
''
error_log {
filename /var/log/sniproxy/error.log
}
access_log {
filename /var/log/sniproxy/access.log
}
listen 443 {
proto tls
}
table {
example.com 192.0.2.10
example.net 192.0.2.20
}
''Declared by:
<nixpkgs/nixos/modules/services/networking/sniproxy.nix>
|
services.sniproxy.groupGroup under which sniproxy runs.
Type: string
Default: "sniproxy"
Declared by:
<nixpkgs/nixos/modules/services/networking/sniproxy.nix>
|
services.sniproxy.userUser account under which sniproxy runs.
Type: string
Default: "sniproxy"
Declared by:
<nixpkgs/nixos/modules/services/networking/sniproxy.nix>
|
services.snowflake-proxy.enableWhether to enable System to defeat internet censorship.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/snowflake-proxy.nix>
|
services.snowflake-proxy.brokerBroker URL (default "https://snowflake-broker.torproject.net/")
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/snowflake-proxy.nix>
|
services.snowflake-proxy.capacityLimits the amount of maximum concurrent clients allowed.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/snowflake-proxy.nix>
|
services.snowflake-proxy.relaywebsocket relay URL (default "wss://snowflake.bamsoftware.com/")
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/snowflake-proxy.nix>
|
services.snowflake-proxy.stunSTUN broker URL (default "stun:stun.stunprotocol.org:3478")
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/snowflake-proxy.nix>
|
services.softether.enableWhether to enable SoftEther VPN services.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/softether.nix>
|
services.softether.packagesoftether derivation to use.
Type: package
Default: pkgs.softether
Declared by:
<nixpkgs/nixos/modules/services/networking/softether.nix>
|
services.softether.dataDirData directory for SoftEther VPN.
Type: path
Default: "/var/lib/softether"
Declared by:
<nixpkgs/nixos/modules/services/networking/softether.nix>
|
services.softether.vpnbridge.enableWhether to enable SoftEther VPN Bridge.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/softether.nix>
|
services.softether.vpnclient.enableWhether to enable SoftEther VPN Client.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/softether.nix>
|
services.softether.vpnclient.downShell commands executed when the Virtual Network Adapter(s) is/are shutting down.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/softether.nix>
|
services.softether.vpnclient.upShell commands executed when the Virtual Network Adapter(s) is/are starting.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/softether.nix>
|
services.softether.vpnserver.enableWhether to enable SoftEther VPN Server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/softether.nix>
|
services.sogo.enableWhether to enable SOGo groupware.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/sogo.nix>
|
services.sogo.configReplacesReplacement-filepath mapping for sogo.conf. Every key is replaced with the contents of the file specified as value.
In the example, every occurrence of LDAP_BINDPW will be replaced with the text of the specified file.
Type: attribute set of string
Default: { }
Example:
{
LDAP_BINDPW = "/var/lib/secrets/sogo/ldappw";
}Declared by:
<nixpkgs/nixos/modules/services/web-apps/sogo.nix>
|
services.sogo.ealarmsCredFileOptional path to a credentials file for email alarms
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/sogo.nix>
|
services.sogo.extraConfigExtra sogo.conf configuration lines
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/sogo.nix>
|
services.sogo.languageLanguage of SOGo
Type: string
Default: "English"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/sogo.nix>
|
services.sogo.timezoneTimezone of your SOGo instance
Type: string
Example: "America/Montreal"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/sogo.nix>
|
services.sogo.vhostNameName of the nginx vhost
Type: string
Default: "sogo"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/sogo.nix>
|
services.soju.enableWhether to enable soju.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/soju.nix>
|
services.soju.enableMessageLoggingWhether to enable message logging.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/soju.nix>
|
services.soju.acceptProxyIPAllow the specified IPs to act as a proxy. Proxys have the ability to overwrite the remote and local connection addresses (via the X-Forwarded-* HTTP header fields). The special name "localhost" accepts the loopback addresses 127.0.0.0/8 and ::1/128. By default, all IPs are rejected.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/soju.nix>
|
services.soju.extraConfigLines added verbatim to the configuration file.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/soju.nix>
|
services.soju.hostNameServer hostname.
Type: string
Default: config.networking.hostName
Declared by:
<nixpkgs/nixos/modules/services/networking/soju.nix>
|
services.soju.httpOriginsList of allowed HTTP origins for WebSocket listeners. The parameters are interpreted as shell patterns, see glob(7).
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/soju.nix>
|
services.soju.listenWhere soju should listen for incoming connections. See the
listen directive in
soju(1).
Type: list of string
Default:
[ ":6697" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/soju.nix>
|
services.soju.tlsCertificatePath to server TLS certificate.
Type: null or path
Default: null
Example: "/var/host.cert"
Declared by:
<nixpkgs/nixos/modules/services/networking/soju.nix>
|
services.soju.tlsCertificateKeyPath to server TLS certificate key.
Type: null or path
Default: null
Example: "/var/host.key"
Declared by:
<nixpkgs/nixos/modules/services/networking/soju.nix>
|
services.solanum.enableWhether to enable Solanum IRC daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/solanum.nix>
|
services.solanum.configSolanum IRC daemon configuration file. check https://github.com/solanum-ircd/solanum/blob/main/doc/reference.conf for all options.
Type: string
Default:
''
serverinfo {
name = "irc.example.com";
sid = "1ix";
description = "irc!";
vhost = "0.0.0.0";
vhost6 = "::";
};
listen {
host = "0.0.0.0";
port = 6667;
};
auth {
user = "*@*";
class = "users";
flags = exceed_limit;
};
channel {
default_split_user_count = 0;
};
''Declared by:
<nixpkgs/nixos/modules/services/networking/solanum.nix>
|
services.solanum.motdSolanum MOTD text.
Solanum will read its MOTD from /etc/solanum/ircd.motd.
If set, the value of this option will be written to this path.
Type: null or strings concatenated with "\n"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/solanum.nix>
|
services.solanum.openFilesLimitMaximum number of open files. Limits the clients and server connections.
Type: signed integer
Default: 1024
Declared by:
<nixpkgs/nixos/modules/services/networking/solanum.nix>
|
services.solr.enableWhether to enable Solr.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/search/solr.nix>
|
services.solr.packageWhich Solr package to use.
Type: package
Default: pkgs.solr
Declared by:
<nixpkgs/nixos/modules/services/search/solr.nix>
|
services.solr.extraJavaOptionsExtra command line options given to the java process running Solr.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/search/solr.nix>
|
services.solr.groupGroup under which Solr is ran.
Type: string
Default: "solr"
Declared by:
<nixpkgs/nixos/modules/services/search/solr.nix>
|
services.solr.portPort on which Solr is ran.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8983
Declared by:
<nixpkgs/nixos/modules/services/search/solr.nix>
|
services.solr.stateDirThe solr home directory containing config, data, and logging files.
Type: path
Default: "/var/lib/solr"
Declared by:
<nixpkgs/nixos/modules/services/search/solr.nix>
|
services.solr.userUser under which Solr is ran.
Type: string
Default: "solr"
Declared by:
<nixpkgs/nixos/modules/services/search/solr.nix>
|
services.sonarr.enableWhether to enable Sonarr.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/sonarr.nix>
|
services.sonarr.packageSonarr package to use.
Type: package
Default: pkgs.sonarr
Declared by:
<nixpkgs/nixos/modules/services/misc/sonarr.nix>
|
services.sonarr.dataDirThe directory where Sonarr stores its data files.
Type: string
Default: "/var/lib/sonarr/.config/NzbDrone"
Declared by:
<nixpkgs/nixos/modules/services/misc/sonarr.nix>
|
services.sonarr.groupGroup under which Sonaar runs.
Type: string
Default: "sonarr"
Declared by:
<nixpkgs/nixos/modules/services/misc/sonarr.nix>
|
services.sonarr.openFirewallOpen ports in the firewall for the Sonarr web interface
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/sonarr.nix>
|
services.sonarr.userUser account under which Sonaar runs.
Type: string
Default: "sonarr"
Declared by:
<nixpkgs/nixos/modules/services/misc/sonarr.nix>
|
services.sourcehut.enableWhether to enable sourcehut - git hosting, continuous integration, mailing list, ticket tracking, wiki and account management services .
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.builds.enableWhether to enable builds service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.builds.enableWorkerWhether to enable worker for builds.sr.ht
For smaller deployments, job runners can be installed alongside the master server but even if you only build your own software, integration with other services may cause you to run untrusted builds (e.g. automatic testing of patches via listssrht). See https://man.sr.ht/builds.sr.ht/configuration.md#security-model.
.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.builds.groupGroup for builds.sr.ht. Membership grants access to the Git/Mercurial repositories by default, but not to the config.ini file (where secrets are).
Type: string
Default: "buildsrht"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.builds.gunicorn.extraArgsExtra arguments passed to Gunicorn.
Type: list of string
Default:
[ "--timeout 120" "--workers 1" "--log-level=info" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.builds.imagesImages for builds.sr.ht. Each package should be distro.release.arch and point to a /nix/store/package/root.img.qcow2.
Type: attribute set of attribute set of attribute set of package
Default: { }
Example:
(let
# Pinning unstable to allow usage with flakes and limit rebuilds.
pkgs_unstable = builtins.fetchGit {
url = "https://github.com/NixOS/nixpkgs";
rev = "ff96a0fa5635770390b184ae74debea75c3fd534";
ref = "nixos-unstable";
};
image_from_nixpkgs = (import ("${pkgs.sourcehut.buildsrht}/lib/images/nixos/image.nix") {
pkgs = (import pkgs_unstable {});
});
in
{
nixos.unstable.x86_64 = image_from_nixpkgs;
}
)Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.builds.portPort on which the "builds" backend should listen.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 5002
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.builds.postgresql.databasePostgreSQL database name for the builds.sr.ht service,
used if services.sourcehut.postgresql.enable is true.
Type: string
Default: "builds.sr.ht"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.builds.redis.hostThe redis host URL. This is used for caching and temporary storage, and must be shared between nodes (e.g. git1.sr.ht and git2.sr.ht), but need not be shared between services. It may be shared between services, however, with no ill effect, if this better suits your infrastructure.
Type: string
Default: "unix:///run/redis-sourcehut-buildsrht/redis.sock?db=0"
Example: "redis://shared.wireguard:6379/0"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.builds.userUser for builds.sr.ht.
Type: string
Default: "buildsrht"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.git.enableWhether to enable git service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.git.packageGit package for git.sr.ht. This can help silence collisions.
Type: package
Default: pkgs.git
Example: pkgs.gitFull
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.git.fcgiwrap.preforkProcessNumber of fcgiwrap processes to prefork.
Type: signed integer
Default: 4
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.git.groupGroup for git.sr.ht. Membership grants access to the Git/Mercurial repositories by default, but not to the config.ini file (where secrets are).
Type: string
Default: "gitsrht"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.git.gunicorn.extraArgsExtra arguments passed to Gunicorn.
Type: list of string
Default:
[ "--timeout 120" "--workers 1" "--log-level=info" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.git.portPort on which the "git" backend should listen.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 5001
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.git.postgresql.databasePostgreSQL database name for the git.sr.ht service,
used if services.sourcehut.postgresql.enable is true.
Type: string
Default: "git.sr.ht"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.git.redis.hostThe redis host URL. This is used for caching and temporary storage, and must be shared between nodes (e.g. git1.sr.ht and git2.sr.ht), but need not be shared between services. It may be shared between services, however, with no ill effect, if this better suits your infrastructure.
Type: string
Default: "unix:///run/redis-sourcehut-gitsrht/redis.sock?db=0"
Example: "redis://shared.wireguard:6379/0"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.git.userUser for git.sr.ht.
Type: string
Default: "gitsrht"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.git.webhooks.celeryConfigContent of the celeryconfig.py used by the Celery responsible for webhooks.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.git.webhooks.extraArgsExtra arguments passed to the Celery responsible for webhooks.
Type: list of string
Default:
[ "--loglevel DEBUG" "--pool eventlet" "--without-heartbeat" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.hg.enableWhether to enable hg service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.hg.packageMercurial package for hg.sr.ht. This can help silence collisions.
Type: package
Default: pkgs.mercurial
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.hg.cloneBundlesGenerate clonebundles (which require more disk space but dramatically speed up cloning large repositories).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.hg.groupGroup for hg.sr.ht. Membership grants access to the Git/Mercurial repositories by default, but not to the config.ini file (where secrets are).
Type: string
Default: "hgsrht"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.hg.gunicorn.extraArgsExtra arguments passed to Gunicorn.
Type: list of string
Default:
[ "--timeout 120" "--workers 1" "--log-level=info" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.hg.portPort on which the "hg" backend should listen.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 5010
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.hg.postgresql.databasePostgreSQL database name for the hg.sr.ht service,
used if services.sourcehut.postgresql.enable is true.
Type: string
Default: "hg.sr.ht"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.hg.redis.hostThe redis host URL. This is used for caching and temporary storage, and must be shared between nodes (e.g. git1.sr.ht and git2.sr.ht), but need not be shared between services. It may be shared between services, however, with no ill effect, if this better suits your infrastructure.
Type: string
Default: "unix:///run/redis-sourcehut-hgsrht/redis.sock?db=0"
Example: "redis://shared.wireguard:6379/0"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.hg.userUser for hg.sr.ht.
Type: string
Default: "hgsrht"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.hg.webhooks.celeryConfigContent of the celeryconfig.py used by the Celery responsible for webhooks.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.hg.webhooks.extraArgsExtra arguments passed to the Celery responsible for webhooks.
Type: list of string
Default:
[ "--loglevel DEBUG" "--pool eventlet" "--without-heartbeat" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.hub.enableWhether to enable hub service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.hub.groupGroup for hub.sr.ht. Membership grants access to the Git/Mercurial repositories by default, but not to the config.ini file (where secrets are).
Type: string
Default: "hubsrht"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.hub.gunicorn.extraArgsExtra arguments passed to Gunicorn.
Type: list of string
Default:
[ "--timeout 120" "--workers 1" "--log-level=info" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.hub.portPort on which the "hub" backend should listen.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 5014
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.hub.postgresql.databasePostgreSQL database name for the hub.sr.ht service,
used if services.sourcehut.postgresql.enable is true.
Type: string
Default: "hub.sr.ht"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.hub.redis.hostThe redis host URL. This is used for caching and temporary storage, and must be shared between nodes (e.g. git1.sr.ht and git2.sr.ht), but need not be shared between services. It may be shared between services, however, with no ill effect, if this better suits your infrastructure.
Type: string
Default: "unix:///run/redis-sourcehut-hubsrht/redis.sock?db=0"
Example: "redis://shared.wireguard:6379/0"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.hub.userUser for hub.sr.ht.
Type: string
Default: "hubsrht"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.listenAddressAddress to bind to.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.lists.enableWhether to enable lists service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.lists.groupGroup for lists.sr.ht. Membership grants access to the Git/Mercurial repositories by default, but not to the config.ini file (where secrets are).
Type: string
Default: "listssrht"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.lists.gunicorn.extraArgsExtra arguments passed to Gunicorn.
Type: list of string
Default:
[ "--timeout 120" "--workers 1" "--log-level=info" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.lists.portPort on which the "lists" backend should listen.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 5006
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.lists.postgresql.databasePostgreSQL database name for the lists.sr.ht service,
used if services.sourcehut.postgresql.enable is true.
Type: string
Default: "lists.sr.ht"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.lists.process.celeryConfigContent of the celeryconfig.py used by the Celery of listssrht-process.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.lists.process.extraArgsExtra arguments passed to the Celery responsible for processing mails.
Type: list of string
Default:
[ "--loglevel DEBUG" "--pool eventlet" "--without-heartbeat" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.lists.redis.hostThe redis host URL. This is used for caching and temporary storage, and must be shared between nodes (e.g. git1.sr.ht and git2.sr.ht), but need not be shared between services. It may be shared between services, however, with no ill effect, if this better suits your infrastructure.
Type: string
Default: "unix:///run/redis-sourcehut-listssrht/redis.sock?db=0"
Example: "redis://shared.wireguard:6379/0"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.lists.userUser for lists.sr.ht.
Type: string
Default: "listssrht"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.lists.webhooks.celeryConfigContent of the celeryconfig.py used by the Celery responsible for webhooks.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.lists.webhooks.extraArgsExtra arguments passed to the Celery responsible for webhooks.
Type: list of string
Default:
[ "--loglevel DEBUG" "--pool eventlet" "--without-heartbeat" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.man.enableWhether to enable man service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.man.groupGroup for man.sr.ht. Membership grants access to the Git/Mercurial repositories by default, but not to the config.ini file (where secrets are).
Type: string
Default: "mansrht"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.man.gunicorn.extraArgsExtra arguments passed to Gunicorn.
Type: list of string
Default:
[ "--timeout 120" "--workers 1" "--log-level=info" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.man.portPort on which the "man" backend should listen.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 5004
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.man.postgresql.databasePostgreSQL database name for the man.sr.ht service,
used if services.sourcehut.postgresql.enable is true.
Type: string
Default: "man.sr.ht"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.man.redis.hostThe redis host URL. This is used for caching and temporary storage, and must be shared between nodes (e.g. git1.sr.ht and git2.sr.ht), but need not be shared between services. It may be shared between services, however, with no ill effect, if this better suits your infrastructure.
Type: string
Default: "unix:///run/redis-sourcehut-mansrht/redis.sock?db=0"
Example: "redis://shared.wireguard:6379/0"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.man.userUser for man.sr.ht.
Type: string
Default: "mansrht"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.meta.enableWhether to enable meta service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.meta.groupGroup for meta.sr.ht. Membership grants access to the Git/Mercurial repositories by default, but not to the config.ini file (where secrets are).
Type: string
Default: "metasrht"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.meta.gunicorn.extraArgsExtra arguments passed to Gunicorn.
Type: list of string
Default:
[ "--timeout 120" "--workers 1" "--log-level=info" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.meta.portPort on which the "meta" backend should listen.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 5000
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.meta.postgresql.databasePostgreSQL database name for the meta.sr.ht service,
used if services.sourcehut.postgresql.enable is true.
Type: string
Default: "meta.sr.ht"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.meta.redis.hostThe redis host URL. This is used for caching and temporary storage, and must be shared between nodes (e.g. git1.sr.ht and git2.sr.ht), but need not be shared between services. It may be shared between services, however, with no ill effect, if this better suits your infrastructure.
Type: string
Default: "unix:///run/redis-sourcehut-metasrht/redis.sock?db=0"
Example: "redis://shared.wireguard:6379/0"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.meta.userUser for meta.sr.ht.
Type: string
Default: "metasrht"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.meta.webhooks.celeryConfigContent of the celeryconfig.py used by the Celery responsible for webhooks.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.meta.webhooks.extraArgsExtra arguments passed to the Celery responsible for webhooks.
Type: list of string
Default:
[ "--loglevel DEBUG" "--pool eventlet" "--without-heartbeat" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.minio.enableWhether to enable local minio integration.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.nginx.enableWhether to enable local nginx integration.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.nginx.virtualHostVirtual-host configuration merged with all Sourcehut's virtual-hosts.
Type: attribute set
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.pages.enableWhether to enable pages service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.pages.groupGroup for pages.sr.ht. Membership grants access to the Git/Mercurial repositories by default, but not to the config.ini file (where secrets are).
Type: string
Default: "pagessrht"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.pages.gunicorn.extraArgsExtra arguments passed to Gunicorn.
Type: list of string
Default:
[ "--timeout 120" "--workers 1" "--log-level=info" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.pages.portPort on which the "pages" backend should listen.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 5112
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.pages.postgresql.databasePostgreSQL database name for the pages.sr.ht service,
used if services.sourcehut.postgresql.enable is true.
Type: string
Default: "pages.sr.ht"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.pages.redis.hostThe redis host URL. This is used for caching and temporary storage, and must be shared between nodes (e.g. git1.sr.ht and git2.sr.ht), but need not be shared between services. It may be shared between services, however, with no ill effect, if this better suits your infrastructure.
Type: string
Default: "unix:///run/redis-sourcehut-pagessrht/redis.sock?db=0"
Example: "redis://shared.wireguard:6379/0"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.pages.userUser for pages.sr.ht.
Type: string
Default: "pagessrht"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.paste.enableWhether to enable paste service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.paste.groupGroup for paste.sr.ht. Membership grants access to the Git/Mercurial repositories by default, but not to the config.ini file (where secrets are).
Type: string
Default: "pastesrht"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.paste.gunicorn.extraArgsExtra arguments passed to Gunicorn.
Type: list of string
Default:
[ "--timeout 120" "--workers 1" "--log-level=info" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.paste.portPort on which the "paste" backend should listen.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 5011
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.paste.postgresql.databasePostgreSQL database name for the paste.sr.ht service,
used if services.sourcehut.postgresql.enable is true.
Type: string
Default: "paste.sr.ht"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.paste.redis.hostThe redis host URL. This is used for caching and temporary storage, and must be shared between nodes (e.g. git1.sr.ht and git2.sr.ht), but need not be shared between services. It may be shared between services, however, with no ill effect, if this better suits your infrastructure.
Type: string
Default: "unix:///run/redis-sourcehut-pastesrht/redis.sock?db=0"
Example: "redis://shared.wireguard:6379/0"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.paste.userUser for paste.sr.ht.
Type: string
Default: "pastesrht"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.postfix.enableWhether to enable local postfix integration.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.postgresql.enableWhether to enable local postgresql integration.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.redis.enableWhether to enable local redis integration in a dedicated redis-server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.servicesServices that may be displayed as links in the title bar of the Web interface.
Type: list of (one of "builds", "git", "hg", "hub", "lists", "man", "meta", "pages", "paste", "todo")
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settingsThe configuration for the sourcehut network.
Type: attribute set of attribute set of (INI atom (null, bool, int, float or string) or a non-empty list of them)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."builds.sr.ht".allow-freeWhether to enable nonpaying users to submit builds.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."builds.sr.ht".connection-stringSQLAlchemy connection string for the database.
Type: string
Default: "postgresql:///localhost?user=buildssrht&host=/run/postgresql"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."builds.sr.ht".debug-hostAddress to bind the debug server to.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."builds.sr.ht".debug-portPort to bind the debug server to.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."builds.sr.ht".migrate-on-upgradeWhether to enable automatic migrations on package upgrade.
Type: boolean
Default: true
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."builds.sr.ht".oauth-client-idbuilds.sr.ht's OAuth client id for meta.sr.ht.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."builds.sr.ht".oauth-client-secretbuilds.sr.ht's OAuth client secret for meta.sr.ht.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."builds.sr.ht".originURL builds.sr.ht is being served at (protocol://domain)
Type: string
Default: "https://builds.example.com"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."builds.sr.ht".redisThe Redis connection used for the Celery worker.
Type: string
Default: "redis+socket:///run/redis-sourcehut-buildsrht/redis.sock?virtual_host=2"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."builds.sr.ht".shellScripts used to launch on SSH connection.
/usr/bin/master-shell on master,
/usr/bin/runner-shell on runner.
If master and worker are on the same system
set to /usr/bin/runner-shell.
Type: one of "/usr/bin/master-shell", "/usr/bin/runner-shell"
Default: "/usr/bin/master-shell"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."builds.sr.ht::worker".bind-addressHTTP bind address for serving local build information/monitoring.
Type: string
Default: "localhost:8080"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."builds.sr.ht::worker".buildlogsPath to write build logs.
Type: string
Default: "/var/log/sourcehut/buildsrht-worker"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."builds.sr.ht::worker".nameListening address and listening port of the build runner (with HTTP port if not 80).
Type: string
Default: "localhost:5020"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."builds.sr.ht::worker".timeoutMax build duration. See https://golang.org/pkg/time/#ParseDuration.
Type: string
Default: "3m"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."git.sr.ht".connection-stringSQLAlchemy connection string for the database.
Type: string
Default: "postgresql:///localhost?user=gitsrht&host=/run/postgresql"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."git.sr.ht".debug-hostAddress to bind the debug server to.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."git.sr.ht".debug-portPort to bind the debug server to.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."git.sr.ht".migrate-on-upgradeWhether to enable automatic migrations on package upgrade.
Type: boolean
Default: true
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."git.sr.ht".oauth-client-idgit.sr.ht's OAuth client id for meta.sr.ht.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."git.sr.ht".oauth-client-secretgit.sr.ht's OAuth client secret for meta.sr.ht.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."git.sr.ht".originURL git.sr.ht is being served at (protocol://domain)
Type: string
Default: "https://git.example.com"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."git.sr.ht".outgoing-domainOutgoing domain.
Type: string
Default: "https://git.localhost.localdomain"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."git.sr.ht".post-update-scriptA post-update script which is installed in every git repo. This setting is propagated to newer and existing repositories.
Type: path
Default: "\${pkgs.sourcehut.gitsrht}/bin/gitsrht-update-hook"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."git.sr.ht".reposPath to git repositories on disk. If changing the default, you must ensure that the gitsrht's user as read and write access to it.
Type: string
Default: "/var/lib/sourcehut/gitsrht/repos"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."git.sr.ht".webhooksThe Redis connection used for the webhooks worker.
Type: string
Default: "redis+socket:///run/redis-sourcehut-gitsrht/redis.sock?virtual_host=1"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."git.sr.ht::api".internal-ipnetSet of IP subnets which are permitted to utilize internal API
authentication. This should be limited to the subnets
from which your *.sr.ht services are running.
See services.sourcehut.listenAddress.
Type: list of string
Default:
[ "127.0.0.0/8" "::1/128" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."hg.sr.ht".changegroup-scriptA changegroup script which is installed in every mercurial repo. This setting is propagated to newer and existing repositories.
Type: string
Default: "\${cfg.python}/bin/hgsrht-hook-changegroup"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."hg.sr.ht".clone_bundle_threshold.hg/store size (in MB) past which the nightly job generates clone bundles.
Type: unsigned integer, meaning >=0
Default: 50
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."hg.sr.ht".connection-stringSQLAlchemy connection string for the database.
Type: string
Default: "postgresql:///localhost?user=hgsrht&host=/run/postgresql"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."hg.sr.ht".debug-hostAddress to bind the debug server to.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."hg.sr.ht".debug-portPort to bind the debug server to.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."hg.sr.ht".hg_sshPath to hg-ssh (if not in $PATH).
Type: string
Default: "\${pkgs.mercurial}/bin/hg-ssh"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."hg.sr.ht".migrate-on-upgradeWhether to enable automatic migrations on package upgrade.
Type: boolean
Default: true
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."hg.sr.ht".oauth-client-idhg.sr.ht's OAuth client id for meta.sr.ht.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."hg.sr.ht".oauth-client-secrethg.sr.ht's OAuth client secret for meta.sr.ht.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."hg.sr.ht".originURL hg.sr.ht is being served at (protocol://domain)
Type: string
Default: "https://hg.example.com"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."hg.sr.ht".reposPath to mercurial repositories on disk. If changing the default, you must ensure that the hgsrht's user as read and write access to it.
Type: string
Default: "/var/lib/sourcehut/hgsrht/repos"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."hg.sr.ht".srhtextPath to the srht mercurial extension (defaults to where the hgsrht code is)
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."hg.sr.ht".webhooksThe Redis connection used for the webhooks worker.
Type: string
Default: "redis+socket:///run/redis-sourcehut-hgsrht/redis.sock?virtual_host=1"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."hub.sr.ht".connection-stringSQLAlchemy connection string for the database.
Type: string
Default: "postgresql:///localhost?user=hubsrht&host=/run/postgresql"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."hub.sr.ht".debug-hostAddress to bind the debug server to.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."hub.sr.ht".debug-portPort to bind the debug server to.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."hub.sr.ht".migrate-on-upgradeWhether to enable automatic migrations on package upgrade.
Type: boolean
Default: true
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."hub.sr.ht".oauth-client-idhub.sr.ht's OAuth client id for meta.sr.ht.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."hub.sr.ht".oauth-client-secrethub.sr.ht's OAuth client secret for meta.sr.ht.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."hub.sr.ht".originURL hub.sr.ht is being served at (protocol://domain)
Type: string
Default: "https://hub.example.com"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."lists.sr.ht".allow-new-listsWhether to enable Allow creation of new lists..
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."lists.sr.ht".connection-stringSQLAlchemy connection string for the database.
Type: string
Default: "postgresql:///localhost?user=listssrht&host=/run/postgresql"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."lists.sr.ht".debug-hostAddress to bind the debug server to.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."lists.sr.ht".debug-portPort to bind the debug server to.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."lists.sr.ht".migrate-on-upgradeWhether to enable automatic migrations on package upgrade.
Type: boolean
Default: true
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."lists.sr.ht".notify-fromOutgoing email for notifications generated by users.
Type: string
Default: "lists-notify@localhost.localdomain"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."lists.sr.ht".oauth-client-idlists.sr.ht's OAuth client id for meta.sr.ht.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."lists.sr.ht".oauth-client-secretlists.sr.ht's OAuth client secret for meta.sr.ht.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."lists.sr.ht".originURL lists.sr.ht is being served at (protocol://domain)
Type: string
Default: "https://lists.example.com"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."lists.sr.ht".posting-domainPosting domain.
Type: string
Default: "lists.localhost.localdomain"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."lists.sr.ht".redisThe Redis connection used for the Celery worker.
Type: string
Default: "redis+socket:///run/redis-sourcehut-listssrht/redis.sock?virtual_host=2"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."lists.sr.ht".webhooksThe Redis connection used for the webhooks worker.
Type: string
Default: "redis+socket:///run/redis-sourcehut-listssrht/redis.sock?virtual_host=1"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."lists.sr.ht::worker".reject-mimetypesComma-delimited list of Content-Types to reject. Messages with Content-Types included in this list are rejected. Multipart messages are always supported, and each part is checked against this list.
Uses fnmatch for wildcard expansion.
Type: list of string
Default:
[ "text/html" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."lists.sr.ht::worker".reject-urlReject URL.
Type: string
Default: "https://man.sr.ht/lists.sr.ht/etiquette.md"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."lists.sr.ht::worker".sockPath for the lmtp daemon's unix socket. Direct incoming mail to this socket. Alternatively, specify IP:PORT and an SMTP server will be run instead.
Type: string
Default: "/tmp/lists.sr.ht-lmtp.sock"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."lists.sr.ht::worker".sock-groupThe lmtp daemon will make the unix socket group-read/write for users in this group.
Type: string
Default: "postfix"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings.mail.error-fromAddress sending application exceptions
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings.mail.error-toAddress receiving application exceptions
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings.mail.pgp-key-idOpenPGP key identifier.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings.mail.pgp-privkeyAn absolute file path (which should be outside the Nix-store) to an OpenPGP private key.
Your PGP key information (DO NOT mix up pub and priv here)
You must remove the password from your secret key, if present.
You can do this with gpg --edit-key [key-id],
then use the passwd command and do not enter a new password.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings.mail.pgp-pubkeyOpenPGP public key.
Type: path or string
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings.mail.smtp-fromOutgoing SMTP FROM.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings.mail.smtp-hostOutgoing SMTP host.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings.mail.smtp-passwordOutgoing SMTP password.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings.mail.smtp-portOutgoing SMTP port.
Type: null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings.mail.smtp-userOutgoing SMTP user.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."man.sr.ht".connection-stringSQLAlchemy connection string for the database.
Type: string
Default: "postgresql:///localhost?user=mansrht&host=/run/postgresql"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."man.sr.ht".debug-hostAddress to bind the debug server to.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."man.sr.ht".debug-portPort to bind the debug server to.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."man.sr.ht".migrate-on-upgradeWhether to enable automatic migrations on package upgrade.
Type: boolean
Default: true
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."man.sr.ht".oauth-client-idman.sr.ht's OAuth client id for meta.sr.ht.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."man.sr.ht".oauth-client-secretman.sr.ht's OAuth client secret for meta.sr.ht.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."man.sr.ht".originURL man.sr.ht is being served at (protocol://domain)
Type: string
Default: "https://man.example.com"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."meta.sr.ht".api-originOrigin URL for API, 100 more than web.
Type: string
Default: "http://${services.sourcehut.listenAddress}:${toString (services.sourcehut.meta.port+ 100)}"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."meta.sr.ht".connection-stringSQLAlchemy connection string for the database.
Type: string
Default: "postgresql:///localhost?user=metasrht&host=/run/postgresql"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."meta.sr.ht".debug-hostAddress to bind the debug server to.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."meta.sr.ht".debug-portPort to bind the debug server to.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."meta.sr.ht".migrate-on-upgradeWhether to enable automatic migrations on package upgrade.
Type: boolean
Default: true
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."meta.sr.ht".originURL meta.sr.ht is being served at (protocol://domain)
Type: string
Default: "https://meta.example.com"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."meta.sr.ht".webhooksThe Redis connection used for the webhooks worker.
Type: string
Default: "redis+socket:///run/redis-sourcehut-metasrht/redis.sock?virtual_host=1"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."meta.sr.ht".welcome-emailsWhether to enable sending stock sourcehut welcome emails after signup.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."meta.sr.ht::aliases"Aliases for the client IDs of commonly used OAuth clients.
Type: attribute set of signed integer
Default: { }
Example:
{
"git.sr.ht" = 12345;
}Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."meta.sr.ht::api".internal-ipnetSet of IP subnets which are permitted to utilize internal API
authentication. This should be limited to the subnets
from which your *.sr.ht services are running.
See services.sourcehut.listenAddress.
Type: list of string
Default:
[ "127.0.0.0/8" "::1/128" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."meta.sr.ht::billing".enabledWhether to enable the billing system.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."meta.sr.ht::billing".stripe-public-keyPublic key for Stripe. Get your keys at https://dashboard.stripe.com/account/apikeys
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."meta.sr.ht::billing".stripe-secret-keyAn absolute file path (which should be outside the Nix-store) to a secret key for Stripe. Get your keys at https://dashboard.stripe.com/account/apikeys
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."meta.sr.ht::settings".onboarding-redirectWhere to redirect new users upon registration.
Type: string
Default: "https://meta.localhost.localdomain"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."meta.sr.ht::settings".registrationWhether to enable public registration.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."meta.sr.ht::settings".user-invitesHow many invites each user is issued upon registration (only applicable if open registration is disabled).
Type: unsigned integer, meaning >=0
Default: 5
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings.objects.s3-access-keyAccess key to the S3-compatible object storage service
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings.objects.s3-secret-keyAn absolute file path (which should be outside the Nix-store) to the secret key of the S3-compatible object storage service.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings.objects.s3-upstreamConfigure the S3-compatible object storage service.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."pages.sr.ht".connection-stringSQLAlchemy connection string for the database.
Type: string
Default: "postgresql:///localhost?user=pagessrht&host=/run/postgresql"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."pages.sr.ht".debug-hostAddress to bind the debug server to.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."pages.sr.ht".debug-portPort to bind the debug server to.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."pages.sr.ht".gemini-certsAn absolute file path (which should be outside the Nix-store) to Gemini certificates.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."pages.sr.ht".max-site-sizeMaximum size of any given site (post-gunzip), in MiB.
Type: signed integer
Default: 1024
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."pages.sr.ht".migrate-on-upgradeWhether to enable automatic migrations on package upgrade.
Type: boolean
Default: true
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."pages.sr.ht".oauth-client-idpages.sr.ht's OAuth client id for meta.sr.ht.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."pages.sr.ht".oauth-client-secretpages.sr.ht's OAuth client secret for meta.sr.ht.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."pages.sr.ht".originURL pages.sr.ht is being served at (protocol://domain)
Type: string
Default: "https://pages.example.com"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."pages.sr.ht".user-domainConfigures the user domain, if enabled. All users are given <username>.this.domain.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."pages.sr.ht::api".internal-ipnetSet of IP subnets which are permitted to utilize internal API
authentication. This should be limited to the subnets
from which your *.sr.ht services are running.
See services.sourcehut.listenAddress.
Type: list of string
Default:
[ "127.0.0.0/8" "::1/128" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."paste.sr.ht".connection-stringSQLAlchemy connection string for the database.
Type: string
Default: "postgresql:///localhost?user=pastesrht&host=/run/postgresql"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."paste.sr.ht".debug-hostAddress to bind the debug server to.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."paste.sr.ht".debug-portPort to bind the debug server to.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."paste.sr.ht".migrate-on-upgradeWhether to enable automatic migrations on package upgrade.
Type: boolean
Default: true
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."paste.sr.ht".oauth-client-idpaste.sr.ht's OAuth client id for meta.sr.ht.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."paste.sr.ht".oauth-client-secretpaste.sr.ht's OAuth client secret for meta.sr.ht.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."paste.sr.ht".originURL paste.sr.ht is being served at (protocol://domain)
Type: string
Default: "https://paste.example.com"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."sr.ht".environmentValues other than "production" adds a banner to each page.
Type: one of "development", "production"
Default: "development"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."sr.ht".global-domainGlobal domain name.
Type: string
Example: "example.com"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."sr.ht".network-keyAn absolute file path (which should be outside the Nix-store)
to a secret key to encrypt internal messages with. Use srht-keygen network to
generate this key. It must be consistent between all services and nodes.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."sr.ht".owner-emailOwner's email.
Type: string
Default: "contact@example.com"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."sr.ht".owner-nameOwner's name.
Type: string
Default: "John Doe"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."sr.ht".service-keyAn absolute file path (which should be outside the Nix-store)
to a key used for encrypting session cookies. Use srht-keygen service to
generate the service key. This must be shared between each node of the same
service (e.g. git1.sr.ht and git2.sr.ht), but different services may use
different keys. If you configure all of your services with the same
config.ini, you may use the same service-key for all of them.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."sr.ht".site-blurbBlurb for your site.
Type: string
Default: "the hacker's forge"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."sr.ht".site-infoThe top-level info page for your site.
Type: string
Default: "https://sourcehut.org"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."sr.ht".site-nameThe name of your network of sr.ht-based sites.
Type: string
Default: "sourcehut"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."sr.ht".source-urlThe source code for your fork of sr.ht.
Type: string
Default: "https://git.sr.ht/~sircmpwn/srht"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."todo.sr.ht".connection-stringSQLAlchemy connection string for the database.
Type: string
Default: "postgresql:///localhost?user=todosrht&host=/run/postgresql"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."todo.sr.ht".debug-hostAddress to bind the debug server to.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."todo.sr.ht".debug-portPort to bind the debug server to.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."todo.sr.ht".migrate-on-upgradeWhether to enable automatic migrations on package upgrade.
Type: boolean
Default: true
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."todo.sr.ht".notify-fromOutgoing email for notifications generated by users.
Type: string
Default: "todo-notify@localhost.localdomain"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."todo.sr.ht".oauth-client-idtodo.sr.ht's OAuth client id for meta.sr.ht.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."todo.sr.ht".oauth-client-secrettodo.sr.ht's OAuth client secret for meta.sr.ht.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."todo.sr.ht".originURL todo.sr.ht is being served at (protocol://domain)
Type: string
Default: "https://todo.example.com"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."todo.sr.ht".webhooksThe Redis connection used for the webhooks worker.
Type: string
Default: "redis+socket:///run/redis-sourcehut-todosrht/redis.sock?virtual_host=1"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."todo.sr.ht::mail".posting-domainPosting domain.
Type: string
Default: "todo.localhost.localdomain"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."todo.sr.ht::mail".sockPath for the lmtp daemon's unix socket. Direct incoming mail to this socket. Alternatively, specify IP:PORT and an SMTP server will be run instead.
Type: string
Default: "/tmp/todo.sr.ht-lmtp.sock"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings."todo.sr.ht::mail".sock-groupThe lmtp daemon will make the unix socket group-read/write for users in this group.
Type: string
Default: "postfix"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.settings.webhooks.private-keyAn absolute file path (which should be outside the Nix-store)
to a base64-encoded Ed25519 key for signing webhook payloads.
This should be consistent for all *.sr.ht sites,
as this key will be used to verify signatures
from other sites in your network.
Use the srht-keygen webhook command to generate a key.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.todo.enableWhether to enable todo service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.todo.groupGroup for todo.sr.ht. Membership grants access to the Git/Mercurial repositories by default, but not to the config.ini file (where secrets are).
Type: string
Default: "todosrht"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.todo.gunicorn.extraArgsExtra arguments passed to Gunicorn.
Type: list of string
Default:
[ "--timeout 120" "--workers 1" "--log-level=info" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.todo.portPort on which the "todo" backend should listen.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 5003
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.todo.postgresql.databasePostgreSQL database name for the todo.sr.ht service,
used if services.sourcehut.postgresql.enable is true.
Type: string
Default: "todo.sr.ht"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.todo.redis.hostThe redis host URL. This is used for caching and temporary storage, and must be shared between nodes (e.g. git1.sr.ht and git2.sr.ht), but need not be shared between services. It may be shared between services, however, with no ill effect, if this better suits your infrastructure.
Type: string
Default: "unix:///run/redis-sourcehut-todosrht/redis.sock?db=0"
Example: "redis://shared.wireguard:6379/0"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.todo.userUser for todo.sr.ht.
Type: string
Default: "todosrht"
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.todo.webhooks.celeryConfigContent of the celeryconfig.py used by the Celery responsible for webhooks.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.sourcehut.todo.webhooks.extraArgsExtra arguments passed to the Celery responsible for webhooks.
Type: list of string
Default:
[ "--loglevel DEBUG" "--pool eventlet" "--without-heartbeat" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/sourcehut>
|
services.spacecookie.enableWhether to enable spacecookie.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/spacecookie.nix>
|
services.spacecookie.packageThe spacecookie derivation to use. This can be used to override the used package or to use another version.
Type: package
Default: pkgs.spacecookie
Example: pkgs.haskellPackages.spacecookie
Declared by:
<nixpkgs/nixos/modules/services/networking/spacecookie.nix>
|
services.spacecookie.addressAddress to listen on. Must be in the
ListenStream= syntax of
systemd.socket(5).
Type: string
Default: "[::]"
Declared by:
<nixpkgs/nixos/modules/services/networking/spacecookie.nix>
|
services.spacecookie.openFirewallWhether to open the necessary port in the firewall for spacecookie.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/spacecookie.nix>
|
services.spacecookie.portPort the gopher service should be exposed on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 70
Declared by:
<nixpkgs/nixos/modules/services/networking/spacecookie.nix>
|
services.spacecookie.settingsSettings for spacecookie. The settings set here are directly translated to the spacecookie JSON config file. See spacecookie.json(5) for explanations of all options.
Type: JSON value
Declared by:
<nixpkgs/nixos/modules/services/networking/spacecookie.nix>
|
services.spacecookie.settings.hostnameThe hostname the service is reachable via. Clients will use this hostname for further requests after loading the initial gopher menu.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/networking/spacecookie.nix>
|
services.spacecookie.settings.log.enableWhether to enable logging for spacecookie.
Type: boolean
Default: true
Example: false
Declared by:
<nixpkgs/nixos/modules/services/networking/spacecookie.nix>
|
services.spacecookie.settings.log.hide-ipsIf enabled, spacecookie will hide personal information of users like IP addresses from log output.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/spacecookie.nix>
|
services.spacecookie.settings.log.hide-timeIf enabled, spacecookie will not print timestamps at the beginning of every log line.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/spacecookie.nix>
|
services.spacecookie.settings.log.levelLog level for the spacecookie service.
Type: one of "info", "warn", "error"
Default: "info"
Declared by:
<nixpkgs/nixos/modules/services/networking/spacecookie.nix>
|
services.spacecookie.settings.rootThe directory spacecookie should serve via gopher.
Files in there need to be world-readable since
the spacecookie service file sets
DynamicUser=true.
Type: path
Default: "/srv/gopher"
Declared by:
<nixpkgs/nixos/modules/services/networking/spacecookie.nix>
|
services.spamassassin.enableWhether to enable the SpamAssassin daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/mail/spamassassin.nix>
|
services.spamassassin.configThe SpamAssassin local.cf config
If you are using this configuration:
add_header all Status _YESNO_, score=_SCORE_ required=_REQD_ tests=_TESTS_ autolearn=_AUTOLEARN_ version=_VERSION_
Then you can Use this sieve filter:
require ["fileinto", "reject", "envelope"];
if header :contains "X-Spam-Flag" "YES" {
fileinto "spam";
}
Or this procmail filter:
:0: * ^X-Spam-Flag: YES /var/vpopmail/domains/lastlog.de/js/.maildir/.spam/new
To filter your messages based on the additional mail headers added by spamassassin.
Type: strings concatenated with "\n"
Default: ""
Example:
'' #rewrite_header Subject [***** SPAM _SCORE_ *****] required_score 5.0 use_bayes 1 bayes_auto_learn 1 add_header all Status _YESNO_, score=_SCORE_ required=_REQD_ tests=_TESTS_ autolearn=_AUTOLEARN_ version=_VERSION_ ''
Declared by:
<nixpkgs/nixos/modules/services/mail/spamassassin.nix>
|
services.spamassassin.debugWhether to run the SpamAssassin daemon in debug mode
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/mail/spamassassin.nix>
|
services.spamassassin.initPreConfThe SpamAssassin init.pre config.
Type: string or path
Default:
'' # # to update this list, run this command in the rules directory: # grep 'loadplugin.*Mail::SpamAssassin::Plugin::.*' -o -h * | sort | uniq # #loadplugin Mail::SpamAssassin::Plugin::AccessDB #loadplugin Mail::SpamAssassin::Plugin::AntiVirus loadplugin Mail::SpamAssassin::Plugin::AskDNS # loadplugin Mail::SpamAssassin::Plugin::ASN loadplugin Mail::SpamAssassin::Plugin::AutoLearnThreshold #loadplugin Mail::SpamAssassin::Plugin::AWL loadplugin Mail::SpamAssassin::Plugin::Bayes loadplugin Mail::SpamAssassin::Plugin::BodyEval loadplugin Mail::SpamAssassin::Plugin::Check #loadplugin Mail::SpamAssassin::Plugin::DCC loadplugin Mail::SpamAssassin::Plugin::DKIM loadplugin Mail::SpamAssassin::Plugin::DNSEval loadplugin Mail::SpamAssassin::Plugin::FreeMail loadplugin Mail::SpamAssassin::Plugin::Hashcash loadplugin Mail::SpamAssassin::Plugin::HeaderEval loadplugin Mail::SpamAssassin::Plugin::HTMLEval loadplugin Mail::SpamAssassin::Plugin::HTTPSMismatch loadplugin Mail::SpamAssassin::Plugin::ImageInfo loadplugin Mail::SpamAssassin::Plugin::MIMEEval loadplugin Mail::SpamAssassin::Plugin::MIMEHeader # loadplugin Mail::SpamAssassin::Plugin::PDFInfo #loadplugin Mail::SpamAssassin::Plugin::PhishTag loadplugin Mail::SpamAssassin::Plugin::Pyzor loadplugin Mail::SpamAssassin::Plugin::Razor2 # loadplugin Mail::SpamAssassin::Plugin::RelayCountry loadplugin Mail::SpamAssassin::Plugin::RelayEval loadplugin Mail::SpamAssassin::Plugin::ReplaceTags # loadplugin Mail::SpamAssassin::Plugin::Rule2XSBody # loadplugin Mail::SpamAssassin::Plugin::Shortcircuit loadplugin Mail::SpamAssassin::Plugin::SpamCop loadplugin Mail::SpamAssassin::Plugin::SPF #loadplugin Mail::SpamAssassin::Plugin::TextCat # loadplugin Mail::SpamAssassin::Plugin::TxRep loadplugin Mail::SpamAssassin::Plugin::URIDetail loadplugin Mail::SpamAssassin::Plugin::URIDNSBL loadplugin Mail::SpamAssassin::Plugin::URIEval # loadplugin Mail::SpamAssassin::Plugin::URILocalBL loadplugin Mail::SpamAssassin::Plugin::VBounce loadplugin Mail::SpamAssassin::Plugin::WhiteListSubject loadplugin Mail::SpamAssassin::Plugin::WLBLEval ''
Declared by:
<nixpkgs/nixos/modules/services/mail/spamassassin.nix>
|
services.spark.packageSpark package.
Type: package
Default: pkgs.spark
Example:
pkgs.spark.overrideAttrs (super: rec {
pname = "spark";
version = "2.4.4";
src = pkgs.fetchzip {
url = "mirror://apache/spark/"${pname}-${version}/${pname}-${version}-bin-without-hadoop.tgz";
sha256 = "1a9w5k0207fysgpxx6db3a00fs5hdc2ncx99x4ccy2s0v5ndc66g";
};
})Declared by:
<nixpkgs/nixos/modules/services/cluster/spark/default.nix>
|
services.spark.confDirSpark configuration directory. Spark will use the configuration files (spark-defaults.conf, spark-env.sh, log4j.properties, etc) from this directory.
Type: path
Default: "${package}/lib/${package.untarDir}/conf"
Declared by:
<nixpkgs/nixos/modules/services/cluster/spark/default.nix>
|
services.spark.logDirSpark log directory.
Type: path
Default: "/var/log/spark"
Declared by:
<nixpkgs/nixos/modules/services/cluster/spark/default.nix>
|
services.spark.master.enableWhether to enable Spark master service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/cluster/spark/default.nix>
|
services.spark.master.bindAddress the spark master binds to.
Type: string
Default: "127.0.0.1"
Example: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/cluster/spark/default.nix>
|
services.spark.master.extraEnvironmentExtra environment variables to pass to spark master. See spark-standalone documentation.
Type: attribute set of string
Default: { }
Example:
{
SPARK_MASTER_OPTS = "-Dspark.deploy.defaultCores=5";
SPARK_MASTER_WEBUI_PORT = 8181;
}Declared by:
<nixpkgs/nixos/modules/services/cluster/spark/default.nix>
|
services.spark.master.restartIfChangedAutomatically restart master service on config change. This can be set to false to defer restarts on clusters running critical applications. Please consider the security implications of inadvertently running an older version, and the possibility of unexpected behavior caused by inconsistent versions across a cluster when disabling this option.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/cluster/spark/default.nix>
|
services.spark.worker.enableWhether to enable Spark worker service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/cluster/spark/default.nix>
|
services.spark.worker.extraEnvironmentExtra environment variables to pass to spark worker.
Type: attribute set of string
Default: { }
Example:
{
SPARK_WORKER_CORES = 5;
SPARK_WORKER_MEMORY = "2g";
}Declared by:
<nixpkgs/nixos/modules/services/cluster/spark/default.nix>
|
services.spark.worker.masterAddress of the spark master.
Type: string
Default: "127.0.0.1:7077"
Declared by:
<nixpkgs/nixos/modules/services/cluster/spark/default.nix>
|
services.spark.worker.restartIfChangedAutomatically restart worker service on config change. This can be set to false to defer restarts on clusters running critical applications. Please consider the security implications of inadvertently running an older version, and the possibility of unexpected behavior caused by inconsistent versions across a cluster when disabling this option.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/cluster/spark/default.nix>
|
services.spark.worker.workDirSpark worker work dir.
Type: path
Default: "/var/lib/spark"
Declared by:
<nixpkgs/nixos/modules/services/cluster/spark/default.nix>
|
services.spice-vdagentd.enableWhether to enable Spice guest vdagent daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/spice-vdagentd.nix>
|
services.spice-webdavd.enableWhether to enable the spice guest webdav proxy daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/spice-webdavd.nix>
|
services.spice-webdavd.packagespice-webdavd provider package to use.
Type: package
Default: pkgs.phodav
Declared by:
<nixpkgs/nixos/modules/services/misc/spice-webdavd.nix>
|
services.spiped.enableEnable the spiped service module.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/spiped.nix>
|
services.spiped.configConfiguration for a secure pipe daemon. The daemon can be
started, stopped, or examined using
systemctl, under the name
spiped@foo.
Type: attribute set of (submodule)
Default: { }
Example:
{
pipe1 =
{ keyfile = "/var/lib/spiped/pipe1.key";
encrypt = true;
source = "localhost:6000";
target = "endpoint.example.com:7000";
};
pipe2 =
{ keyfile = "/var/lib/spiped/pipe2.key";
decrypt = true;
source = "0.0.0.0:7000";
target = "localhost:3000";
};
}
Declared by:
<nixpkgs/nixos/modules/services/networking/spiped.nix>
|
services.spiped.config.<name>.decryptTake encrypted connections from the
source socket and send unencrypted
connections to the target socket.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/spiped.nix>
|
services.spiped.config.<name>.disableKeepalivesDisable transport layer keep-alives.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/spiped.nix>
|
services.spiped.config.<name>.disableReresolutionDisable target address re-resolution.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/spiped.nix>
|
services.spiped.config.<name>.encryptTake unencrypted connections from the
source socket and send encrypted
connections to the target socket.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/spiped.nix>
|
services.spiped.config.<name>.keyfileName of a file containing the spiped key. As the
daemon runs as the spiped user, the
key file must be somewhere owned by that user. By
default, we recommend putting the keys for any spipe
services in /var/lib/spiped.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/networking/spiped.nix>
|
services.spiped.config.<name>.maxConnsLimit on the number of simultaneous connections allowed.
Type: signed integer
Default: 100
Declared by:
<nixpkgs/nixos/modules/services/networking/spiped.nix>
|
services.spiped.config.<name>.resolveRefreshResolution refresh time for the target socket, in seconds.
Type: signed integer
Default: 60
Declared by:
<nixpkgs/nixos/modules/services/networking/spiped.nix>
|
services.spiped.config.<name>.sourceAddress on which spiped should listen for incoming
connections. Must be in one of the following formats:
/absolute/path/to/unix/socket,
host.name:port,
[ip.v4.ad.dr]:port or
[ipv6::addr]:port - note that
hostnames are resolved when spiped is launched and are
not re-resolved later; thus if DNS entries change
spiped will continue to connect to the expired
address.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/spiped.nix>
|
services.spiped.config.<name>.targetAddress to which spiped should connect.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/spiped.nix>
|
services.spiped.config.<name>.timeoutTimeout, in seconds, after which an attempt to connect to the target or a protocol handshake will be aborted (and the connection dropped) if not completed
Type: signed integer
Default: 5
Declared by:
<nixpkgs/nixos/modules/services/networking/spiped.nix>
|
services.spiped.config.<name>.waitForDNSWait for DNS. Normally when spiped is
launched it resolves addresses and binds to its source
socket before the parent process returns; with this option
it will daemonize first and retry failed DNS lookups until
they succeed. This allows spiped to
launch even if DNS isn't set up yet, but at the expense of
losing the guarantee that once spiped has
finished launching it will be ready to create pipes.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/spiped.nix>
|
services.spiped.config.<name>.weakHandshakeUse fast/weak handshaking: This reduces the CPU time spent in the initial connection setup, at the expense of losing perfect forward secrecy.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/spiped.nix>
|
services.spotifyd.enableWhether to enable spotifyd, a Spotify playing daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/audio/spotifyd.nix>
|
services.spotifyd.config(Deprecated) Configuration for Spotifyd. For syntax and directives, see https://github.com/Spotifyd/spotifyd#Configuration.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/audio/spotifyd.nix>
|
services.spotifyd.settingsConfiguration for Spotifyd. For syntax and directives, see https://github.com/Spotifyd/spotifyd#Configuration.
Type: TOML value
Default: { }
Example:
{
global = {
bitrate = 320;
};
}Declared by:
<nixpkgs/nixos/modules/services/audio/spotifyd.nix>
|
services.squeezelite.enableWhether to enable Squeezelite, a software Squeezebox emulator.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/audio/squeezelite.nix>
|
services.squeezelite.extraArgumentsAdditional command line arguments to pass to Squeezelite.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/audio/squeezelite.nix>
|
services.squeezelite.pulseAudioWhether to enable pulseaudio support.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/audio/squeezelite.nix>
|
services.squid.enableWhether to run squid web proxy.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/squid.nix>
|
services.squid.packageSquid package to use.
Type: package
Default: pkgs.squid
Declared by:
<nixpkgs/nixos/modules/services/networking/squid.nix>
|
services.squid.configTextVerbatim contents of squid.conf. If null (default), use the autogenerated file from NixOS instead.
Type: null or strings concatenated with "\n"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/squid.nix>
|
services.squid.extraConfigSquid configuration. Contents will be added verbatim to the configuration file.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/squid.nix>
|
services.squid.proxyAddressIP address on which squid will listen.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/squid.nix>
|
services.squid.proxyPortTCP port on which squid will listen.
Type: signed integer
Default: 3128
Declared by:
<nixpkgs/nixos/modules/services/networking/squid.nix>
|
services.sshd.enableAlias of services.openssh.enable.
Type: boolean
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
|
services.sshguard.enableWhether to enable the sshguard service.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/security/sshguard.nix>
|
services.sshguard.attack_thresholdBlock attackers when their cumulative attack score exceeds threshold. Most attacks have a score of 10.
Type: signed integer
Default: 30
Declared by:
<nixpkgs/nixos/modules/services/security/sshguard.nix>
|
services.sshguard.blacklist_fileBlacklist an attacker when its score exceeds threshold. Blacklisted addresses are loaded from and added to blacklist-file.
Type: path
Default: "/var/lib/sshguard/blacklist.db"
Declared by:
<nixpkgs/nixos/modules/services/security/sshguard.nix>
|
services.sshguard.blacklist_thresholdBlacklist an attacker when its score exceeds threshold. Blacklisted addresses are loaded from and added to blacklist-file.
Type: null or signed integer
Default: null
Example: 120
Declared by:
<nixpkgs/nixos/modules/services/security/sshguard.nix>
|
services.sshguard.blocktimeBlock attackers for initially blocktime seconds after exceeding threshold. Subsequent blocks increase by a factor of 1.5.
sshguard unblocks attacks at random intervals, so actual block times will be longer.
Type: signed integer
Default: 120
Declared by:
<nixpkgs/nixos/modules/services/security/sshguard.nix>
|
services.sshguard.detection_timeRemember potential attackers for up to detection_time seconds before resetting their score.
Type: signed integer
Default: 1800
Declared by:
<nixpkgs/nixos/modules/services/security/sshguard.nix>
|
services.sshguard.servicesSystemd services sshguard should receive logs of.
Type: list of string
Default:
[ "sshd" ]
Example:
[ "sshd" "exim" ]
Declared by:
<nixpkgs/nixos/modules/services/security/sshguard.nix>
|
services.sshguard.whitelistWhitelist a list of addresses, hostnames, or address blocks.
Type: list of string
Default: [ ]
Example:
[ "198.51.100.56" "198.51.100.2" ]
Declared by:
<nixpkgs/nixos/modules/services/security/sshguard.nix>
|
services.sslh.enableWhether to enable sslh.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/sslh.nix>
|
services.sslh.appendConfigVerbatim configuration file.
Type: string
Default:
''
protocols:
(
{ name: "ssh"; service: "ssh"; host: "localhost"; port: "22"; probe: "builtin"; },
{ name: "openvpn"; host: "localhost"; port: "1194"; probe: "builtin"; },
{ name: "xmpp"; host: "localhost"; port: "5222"; probe: "builtin"; },
{ name: "http"; host: "localhost"; port: "80"; probe: "builtin"; },
{ name: "tls"; host: "localhost"; port: "443"; probe: "builtin"; },
{ name: "anyprot"; host: "localhost"; port: "443"; probe: "builtin"; }
);
''Declared by:
<nixpkgs/nixos/modules/services/networking/sslh.nix>
|
services.sslh.listenAddressesListening addresses or hostnames.
Type: (list of string) or string convertible to it
Default:
[ "0.0.0.0" "[::]" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/sslh.nix>
|
services.sslh.portListening port.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 443
Declared by:
<nixpkgs/nixos/modules/services/networking/sslh.nix>
|
services.sslh.timeoutTimeout in seconds.
Type: signed integer
Default: 2
Declared by:
<nixpkgs/nixos/modules/services/networking/sslh.nix>
|
services.sslh.transparentWill the services behind sslh (Apache, sshd and so on) see the external IP and ports as if the external world connected directly to them
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/sslh.nix>
|
services.sslh.verboseVerbose logs.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/sslh.nix>
|
services.sslmate-agent.enableWhether to enable sslmate-agent, a daemon for managing SSL/TLS certificates on a server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/security/sslmate-agent.nix>
|
services.ssm-agent.enableWhether to enable AWS SSM agent.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/ssm-agent.nix>
|
services.ssm-agent.packageThe SSM agent package to use
Type: path
Default: pkgs.ssm-agent.override { overrideEtc = false; }
Declared by:
<nixpkgs/nixos/modules/services/misc/ssm-agent.nix>
|
services.sssd.enableWhether to enable the System Security Services Daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/sssd.nix>
|
services.sssd.configContents of sssd.conf.
Type: strings concatenated with "\n"
Default:
'' [sssd] config_file_version = 2 services = nss, pam domains = shadowutils [nss] [pam] [domain/shadowutils] id_provider = proxy proxy_lib_name = files auth_provider = proxy proxy_pam_target = sssd-shadowutils proxy_fast_alias = True ''
Declared by:
<nixpkgs/nixos/modules/services/misc/sssd.nix>
|
services.sssd.environmentFileEnvironment file as defined in systemd.exec(5).
Secrets may be passed to the service without adding them to the world-readable Nix store, by specifying placeholder variables as the option value in Nix and setting these variables accordingly in the environment file.
# snippet of sssd-related config [domain/LDAP] ldap_default_authtok = $SSSD_LDAP_DEFAULT_AUTHTOK
# contents of the environment file SSSD_LDAP_DEFAULT_AUTHTOK=verysecretpassword
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/sssd.nix>
|
services.sssd.kcmWhether to use SSS as a Kerberos Cache Manager (KCM). Kerberos will be configured to cache credentials in SSS.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/sssd.nix>
|
services.sssd.sshAuthorizedKeysIntegrationWhether to make sshd look up authorized keys from SSS.
For this to work, the ssh SSS service must be enabled in the sssd configuration.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/sssd.nix>
|
services.step-ca.enableWhether to enable the smallstep certificate authority server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/security/step-ca.nix>
|
services.step-ca.packageWhich step-ca package to use.
Type: package
Default: pkgs.step-ca
Declared by:
<nixpkgs/nixos/modules/services/security/step-ca.nix>
|
services.step-ca.addressThe address (without port) the certificate authority should listen at.
This combined with services.step-ca.port overrides services.step-ca.settings.address.
Type: string
Example: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/security/step-ca.nix>
|
services.step-ca.intermediatePasswordFilePath to the file containing the password for the intermediate certificate private key.
Make sure to use a quoted absolute path instead of a path literal to prevent it from being copied to the globally readable Nix store.
Type: path
Example: "/run/keys/smallstep-password"
Declared by:
<nixpkgs/nixos/modules/services/security/step-ca.nix>
|
services.step-ca.openFirewallWhether to enable opening the certificate authority server port.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/security/step-ca.nix>
|
services.step-ca.portThe port the certificate authority should listen on.
This combined with services.step-ca.address overrides services.step-ca.settings.address.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Example: 8443
Declared by:
<nixpkgs/nixos/modules/services/security/step-ca.nix>
|
services.step-ca.settingsSettings that go into ca.json. See
the step-ca manual
for more information. The easiest way to
configure this module would be to run step ca init
to generate ca.json and then import it using
builtins.fromJSON.
This article
may also be useful if you want to customize certain aspects of
certificate generation for your CA.
You need to change the database storage path to /var/lib/step-ca/db.
The services.step-ca.settings.address option
will be ignored and overwritten by
services.step-ca.address and
services.step-ca.port.
Type: attribute set of anything
Declared by:
<nixpkgs/nixos/modules/services/security/step-ca.nix>
|
services.stratis.enableWhether to enable Stratis Storage - Easy to use local storage management for Linux.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/tasks/stratis.nix>
|
services.strongswan.enableWhether to enable strongSwan.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan.nix>
|
services.strongswan.enabledPluginsA list of additional plugins to enable if
managePlugins is true.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan.nix>
|
services.strongswan.caA set of CAs (certification authorities) and their options for
the ‘ca xxx’ sections of the ipsec.conf
file.
Type: attribute set of attribute set of string
Default: { }
Example:
{
strongswan = {
auto = "add";
cacert = "/run/keys/strongswanCert.pem";
crluri = "http://crl2.strongswan.org/strongswan.crl";
};
}Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan.nix>
|
services.strongswan.connectionsA set of connections and their options for the ‘conn xxx’
sections of the ipsec.conf file.
Type: attribute set of attribute set of string
Default: { }
Example:
{
"%default" = {
keyexchange = "ikev2";
keyingtries = "1";
};
roadwarrior = {
auto = "add";
leftcert = "/run/keys/moonCert.pem";
leftid = "@moon.strongswan.org";
leftsubnet = "10.1.0.0/16";
right = "%any";
};
}
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan.nix>
|
services.strongswan.managePluginsIf set to true, this option will disable automatic plugin loading and
then tell strongSwan to enable the plugins specified in the
enabledPlugins option.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan.nix>
|
services.strongswan.secretsA list of paths to IPSec secret files. These
files will be included into the main ipsec.secrets file with
the include directive. It is safer if these
paths are absolute.
Type: list of string
Default: [ ]
Example:
[ "/run/keys/ipsec-foo.secret" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan.nix>
|
services.strongswan.setupA set of options for the ‘config setup’ section of the
ipsec.conf file. Defines general
configuration parameters.
Type: attribute set of string
Default: { }
Example:
{
cachecrls = "yes";
strictcrlpolicy = "yes";
}Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan.nix>
|
services.strongswan-swanctl.enableWhether to enable strongswan-swanctl service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.packageThe strongswan derivation to use.
Type: package
Default: pkgs.strongswan
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.strongswan.extraConfigContents of the strongswan.conf file.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.authoritiesSection defining complementary attributes of certification authorities, each in its own subsection with an arbitrary yet unique name
Type: attribute set of (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.authorities.<name>.cacertThe certificates may use a relative path from the swanctl
x509ca directory or an absolute path.
Configure one of cacert,
file, or
handle per section.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.authorities.<name>.cert_uri_baseDefines the base URI for the Hash and URL feature supported by IKEv2. Instead of exchanging complete certificates, IKEv2 allows one to send an URI that resolves to the DER encoded certificate. The certificate URIs are built by appending the SHA1 hash of the DER encoded certificates to this base URI.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.authorities.<name>.crl_urisList of CRL distribution points (ldap, http, or file URI).
StrongSwan default: []
Type: null or (list of string)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.authorities.<name>.fileAbsolute path to the certificate to load. Passed as-is to the daemon, so it must be readable by it.
Configure either this or handle, but not both, in one section.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.authorities.<name>.handleHex-encoded CKA_ID or handle of the certificate on a token or TPM, respectively.
Configure either this or file, but not both, in one section.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.authorities.<name>.moduleOptional PKCS#11 module name.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.authorities.<name>.ocsp_urisList of OCSP URIs.
StrongSwan default: []
Type: null or (list of string)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.authorities.<name>.slotOptional slot number of the token that stores the certificate.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connectionsSection defining IKE connection configurations, each in its own subsection with an arbitrary yet unique name
Type: attribute set of (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.aggressiveEnables Aggressive Mode instead of Main Mode with Identity Protection. Aggressive Mode is considered less secure, because the ID and HASH payloads are exchanged unprotected. This allows a passive attacker to snoop peer identities, and even worse, start dictionary attacks on the Preshared Key.
StrongSwan default: false
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.childlessUse childless IKE_SA initiation (RFC 6023) for IKEv2. Acceptable values
are allow (the default), force and
never. If set to allow, responders
will accept childless IKE_SAs (as indicated via notify in the IKE_SA_INIT
response) while initiators continue to create regular IKE_SAs with the
first CHILD_SA created during IKE_AUTH, unless the IKE_SA is initiated
explicitly without any children (which will fail if the responder does not
support or has disabled this extension). If set to
force, only childless initiation is accepted and the
first CHILD_SA is created with a separate CREATE_CHILD_SA exchange
(e.g. to use an independent DH exchange for all CHILD_SAs). Finally,
setting the option to never disables support for
childless IKE_SAs as responder.
StrongSwan default: "allow"
Type: null or one of "allow", "force", "never"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.childrenCHILD_SA configuration sub-section. Each connection definition may have
one or more sections in its children subsection. The
section name defines the name of the CHILD_SA configuration, which must be
unique within the connection (denoted <child> below).
Type: attribute set of (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.ah_proposalsAH proposals to offer for the CHILD_SA. A proposal is a set of algorithms. For AH, this includes an integrity algorithm and an optional Diffie-Hellman group. If a DH group is specified, CHILD_SA/Quick Mode rekeying and initial negotiation uses a separate Diffie-Hellman exchange using the specified group (refer to esp_proposals for details).
In IKEv2, multiple algorithms of the same kind can be specified in a single proposal, from which one gets selected. In IKEv1, only one algorithm per kind is allowed per proposal, more algorithms get implicitly stripped. Use multiple proposals to offer different algorithms combinations in IKEv1.
Algorithm keywords get separated using dashes. Multiple proposals may be
specified in a list. The special value default forms
a default proposal of supported algorithms considered safe, and is
usually a good choice for interoperability. By default no AH proposals
are included, instead ESP is proposed.
StrongSwan default: []
Type: null or (list of string)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.close_actionAction to perform after a CHILD_SA gets closed by the peer.
The default of none does not take any action,
trap installs a trap policy for the CHILD_SA.
start tries to re-create the CHILD_SA.
close_action does not provide any guarantee that the
CHILD_SA is kept alive. It acts on explicit close messages only, but not
on negotiation failures. Use trap policies to reliably re-create failed
CHILD_SAs.
StrongSwan default: "none"
Type: null or one of "none", "trap", "start"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.copy_dfWhether to copy the DF bit to the outer IPv4 header in tunnel mode. This effectively disables Path MTU discovery (PMTUD). Controlling this behavior is not supported by all kernel interfaces.
StrongSwan default: true
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.copy_dscpWhether to copy the DSCP (Differentiated Services Field Codepoint)
header field to/from the outer IP header in tunnel mode. The value
out only copies the field from the inner to the outer
header, the value in does the opposite and only
copies the field from the outer to the inner header when decapsulating,
the value yes copies the field in both directions,
and the value no disables copying the field
altogether. Setting this to yes or
in could allow an attacker to adversely affect other
traffic at the receiver, which is why the default is
out. Controlling this behavior is not supported by
all kernel interfaces.
StrongSwan default: "out"
Type: null or one of "out", "in", "yes", "no"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.copy_ecnWhether to copy the ECN (Explicit Congestion Notification) header field to/from the outer IP header in tunnel mode. Controlling this behavior is not supported by all kernel interfaces.
StrongSwan default: true
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.dpd_actionAction to perform for this CHILD_SA on DPD timeout. The default clear closes the CHILD_SA and does not take further action. trap installs a trap policy, which will catch matching traffic and tries to re-negotiate the tunnel on-demand. restart immediately tries to re-negotiate the CHILD_SA under a fresh IKE_SA.
StrongSwan default: "clear"
Type: null or one of "clear", "trap", "restart"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.esp_proposalsESP proposals to offer for the CHILD_SA. A proposal is a set of algorithms. For ESP non-AEAD proposals, this includes an integrity algorithm, an encryption algorithm, an optional Diffie-Hellman group and an optional Extended Sequence Number Mode indicator. For AEAD proposals, a combined mode algorithm is used instead of the separate encryption/integrity algorithms.
If a DH group is specified, CHILD_SA/Quick Mode rekeying and initial negotiation use a separate Diffie-Hellman exchange using the specified group. However, for IKEv2, the keys of the CHILD_SA created implicitly with the IKE_SA will always be derived from the IKE_SA's key material. So any DH group specified here will only apply when the CHILD_SA is later rekeyed or is created with a separate CREATE_CHILD_SA exchange. A proposal mismatch might, therefore, not immediately be noticed when the SA is established, but may later cause rekeying to fail.
Extended Sequence Number support may be indicated with the
esn and noesn values, both may be
included to indicate support for both modes. If omitted,
noesn is assumed.
In IKEv2, multiple algorithms of the same kind can be specified in a single proposal, from which one gets selected. In IKEv1, only one algorithm per kind is allowed per proposal, more algorithms get implicitly stripped. Use multiple proposals to offer different algorithms combinations in IKEv1.
Algorithm keywords get separated using dashes. Multiple proposals may be
specified as a list. The special value default forms
a default proposal of supported algorithms considered safe, and is
usually a good choice for interoperability. If no algorithms are
specified for AH nor ESP, the default set of algorithms for ESP is
included.
StrongSwan default: ["default"]
Type: null or (list of string)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.hostaccessHostaccess variable to pass to updown script.
StrongSwan default: false
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.hw_offloadEnable hardware offload for this CHILD_SA, if supported by the IPsec
implementation. The value yes enforces offloading
and the installation will fail if it's not supported by either kernel or
device. The value auto enables offloading, if it's
supported, but the installation does not fail otherwise.
StrongSwan default: "no"
Type: null or one of "yes", "no", "auto"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.if_id_inXFRM interface ID set on inbound policies/SA. This allows installing
duplicate policies/SAs and associates them with an interface with the
same ID. The special value %unique sets a unique
interface ID on each CHILD_SA instance, beyond that the value
%unique-dir assigns a different unique interface ID
for each CHILD_SA direction (in/out).
StrongSwan default: "0"
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.if_id_outXFRM interface ID set on outbound policies/SA. This allows installing
duplicate policies/SAs and associates them with an interface with the
same ID. The special value %unique sets a unique
interface ID on each CHILD_SA instance, beyond that the value
%unique-dir assigns a different unique interface ID
for each CHILD_SA direction (in/out).
The daemon will not install routes for CHILD_SAs that have this option set.
StrongSwan default: "0"
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.inactivityTimeout before closing CHILD_SA after inactivity. If no traffic has been processed in either direction for the configured timeout, the CHILD_SA gets closed due to inactivity. The default value of 0 disables inactivity checks.
StrongSwan default: "0s"
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.interfaceOptional interface name to restrict outbound IPsec policies.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.ipcompEnable IPComp compression before encryption. If enabled, IKE tries to negotiate IPComp compression to compress ESP payload data prior to encryption.
StrongSwan default: false
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.life_bytesMaximum bytes processed before CHILD_SA gets closed. Usually this hard
volume limit is never reached, because the CHILD_SA gets rekeyed
before. If that fails for whatever reason, this limit closes the
CHILD_SA. The default is 10% more than rekey_bytes.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.life_packetsMaximum number of packets processed before CHILD_SA gets closed. Usually this hard packets limit is never reached, because the CHILD_SA gets rekeyed before. If that fails for whatever reason, this limit closes the CHILD_SA.
The default is 10% more than rekey_bytes.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.life_timeMaximum lifetime before CHILD_SA gets closed. Usually this hard lifetime
is never reached, because the CHILD_SA gets rekeyed before. If that fails
for whatever reason, this limit closes the CHILD_SA. The default is 10%
more than the rekey_time.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.local_tsList of local traffic selectors to include in CHILD_SA. Each selector is
a CIDR subnet definition, followed by an optional proto/port
selector. The special value dynamic may be used
instead of a subnet definition, which gets replaced by the tunnel outer
address or the virtual IP, if negotiated. This is the default.
A protocol/port selector is surrounded by opening and closing square
brackets. Between these brackets, a numeric or getservent(3) protocol
name may be specified. After the optional protocol restriction, an
optional port restriction may be specified, separated by a slash. The
port restriction may be numeric, a getservent(3) service name, or the
special value opaque for RFC 4301 OPAQUE
selectors. Port ranges may be specified as well, none of the kernel
backends currently support port ranges, though.
When IKEv1 is used only the first selector is interpreted, except if the Cisco Unity extension plugin is used. This is due to a limitation of the IKEv1 protocol, which only allows a single pair of selectors per CHILD_SA. So to tunnel traffic matched by several pairs of selectors when using IKEv1 several children (CHILD_SAs) have to be defined that cover the selectors. The IKE daemon uses traffic selector narrowing for IKEv1, the same way it is standardized and implemented for IKEv2. However, this may lead to problems with other implementations. To avoid that, configure identical selectors in such scenarios.
StrongSwan default: ["dynamic"]
Type: null or (list of string)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.mark_inNetfilter mark and mask for input traffic. On Linux, Netfilter may
require marks on each packet to match an SA/policy having that option
set. This allows installing duplicate policies and enables Netfilter
rules to select specific SAs/policies for incoming traffic. Note that
inbound marks are only set on policies, by default, unless
mark_in_sa is enabled. The special value
%unique sets a unique mark on each CHILD_SA instance,
beyond that the value %unique-dir assigns a different
unique mark for each
An additional mask may be appended to the mark, separated by
/. The default mask if omitted is
0xffffffff.
StrongSwan default: "0/0x00000000"
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.mark_in_saWhether to set mark_in on the inbound SA. By default,
the inbound mark is only set on the inbound policy. The tuple destination
address, protocol and SPI is unique and the mark is not required to find
the correct SA, allowing to mark traffic after decryption instead (where
more specific selectors may be used) to match different policies. Marking
packets before decryption is still possible, even if no mark is set on
the SA.
StrongSwan default: false
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.mark_outNetfilter mark and mask for output traffic. On Linux, Netfilter may
require marks on each packet to match a policy/SA having that option
set. This allows installing duplicate policies and enables Netfilter
rules to select specific policies/SAs for outgoing traffic. The special
value %unique sets a unique mark on each CHILD_SA
instance, beyond that the value %unique-dir assigns a
different unique mark for each CHILD_SA direction (in/out).
An additional mask may be appended to the mark, separated by
/. The default mask if omitted is
0xffffffff.
StrongSwan default: "0/0x00000000"
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.modeIPsec Mode to establish CHILD_SA with.
tunnel negotiates the CHILD_SA in IPsec Tunnel Mode,
whereas transport uses IPsec Transport Mode.
transport_proxy signifying the special Mobile IPv6
Transport Proxy Mode.
beet is the Bound End to End Tunnel mixture mode,
working with fixed inner addresses without the need to include them in
each packet.
Both transport and beet modes are
subject to mode negotiation; tunnel mode is
negotiated if the preferred mode is not available.
pass and drop are used to install
shunt policies which explicitly bypass the defined traffic from IPsec
processing or drop it, respectively.
StrongSwan default: "tunnel"
Type: null or one of "tunnel", "transport", "transport_proxy", "beet", "pass", "drop"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.policiesWhether to install IPsec policies or not. Disabling this can be useful in some scenarios e.g. MIPv6, where policies are not managed by the IKE daemon. Since 5.3.3.
StrongSwan default: true
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.policies_fwd_outWhether to install outbound FWD IPsec policies or not. Enabling this is required in case there is a drop policy that would match and block forwarded traffic for this CHILD_SA. Since 5.5.1.
StrongSwan default: false
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.priorityOptional fixed priority for IPsec policies. This could be useful to install high-priority drop policies. The default of 0 uses dynamically calculated priorities based on the size of the traffic selectors.
StrongSwan default: 0
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.rand_bytesByte range from which to choose a random value to subtract from
rekey_bytes. The default is the difference between
life_bytes and rekey_bytes.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.rand_packetsPacket range from which to choose a random value to subtract from
rekey_packets. The default is the difference between
life_packets and rekey_packets.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.rand_timeTime range from which to choose a random value to subtract from
rekey_time. The default is the difference between
life_time and rekey_time.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.rekey_bytesNumber of bytes processed before initiating CHILD_SA rekeying. CHILD_SA rekeying refreshes key material, optionally using a Diffie-Hellman exchange if a group is specified in the proposal.
To avoid rekey collisions initiated by both ends simultaneously, a value
in the range of rand_bytes gets subtracted to form the
effective soft volume limit.
Volume based CHILD_SA rekeying is disabled by default.
StrongSwan default: 0
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.rekey_packetsNumber of packets processed before initiating CHILD_SA rekeying. CHILD_SA rekeying refreshes key material, optionally using a Diffie-Hellman exchange if a group is specified in the proposal.
To avoid rekey collisions initiated by both ends simultaneously, a value
in the range of rand_packets gets subtracted to form
the effective soft packet count limit.
Packet count based CHILD_SA rekeying is disabled by default.
StrongSwan default: 0
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.rekey_timeTime to schedule CHILD_SA rekeying. CHILD_SA rekeying refreshes key
material, optionally using a Diffie-Hellman exchange if a group is
specified in the proposal. To avoid rekey collisions initiated by both
ends simultaneously, a value in the range of rand_time
gets subtracted to form the effective soft lifetime.
By default CHILD_SA rekeying is scheduled every hour, minus
rand_time.
StrongSwan default: "1h"
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.remote_tsList of remote selectors to include in CHILD_SA. See
local_ts for a description of the selector syntax.
StrongSwan default: ["dynamic"]
Type: null or (list of string)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.replay_windowIPsec replay window to configure for this CHILD_SA. Larger values than
the default of 32 are supported using the Netlink
backend only, a value of 0 disables IPsec replay
protection.
StrongSwan default: 32
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.reqidFixed reqid to use for this CHILD_SA. This might be helpful in some scenarios, but works only if each CHILD_SA configuration is instantiated not more than once. The default of 0 uses dynamic reqids, allocated incrementally.
StrongSwan default: 0
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.set_mark_inNetfilter mark applied to packets after the inbound IPsec SA processed them. This way it's not necessary to mark packets via Netfilter before decryption or right afterwards to match policies or process them differently (e.g. via policy routing).
An additional mask may be appended to the mark, separated by
/. The default mask if omitted is 0xffffffff. The
special value %same uses the value (but not the mask)
from mark_in as mark value, which can be fixed,
%unique or %unique-dir.
Setting marks in XFRM input requires Linux 4.19 or higher.
StrongSwan default: "0/0x00000000"
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.set_mark_outNetfilter mark applied to packets after the outbound IPsec SA processed them. This allows processing ESP packets differently than the original traffic (e.g. via policy routing).
An additional mask may be appended to the mark, separated by
/. The default mask if omitted is 0xffffffff. The
special value %same uses the value (but not the mask)
from mark_out as mark value, which can be fixed,
%unique_ or %unique-dir.
Setting marks in XFRM output is supported since Linux 4.14. Setting a mask requires at least Linux 4.19.
StrongSwan default: "0/0x00000000"
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.sha256_96HMAC-SHA-256 is used with 128-bit truncation with IPsec. For compatibility with implementations that incorrectly use 96-bit truncation this option may be enabled to configure the shorter truncation length in the kernel. This is not negotiated, so this only works with peers that use the incorrect truncation length (or have this option enabled).
StrongSwan default: false
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.start_actionAction to perform after loading the configuration.
The default of none loads the connection only, which
then can be manually initiated or used as a responder configuration.
The value trap installs a trap policy, which triggers
the tunnel as soon as matching traffic has been detected.
The value start initiates the connection actively.
When unloading or replacing a CHILD_SA configuration having a
start_action different from none,
the inverse action is performed. Configurations with
start get closed, while such with
trap get uninstalled.
StrongSwan default: "none"
Type: null or one of "none", "trap", "start"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.tfc_paddingPads ESP packets with additional data to have a consistent ESP packet
size for improved Traffic Flow Confidentiality. The padding defines the
minimum size of all ESP packets sent. The default value of
0 disables TFC padding, the special value
mtu adds TFC padding to create a packet size equal to
the Path Maximum Transfer Unit.
StrongSwan default: 0
Type: null or signed integer or value "mtu" (singular enum)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.children.<name>.updownUpdown script to invoke on CHILD_SA up and down events.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.dpd_delayInterval to check the liveness of a peer actively using IKEv2 INFORMATIONAL exchanges or IKEv1 R_U_THERE messages. Active DPD checking is only enforced if no IKE or ESP/AH packet has been received for the configured DPD delay.
StrongSwan default: "0s"
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.dpd_timeoutCharon by default uses the normal retransmission mechanism and timeouts to check the liveness of a peer, as all messages are used for liveness checking. For compatibility reasons, with IKEv1 a custom interval may be specified; this option has no effect on connections using IKEv2.
StrongSwan default: "0s"
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.dscpDifferentiated Services Field Codepoint to set on outgoing IKE packets for this connection. The value is a six digit binary encoded string specifying the Codepoint to set, as defined in RFC 2474.
StrongSwan default: "000000"
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.encapTo enforce UDP encapsulation of ESP packets, the IKE daemon can fake the NAT detection payloads. This makes the peer believe that NAT takes place on the path, forcing it to encapsulate ESP packets in UDP.
Usually this is not required, but it can help to work around connectivity issues with too restrictive intermediary firewalls.
StrongSwan default: false
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.fragmentationUse IKE fragmentation (proprietary IKEv1 extension or RFC 7383 IKEv2
fragmentation). Acceptable values are yes (the default
since 5.5.1), accept (since versions:5.5.3),
force and no.
If set to yes, and the peer
supports it, oversized IKE messages will be sent in fragments.
If set to
accept, support for fragmentation is announced to the peer but the daemon
does not send its own messages in fragments.
If set to force (only
supported for IKEv1) the initial IKE message will already be fragmented if
required.
Finally, setting the option to no will disable announcing
support for this feature.
Note that fragmented IKE messages sent by a peer are always processed irrespective of the value of this option (even when set to no).
StrongSwan default: "yes"
Type: null or one of "yes", "accept", "force", "no"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.if_id_inXFRM interface ID set on inbound policies/SA, can be overridden by child config, see there for details.
StrongSwan default: "0"
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.if_id_outXFRM interface ID set on outbound policies/SA, can be overridden by child config, see there for details.
StrongSwan default: "0"
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.keyingtriesNumber of retransmission sequences to perform during initial
connect. Instead of giving up initiation after the first retransmission
sequence with the default value of 1, additional
sequences may be started according to the configured value. A value of
0 initiates a new sequence until the connection
establishes or fails with a permanent error.
StrongSwan default: 1
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.localSection for a local authentication round. A local authentication round defines the rules how authentication is performed for the local peer. Multiple rounds may be defined to use IKEv2 RFC 4739 Multiple Authentication or IKEv1 XAuth.
Each round is defined in a section having local as
prefix, and an optional unique suffix. To define a single authentication
round, the suffix may be omitted.
Type: attribute set of (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.aaa_idServer side EAP-Identity to expect in the EAP method. Some EAP methods, such as EAP-TLS, use an identity for the server to perform mutual authentication. This identity may differ from the IKE identity, especially when EAP authentication is delegated from the IKE responder to an AAA backend.
For EAP-(T)TLS, this defines the identity for which the server must provide a certificate in the TLS exchange.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.authAuthentication to perform locally.
The default pubkey uses public key authentication
using a private key associated to a usable certificate.
psk uses pre-shared key authentication.
The IKEv1 specific xauth is used for XAuth or Hybrid
authentication,
while the IKEv2 specific eap keyword defines EAP
authentication.
For xauth, a specific backend name may be appended,
separated by a dash. The appropriate xauth backend is
selected to perform the XAuth exchange. For traditional XAuth, the
xauth method is usually defined in the second
authentication round following an initial pubkey (or
psk) round. Using xauth in the
first round performs Hybrid Mode client authentication.
For eap, a specific EAP method name may be appended, separated by a
dash. An EAP module implementing the appropriate method is selected to
perform the EAP conversation.
Since 5.4.0, if both peers support RFC 7427 ("Signature Authentication
in IKEv2") specific hash algorithms to be used during IKEv2
authentication may be configured. To do so use ike:
followed by a trust chain signature scheme constraint (see description
of the remote section's auth
keyword). For example, with ike:pubkey-sha384-sha256
a public key signature scheme with either SHA-384 or SHA-256 would get
used for authentication, in that order and depending on the hash
algorithms supported by the peer. If no specific hash algorithms are
configured, the default is to prefer an algorithm that matches or
exceeds the strength of the signature key. If no constraints with
ike: prefix are configured any signature scheme
constraint (without ike: prefix) will also apply to
IKEv2 authentication, unless this is disabled in
strongswan.conf. To use RSASSA-PSS signatures use
rsa/pss instead of pubkey or
rsa as in e.g.
ike:rsa/pss-sha256. If pubkey or
rsa constraints are configured RSASSA-PSS signatures
will only be used if enabled in strongswan.conf(5).
StrongSwan default: "pubkey"
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.certSection for a certificate candidate to use for authentication. Certificates in certs are transmitted as binary blobs, these sections offer more flexibility.
Type: attribute set of (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.cert.<name>.fileAbsolute path to the certificate to load. Passed as-is to the daemon, so it must be readable by it.
Configure either this or handle, but not both, in one section.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.cert.<name>.handleHex-encoded CKA_ID or handle of the certificate on a token or TPM, respectively.
Configure either this or file, but not both, in one section.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.cert.<name>.moduleOptional PKCS#11 module name.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.cert.<name>.slotOptional slot number of the token that stores the certificate.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.certsList of certificate candidates to use for
authentication. The certificates may use a relative path from the
swanctl x509 directory or an absolute path.
The certificate used for authentication is selected based on the received certificate request payloads. If no appropriate CA can be located, the first certificate is used.
StrongSwan default: []
Type: null or (list of string)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.eap_idClient EAP-Identity to use in EAP-Identity exchange and the EAP method.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.idIKE identity to use for authentication round. When using certificate authentication, the IKE identity must be contained in the certificate, either as subject or as subjectAltName.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.pubkeysList of raw public key candidates to use for
authentication. The public keys may use a relative path from the swanctl
pubkey directory or an absolute path.
Even though multiple local public keys could be defined in principle, only the first public key in the list is used for authentication.
StrongSwan default: []
Type: null or (list of string)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.roundOptional numeric identifier by which authentication rounds are sorted. If not specified rounds are ordered by their position in the config file/vici message.
StrongSwan default: 0
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.local.<name>.xauth_idClient XAuth username used in the XAuth exchange.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.local_addrsLocal address(es) to use for IKE communication. Takes single IPv4/IPv6 addresses, DNS names, CIDR subnets or IP address ranges.
As initiator, the first non-range/non-subnet is used to initiate the connection from. As responder, the local destination address must match at least to one of the specified addresses, subnets or ranges.
If FQDNs are assigned they are resolved every time a configuration lookup is done. If DNS resolution times out, the lookup is delayed for that time.
StrongSwan default: []
Type: null or (list of string)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.local_portLocal UDP port for IKE communication. By default the port of the socket
backend is used, which is usually 500. If port
500 is used, automatic IKE port floating to port
4500 is used to work around NAT issues.
Using a non-default local IKE port requires support from the socket backend in use (socket-dynamic).
StrongSwan default: 500
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.mediated_byThe name of the connection to mediate this connection through. If given, the connection will be mediated through the named mediation connection. The mediation connection must have mediation enabled.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.mediationWhether this connection is a mediation connection, that is, whether this connection is used to mediate other connections using the IKEv2 Mediation Extension. Mediation connections create no CHILD_SA.
StrongSwan default: false
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.mediation_peerIdentity under which the peer is registered at the mediation server, that is, the IKE identity the other end of this connection uses as its local identity on its connection to the mediation server. This is the identity we request the mediation server to mediate us with. Only relevant on connections that set mediated_by. If it is not given, the remote IKE identity of the first authentication round of this connection will be used.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.mobikeEnables MOBIKE on IKEv2 connections. MOBIKE is enabled by default on IKEv2 connections, and allows mobility of clients and multi-homing on servers by migrating active IPsec tunnels.
Usually keeping MOBIKE enabled is unproblematic, as it is not used if the peer does not indicate support for it. However, due to the design of MOBIKE, IKEv2 always floats to port 4500 starting from the second exchange. Some implementations don't like this behavior, hence it can be disabled.
StrongSwan default: true
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.over_timeHard IKE_SA lifetime if rekey/reauth does not complete, as time. To avoid having an IKE/ISAKMP kept alive if IKE reauthentication or rekeying fails perpetually, a maximum hard lifetime may be specified. If the IKE_SA fails to rekey or reauthenticate within the specified time, the IKE_SA gets closed.
In contrast to CHILD_SA rekeying, over_time is relative in time to the rekey_time and reauth_time values, as it applies to both.
The default is 10% of the longer of rekey_time and
reauth_time.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.poolsList of named IP pools to allocate virtual IP addresses and other configuration attributes from. Each name references a pool by name from either the pools section or an external pool.
StrongSwan default: []
Type: null or (list of string)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.ppk_idString identifying the Postquantum Preshared Key (PPK) to be used.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.ppk_requiredWhether a Postquantum Preshared Key (PPK) is required for this connection.
StrongSwan default: false
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.proposalsA proposal is a set of algorithms. For non-AEAD algorithms, this includes for IKE an encryption algorithm, an integrity algorithm, a pseudo random function and a Diffie-Hellman group. For AEAD algorithms, instead of encryption and integrity algorithms, a combined algorithm is used.
In IKEv2, multiple algorithms of the same kind can be specified in a single proposal, from which one gets selected. In IKEv1, only one algorithm per kind is allowed per proposal, more algorithms get implicitly stripped. Use multiple proposals to offer different algorithms combinations in IKEv1.
Algorithm keywords get separated using dashes. Multiple proposals may be
specified in a list. The special value default forms a
default proposal of supported algorithms considered safe, and is usually a
good choice for interoperability.
StrongSwan default: ["default"]
Type: null or (list of string)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.pullIf the default of yes is used, Mode Config works in pull mode, where the initiator actively requests a virtual IP. With no, push mode is used, where the responder pushes down a virtual IP to the initiating peer.
Push mode is currently supported for IKEv1, but not in IKEv2. It is used by a few implementations only, pull mode is recommended.
StrongSwan default: true
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.rand_timeTime range from which to choose a random value to subtract from rekey/reauth times. To avoid having both peers initiating the rekey/reauth procedure simultaneously, a random time gets subtracted from the rekey/reauth times.
The default is equal to the configured over_time.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.reauth_timeTime to schedule IKE reauthentication. IKE reauthentication recreates the IKE/ISAKMP SA from scratch and re-evaluates the credentials. In asymmetric configurations (with EAP or configuration payloads) it might not be possible to actively reauthenticate as responder. The IKEv2 reauthentication lifetime negotiation can instruct the client to perform reauthentication.
Reauthentication is disabled by default. Enabling it usually may lead to small connection interruptions, as strongSwan uses a break-before-make policy with IKEv2 to avoid any conflicts with associated tunnel resources.
StrongSwan default: "0s"
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.rekey_timeIKE rekeying refreshes key material using a Diffie-Hellman exchange, but does not re-check associated credentials. It is supported in IKEv2 only, IKEv1 performs a reauthentication procedure instead.
With the default value IKE rekeying is scheduled every 4 hours, minus the configured rand_time. If a reauth_time is configured, rekey_time defaults to zero, disabling rekeying; explicitly set both to enforce rekeying and reauthentication.
StrongSwan default: "4h"
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.remoteSection for a remote authentication round. A remote authentication round defines the constraints how the peers must authenticate to use this connection. Multiple rounds may be defined to use IKEv2 RFC 4739 Multiple Authentication or IKEv1 XAuth.
Each round is defined in a section having remote as
prefix, and an optional unique suffix. To define a single authentication
round, the suffix may be omitted.
Type: attribute set of (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.authAuthentication to expect from remote. See the local
section's auth keyword description about the details of
supported mechanisms.
Since 5.4.0, to require a trustchain public key strength for the remote
side, specify the key type followed by the minimum strength in bits (for
example ecdsa-384 or
rsa-2048-ecdsa-256). To limit the acceptable set of
hashing algorithms for trustchain validation, append hash algorithms to
pubkey or a key strength definition (for example
pubkey-sha256-sha512,
rsa-2048-sha256-sha384-sha512 or
rsa-2048-sha256-ecdsa-256-sha256-sha384).
Unless disabled in strongswan.conf, or explicit IKEv2
signature constraints are configured (refer to the description of the
local section's auth keyword for
details), such key types and hash algorithms are also applied as
constraints against IKEv2 signature authentication schemes used by the
remote side. To require RSASSA-PSS signatures use
rsa/pss instead of pubkey or
rsa as in e.g. rsa/pss-sha256. If
pubkey or rsa constraints are
configured RSASSA-PSS signatures will only be accepted if enabled in
strongswan.conf(5).
To specify trust chain constraints for EAP-(T)TLS, append a colon to the
EAP method, followed by the key type/size and hash algorithm as
discussed above (e.g. eap-tls:ecdsa-384-sha384).
StrongSwan default: "pubkey"
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.ca_idIdentity in CA certificate to accept for authentication. The specified
identity must be contained in one (intermediate) CA of the remote peer
trustchain, either as subject or as subjectAltName. This has the same
effect as specifying cacerts to force clients under
a CA to specific connections; it does not require the CA certificate
to be available locally, and can be received from the peer during the
IKE exchange.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cacertSection for a CA certificate to accept for authentication. Certificates in cacerts are transmitted as binary blobs, these sections offer more flexibility.
Type: attribute set of (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cacert.<name>.fileAbsolute path to the certificate to load. Passed as-is to the daemon, so it must be readable by it.
Configure either this or handle, but not both, in one section.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cacert.<name>.handleHex-encoded CKA_ID or handle of the certificate on a token or TPM, respectively.
Configure either this or file, but not both, in one section.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cacert.<name>.moduleOptional PKCS#11 module name.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cacert.<name>.slotOptional slot number of the token that stores the certificate.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cacertsList of CA certificates to accept for
authentication. The certificates may use a relative path from the
swanctl x509ca directory or an absolute path.
StrongSwan default: []
Type: null or (list of string)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.certSection for a certificate candidate to use for authentication. Certificates in certs are transmitted as binary blobs, these sections offer more flexibility.
Type: attribute set of (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cert.<name>.fileAbsolute path to the certificate to load. Passed as-is to the daemon, so it must be readable by it.
Configure either this or handle, but not both, in one section.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cert.<name>.handleHex-encoded CKA_ID or handle of the certificate on a token or TPM, respectively.
Configure either this or file, but not both, in one section.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cert.<name>.moduleOptional PKCS#11 module name.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cert.<name>.slotOptional slot number of the token that stores the certificate.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.cert_policyList of certificate policy OIDs the peer's certificate must have. OIDs are specified using the numerical dotted representation.
StrongSwan default: []
Type: null or (list of string)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.certsList of certificates to accept for authentication. The certificates may
use a relative path from the swanctl x509 directory
or an absolute path.
StrongSwan default: []
Type: null or (list of string)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.eap_idIdentity to use as peer identity during EAP authentication. If set to
%any the EAP-Identity method will be used to ask the
client for an EAP identity.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.groupsAuthorization group memberships to require. The peer must prove membership to at least one of the specified groups. Group membership can be certified by different means, for example by appropriate Attribute Certificates or by an AAA backend involved in the authentication.
StrongSwan default: []
Type: null or (list of string)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.idIKE identity to expect for authentication round. When using certificate authentication, the IKE identity must be contained in the certificate, either as subject or as subjectAltName.
StrongSwan default: "%any"
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.pubkeysList of raw public keys to accept for
authentication. The public keys may use a relative path from the swanctl
pubkey directory or an absolute path.
StrongSwan default: []
Type: null or (list of string)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.revocationCertificate revocation policy for CRL or OCSP revocation.
A strict revocation policy fails if no revocation information is
available, i.e. the certificate is not known to be unrevoked.
ifuri fails only if a CRL/OCSP URI is available, but certificate
revocation checking fails, i.e. there should be revocation information
available, but it could not be obtained.
The default revocation policy relaxed fails only if a certificate is
revoked, i.e. it is explicitly known that it is bad.
StrongSwan default: "relaxed"
Type: null or one of "strict", "ifuri", "relaxed"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.remote.<name>.roundOptional numeric identifier by which authentication rounds are sorted. If not specified rounds are ordered by their position in the config file/vici message.
StrongSwan default: 0
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.remote_addrsRemote address(es) to use for IKE communication. Takes single IPv4/IPv6 addresses, DNS names, CIDR subnets or IP address ranges.
As initiator, the first non-range/non-subnet is used to initiate the connection to. As responder, the initiator source address must match at least to one of the specified addresses, subnets or ranges.
If FQDNs are assigned they are resolved every time a configuration lookup is done. If DNS resolution times out, the lookup is delayed for that time. To initiate a connection, at least one specific address or DNS name must be specified.
StrongSwan default: []
Type: null or (list of string)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.remote_portRemote UDP port for IKE communication. If the default of port
500 is used, automatic IKE port floating to port
4500 is used to work around NAT issues.
StrongSwan default: 500
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.send_certSend certificate payloads when using certificate authentication.
With the default of ifasked the daemon sends
certificate payloads only if certificate requests have been received.
never disables sending of certificate payloads
altogether,
always causes certificate payloads to be sent
unconditionally whenever certificate authentication is used.
StrongSwan default: "ifasked"
Type: null or one of "always", "never", "ifasked"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.send_certreqSend certificate request payloads to offer trusted root CA certificates to the peer. Certificate requests help the peer to choose an appropriate certificate/private key for authentication and are enabled by default. Disabling certificate requests can be useful if too many trusted root CA certificates are installed, as each certificate request increases the size of the initial IKE packets.
StrongSwan default: true
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.uniqueConnection uniqueness policy to enforce. To avoid multiple connections from the same user, a uniqueness policy can be enforced.
The value never does never enforce such a policy, even
if a peer included INITIAL_CONTACT notification messages,
whereas no replaces existing connections for the same
identity if a new one has the INITIAL_CONTACT notify.
keep rejects new connection attempts if the same user
already has an active connection,
replace deletes any existing connection if a new one
for the same user gets established.
To compare connections for uniqueness, the remote IKE identity is used. If EAP or XAuth authentication is involved, the EAP-Identity or XAuth username is used to enforce the uniqueness policy instead.
On initiators this setting specifies whether an INITIAL_CONTACT notify is
sent during IKE_AUTH if no existing connection is found with the remote
peer (determined by the identities of the first authentication
round). Unless set to never the client will send a notify.
StrongSwan default: "no"
Type: null or one of "no", "never", "keep", "replace"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.versionIKE major version to use for connection.
1 uses IKEv1 aka ISAKMP,
2 uses IKEv2.
A connection using the default of 0 accepts both IKEv1 and IKEv2 as responder, and initiates the connection actively with IKEv2.
StrongSwan default: 0
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.connections.<name>.vipsList of virtual IPs to request in IKEv2 configuration payloads or IKEv1
Mode Config. The wildcard addresses 0.0.0.0 and
:: request an arbitrary address, specific addresses may
be defined. The responder may return a different address, though, or none
at all.
StrongSwan default: []
Type: null or (list of string)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.poolsSection defining named pools. Named pools may be referenced by connections with the pools option to assign virtual IPs and other configuration attributes. Each pool must have a unique name (denoted <name> below).
Type: attribute set of (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.pools.<name>.addrsSubnet or range defining addresses allocated in pool. Accepts a single CIDR subnet defining the pool to allocate addresses from or an address range (<from>-<to>). Pools must be unique and non-overlapping.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.pools.<name>.dhcpAddress or CIDR subnets
StrongSwan default: []
Type: null or (list of string)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.pools.<name>.dnsAddress or CIDR subnets
StrongSwan default: []
Type: null or (list of string)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.pools.<name>.nbnsAddress or CIDR subnets
StrongSwan default: []
Type: null or (list of string)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.pools.<name>.netmaskAddress or CIDR subnets
StrongSwan default: []
Type: null or (list of string)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.pools.<name>.serverAddress or CIDR subnets
StrongSwan default: []
Type: null or (list of string)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.pools.<name>.split_excludeAddress or CIDR subnets
StrongSwan default: []
Type: null or (list of string)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.pools.<name>.split_includeAddress or CIDR subnets
StrongSwan default: []
Type: null or (list of string)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.pools.<name>.subnetAddress or CIDR subnets
StrongSwan default: []
Type: null or (list of string)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.secrets.eapEAP secret section for a specific secret. Each EAP secret is defined in a
unique section having the eap prefix. EAP secrets are
used for XAuth authentication as well.
Type: attribute set of (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.secrets.eap.<name>.idIdentity the EAP/XAuth secret belongs to. Multiple unique identities may
be specified, each having an id prefix, if a secret
is shared between multiple users.
Type: attribute set of (null or string)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.secrets.eap.<name>.secretValue of the EAP/XAuth secret. It may either be an ASCII string, a hex encoded string if it has a 0x prefix or a Base64 encoded string if it has a 0s prefix in its value.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.secrets.ecdsaPrivate key decryption passphrase for a key in the
ecdsa folder.
Type: attribute set of (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.secrets.ecdsa.<name>.fileFile name in the ecdsa folder for which this
passphrase should be used.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.secrets.ecdsa.<name>.secretValue of decryption passphrase for ECDSA key.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.secrets.ikeIKE preshared secret section for a specific secret. Each IKE PSK is
defined in a unique section having the ike prefix.
Type: attribute set of (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.secrets.ike.<name>.idIKE identity the IKE preshared secret belongs to. Multiple unique
identities may be specified, each having an id
prefix, if a secret is shared between multiple peers.
Type: attribute set of (null or string)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.secrets.ike.<name>.secretValue of the IKE preshared secret. It may either be an ASCII string, a hex encoded string if it has a 0x prefix or a Base64 encoded string if it has a 0s prefix in its value.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.secrets.ntlmNTLM secret section for a specific secret. Each NTLM secret is defined in
a unique section having the ntlm prefix. NTLM secrets
may only be used for EAP-MSCHAPv2 authentication.
Type: attribute set of (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.secrets.ntlm.<name>.idIdentity the NTLM secret belongs to. Multiple unique identities may be specified, each having an id prefix, if a secret is shared between multiple users.
Type: attribute set of (null or string)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.secrets.ntlm.<name>.secretValue of the NTLM secret, which is the NT Hash of the actual secret, that is, MD4(UTF-16LE(secret)). The resulting 16-byte value may either be given as a hex encoded string with a 0x prefix or as a Base64 encoded string with a 0s prefix.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.secrets.pkcs12PKCS#12 decryption passphrase for a container in the
pkcs12 folder.
Type: attribute set of (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.secrets.pkcs12.<name>.fileFile name in the pkcs12 folder for which this
passphrase should be used.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.secrets.pkcs12.<name>.secretValue of decryption passphrase for PKCS#12 container.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.secrets.pkcs8Private key decryption passphrase for a key in the
pkcs8 folder.
Type: attribute set of (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.secrets.pkcs8.<name>.fileFile name in the pkcs8 folder for which this
passphrase should be used.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.secrets.pkcs8.<name>.secretValue of decryption passphrase for PKCS#8 key.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.secrets.ppkPostquantum Preshared Key (PPK) section for a specific secret. Each PPK is
defined in a unique section having the ppk prefix.
Type: attribute set of (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.secrets.ppk.<name>.idPPK identity the PPK belongs to. Multiple unique identities may be
specified, each having an id prefix, if a secret is
shared between multiple peers.
Type: attribute set of (null or string)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.secrets.ppk.<name>.secretValue of the PPK. It may either be an ASCII string, a hex encoded string
if it has a 0x prefix or a Base64 encoded string if
it has a 0s prefix in its value. Should have at least
256 bits of entropy for 128-bit security.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.secrets.privatePrivate key decryption passphrase for a key in the
private folder.
Type: attribute set of (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.secrets.private.<name>.fileFile name in the private folder for which this passphrase should be used.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.secrets.private.<name>.secretValue of decryption passphrase for private key.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.secrets.rsaPrivate key decryption passphrase for a key in the rsa
folder.
Type: attribute set of (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.secrets.rsa.<name>.fileFile name in the rsa folder for which this passphrase
should be used.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.secrets.rsa.<name>.secretValue of decryption passphrase for RSA key.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.secrets.tokenDefinition for a private key that's stored on a token/smartcard/TPM.
Type: attribute set of (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.secrets.token.<name>.handleHex-encoded CKA_ID or handle of the private key on the token or TPM, respectively.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.secrets.token.<name>.moduleOptional PKCS#11 module name to access the token.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.secrets.token.<name>.pinOptional PIN required to access the key on the token. If none is
provided the user is prompted during an interactive
--load-creds call.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.secrets.token.<name>.slotOptional slot number to access the token.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.secrets.xauthEAP secret section for a specific secret. Each EAP secret is defined in a
unique section having the eap prefix. EAP secrets are
used for XAuth authentication as well.
Type: attribute set of (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.secrets.xauth.<name>.idIdentity the EAP/XAuth secret belongs to. Multiple unique identities may
be specified, each having an id prefix, if a secret
is shared between multiple users.
Type: attribute set of (null or string)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.strongswan-swanctl.swanctl.secrets.xauth.<name>.secretValue of the EAP/XAuth secret. It may either be an ASCII string, a hex encoded string if it has a 0x prefix or a Base64 encoded string if it has a 0s prefix in its value.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/strongswan-swanctl/module.nix>
|
services.stubby.enableWhether to enable Stubby DNS resolver.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/stubby.nix>
|
services.stubby.logLevelLog verbosity (syslog keyword or level).
Type: null or one of "alert", "crit", "debug", "emerg", "error", "info", "notice", "warning", 1, 2, 7, 0, 3, 6, 5, 4
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/stubby.nix>
|
services.stubby.settingsContent of the Stubby configuration file. All Stubby settings may be set or queried
here. The default settings are available at
pkgs.stubby.passthru.settingsExample. See
https://dnsprivacy.org/wiki/display/DP/Configuring+Stubby.
A list of the public recursive servers can be found here:
https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Test+Servers.
Type: attribute set of (YAML value)
Example:
pkgs.stubby.passthru.settingsExample // {
upstream_recursive_servers = [{
address_data = "158.64.1.29";
tls_auth_name = "kaitain.restena.lu";
tls_pubkey_pinset = [{
digest = "sha256";
value = "7ftvIkA+UeN/ktVkovd/7rPZ6mbkhVI7/8HnFJIiLa4=";
}];
}];
};
Declared by:
<nixpkgs/nixos/modules/services/networking/stubby.nix>
|
services.stunnel.enableWhether to enable the stunnel TLS tunneling service.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/stunnel.nix>
|
services.stunnel.enableInsecureSSLv3Enable support for the insecure SSLv3 protocol.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/stunnel.nix>
|
services.stunnel.clientsDefine the client configurations.
By default, verifyChain and OCSPaia are enabled and a CAFile is provided from pkgs.cacert.
See "SERVICE-LEVEL OPTIONS" in stunnel(8).
Type: attribute set of attribute set of (null or boolean or signed integer or string)
Default: { }
Example:
{
foobar = {
accept = "0.0.0.0:8080";
connect = "nixos.org:443";
verifyChain = false;
};
}Declared by:
<nixpkgs/nixos/modules/services/networking/stunnel.nix>
|
services.stunnel.fipsModeEnable FIPS 140-2 mode required for compliance.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/stunnel.nix>
|
services.stunnel.groupThe group under which stunnel runs.
Type: null or string
Default: "nogroup"
Declared by:
<nixpkgs/nixos/modules/services/networking/stunnel.nix>
|
services.stunnel.logLevelVerbosity of stunnel output.
Type: one of "emerg", "alert", "crit", "err", "warning", "notice", "info", "debug"
Default: "info"
Declared by:
<nixpkgs/nixos/modules/services/networking/stunnel.nix>
|
services.stunnel.serversDefine the server configurations.
See "SERVICE-LEVEL OPTIONS" in stunnel(8).
Type: attribute set of attribute set of (null or boolean or signed integer or string)
Default: { }
Example:
{
fancyWebserver = {
accept = 443;
cert = "/path/to/pem/file";
connect = 8080;
};
}Declared by:
<nixpkgs/nixos/modules/services/networking/stunnel.nix>
|
services.stunnel.userThe user under which stunnel runs.
Type: null or string
Default: "nobody"
Declared by:
<nixpkgs/nixos/modules/services/networking/stunnel.nix>
|
services.subsonic.enableWhether to enable Subsonic daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/subsonic.nix>
|
services.subsonic.contextPathThe context path, i.e., the last part of the Subsonic URL. Typically '/' or '/subsonic'. Default '/'
Type: path
Default: "/"
Declared by:
<nixpkgs/nixos/modules/services/misc/subsonic.nix>
|
services.subsonic.defaultMusicFolderConfigure Subsonic to use this folder for music. This option only has effect the first time Subsonic is started.
Type: path
Default: "/var/music"
Declared by:
<nixpkgs/nixos/modules/services/misc/subsonic.nix>
|
services.subsonic.defaultPlaylistFolderConfigure Subsonic to use this folder for playlists. This option only has effect the first time Subsonic is started.
Type: path
Default: "/var/playlists"
Declared by:
<nixpkgs/nixos/modules/services/misc/subsonic.nix>
|
services.subsonic.defaultPodcastFolderConfigure Subsonic to use this folder for Podcasts. This option only has effect the first time Subsonic is started.
Type: path
Default: "/var/music/Podcast"
Declared by:
<nixpkgs/nixos/modules/services/misc/subsonic.nix>
|
services.subsonic.homeThe directory where Subsonic will create files. Make sure it is writable.
Type: path
Default: "/var/lib/subsonic"
Declared by:
<nixpkgs/nixos/modules/services/misc/subsonic.nix>
|
services.subsonic.httpsPortThe port on which Subsonic will listen for incoming HTTPS traffic. Set to 0 to disable.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/misc/subsonic.nix>
|
services.subsonic.listenAddressThe host name or IP address on which to bind Subsonic. Only relevant if you have multiple network interfaces and want to make Subsonic available on only one of them. The default value will bind Subsonic to all available network interfaces.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/misc/subsonic.nix>
|
services.subsonic.maxMemoryThe memory limit (max Java heap size) in megabytes. Default: 100
Type: signed integer
Default: 100
Declared by:
<nixpkgs/nixos/modules/services/misc/subsonic.nix>
|
services.subsonic.portThe port on which Subsonic will listen for incoming HTTP traffic. Set to 0 to disable.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 4040
Declared by:
<nixpkgs/nixos/modules/services/misc/subsonic.nix>
|
services.subsonic.transcodersList of paths to transcoder executables that should be accessible from Subsonic. Symlinks will be created to each executable inside ${config.services.subsonic.home}/transcoders.
Type: list of path
Default: [ "${pkgs.ffmpeg.bin}/bin/ffmpeg" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/subsonic.nix>
|
services.sundtek.enableWhether to enable Sundtek driver.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/sundtek.nix>
|
services.supergfxd.enableWhether to enable Enable the supergfxd service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/hardware/supergfxd.nix>
|
services.supergfxd.settingsThe content of /etc/supergfxd.conf. See https://gitlab.com/asus-linux/supergfxctl/#config-options-etcsupergfxdconf.
Type: null or JSON value
Default: null
Declared by:
<nixpkgs/nixos/modules/services/hardware/supergfxd.nix>
|
services.supybot.enableEnable Supybot, an IRC bot (also known as Limnoria).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/supybot.nix>
|
services.supybot.configFilePath to initial supybot config file. This can be generated by running supybot-wizard.
Note: all paths should include the full path to the stateDir directory (backup conf data logs logs/plugins plugins tmp web).
Type: path
Declared by:
<nixpkgs/nixos/modules/services/networking/supybot.nix>
|
services.supybot.extraPackagesExtra Python packages available to supybot plugins. The
value must be a function which receives the attrset defined
in python3Packages as the sole argument.
Type: function that evaluates to a(n) list of package
Default: p: []
Example: p: [ p.lxml p.requests ]
Declared by:
<nixpkgs/nixos/modules/services/networking/supybot.nix>
|
services.supybot.pluginsAttribute set of additional plugins that will be symlinked to the
plugin subdirectory.
Please note that you still need to add the plugins to the config
file (or with !load) using their attribute name.
Type: attribute set of path
Default: { }
Example:
let
plugins = pkgs.fetchzip {
url = "https://github.com/ProgVal/Supybot-plugins/archive/57c2450c.zip";
sha256 = "077snf84ibnva3sbpzdfpfma6hcdw7dflwnhg6pw7mgnf0nd84qd";
};
in
{
Wikipedia = "${plugins}/Wikipedia";
Decide = ./supy-decide;
}
Declared by:
<nixpkgs/nixos/modules/services/networking/supybot.nix>
|
services.supybot.stateDirThe root directory, logs and plugins are stored here
Type: path
Default: /var/lib/supybot
Declared by:
<nixpkgs/nixos/modules/services/networking/supybot.nix>
|
services.surrealdb.enableWhether to enable A scalable, distributed, collaborative, document-graph database, for the realtime web .
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/databases/surrealdb.nix>
|
services.surrealdb.packageWhich surrealdb derivation to use.
Type: package
Default: pkgs.surrealdb
Declared by:
<nixpkgs/nixos/modules/services/databases/surrealdb.nix>
|
services.surrealdb.dbPathThe path that surrealdb will write data to. Use null for in-memory. Can be one of "memory", "file://:path", "tikv://:addr".
Type: string
Default: "file:///var/lib/surrealdb/"
Example: "memory"
Declared by:
<nixpkgs/nixos/modules/services/databases/surrealdb.nix>
|
services.surrealdb.hostThe host that surrealdb will connect to.
Type: string
Default: "127.0.0.1"
Example: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/databases/surrealdb.nix>
|
services.surrealdb.passwordPathPath to read the password from.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/databases/surrealdb.nix>
|
services.surrealdb.portThe port that surrealdb will connect to.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8000
Example: 8000
Declared by:
<nixpkgs/nixos/modules/services/databases/surrealdb.nix>
|
services.surrealdb.userNamePathPath to read the username from.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/databases/surrealdb.nix>
|
services.svnserve.enableWhether to enable svnserve to serve Subversion repositories through the SVN protocol.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/svnserve.nix>
|
services.svnserve.svnBaseDirBase directory from which Subversion repositories are accessed.
Type: string
Default: "/repos"
Declared by:
<nixpkgs/nixos/modules/services/misc/svnserve.nix>
|
services.switcherooControl.enableWhether to enable switcheroo-control, a D-Bus service to check the availability of dual-GPU.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/hardware/video/switcheroo-control.nix>
|
services.sympa.enableWhether to enable Sympa mailing list manager.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/mail/sympa.nix>
|
services.sympa.database.createLocallyWhether to create a local database automatically.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/mail/sympa.nix>
|
services.sympa.database.hostDatabase host address.
For MySQL, use localhost to connect using Unix domain socket.
For PostgreSQL, use path to directory (e.g. /run/postgresql)
to connect using Unix domain socket located in this directory.
Use null to fall back on Sympa default, or when using
services.sympa.database.createLocally.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/mail/sympa.nix>
|
services.sympa.database.nameDatabase name. When using SQLite this must be an absolute path to the database file.
Type: string
Default: if database.type == "SQLite" then "/var/lib/sympa/sympa.sqlite" else "sympa"
Declared by:
<nixpkgs/nixos/modules/services/mail/sympa.nix>
|
services.sympa.database.passwordFileA file containing the password for services.sympa.database.user.
Type: null or path
Default: null
Example: "/run/keys/sympa-dbpassword"
Declared by:
<nixpkgs/nixos/modules/services/mail/sympa.nix>
|
services.sympa.database.portDatabase port. Use null for default port.
Type: null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/mail/sympa.nix>
|
services.sympa.database.typeDatabase engine to use.
Type: one of "SQLite", "PostgreSQL", "MySQL"
Default: "SQLite"
Example: "MySQL"
Declared by:
<nixpkgs/nixos/modules/services/mail/sympa.nix>
|
services.sympa.database.userDatabase user. The system user name is used as a default.
Type: null or string
Default: "sympa"
Declared by:
<nixpkgs/nixos/modules/services/mail/sympa.nix>
|
services.sympa.domainsEmail domains handled by this instance. There have to be MX records for keys of this attribute set.
Type: attribute set of (submodule)
Example:
{
"lists.example.org" = {
webHost = "lists.example.org";
webLocation = "/";
};
"sympa.example.com" = {
webHost = "example.com";
webLocation = "/sympa";
};
}
Declared by:
<nixpkgs/nixos/modules/services/mail/sympa.nix>
|
services.sympa.domains.<name>.settingsThe robot.conf configuration file as key value set.
See https://sympa-community.github.io/gpldoc/man/sympa.conf.5.html
for list of configuration parameters.
Type: attribute set of (string or signed integer or boolean)
Default: { }
Example:
{
default_max_list_members = 3;
}Declared by:
<nixpkgs/nixos/modules/services/mail/sympa.nix>
|
services.sympa.domains.<name>.webHostDomain part of the web interface URL (no web interface for this domain if null).
DNS record of type A (or AAAA or CNAME) has to exist with this value.
Type: null or string
Default: null
Example: "archive.example.org"
Declared by:
<nixpkgs/nixos/modules/services/mail/sympa.nix>
|
services.sympa.domains.<name>.webLocationURL path part of the web interface.
Type: string
Default: "/"
Example: "/sympa"
Declared by:
<nixpkgs/nixos/modules/services/mail/sympa.nix>
|
services.sympa.langDefault Sympa language. See https://github.com/sympa-community/sympa/tree/sympa-6.2/po/sympa for available options.
Type: string
Default: "en_US"
Example: "cs"
Declared by:
<nixpkgs/nixos/modules/services/mail/sympa.nix>
|
services.sympa.listMastersThe list of the email addresses of the listmasters (users authorized to perform global server commands).
Type: list of string
Example:
[ "postmaster@sympa.example.org" ]
Declared by:
<nixpkgs/nixos/modules/services/mail/sympa.nix>
|
services.sympa.mainDomainMain domain to be used in sympa.conf.
If null, one of the services.sympa.domains is chosen for you.
Type: null or string
Default: null
Example: "lists.example.org"
Declared by:
<nixpkgs/nixos/modules/services/mail/sympa.nix>
|
services.sympa.mta.typeMail transfer agent (MTA) integration. Use none if you want to configure it yourself.
The postfix integration sets up local Postfix instance that will pass incoming
messages from configured domains to Sympa. You still need to configure at least outgoing message
handling using e.g. services.postfix.relayHost.
Type: one of "postfix", "none"
Default: "postfix"
Declared by:
<nixpkgs/nixos/modules/services/mail/sympa.nix>
|
services.sympa.settingsThe sympa.conf configuration file as key value set.
See https://sympa-community.github.io/gpldoc/man/sympa.conf.5.html
for list of configuration parameters.
Type: attribute set of (string or signed integer or boolean)
Default: { }
Example:
{
default_home = "lists";
viewlogs_page_size = 50;
}
Declared by:
<nixpkgs/nixos/modules/services/mail/sympa.nix>
|
services.sympa.settingsFileSet of files to be linked in /var/lib/sympa.
Type: attribute set of (submodule)
Default: { }
Example:
{
"list_data/lists.example.org/help" = {
text = "subject This list provides help to users";
};
}
Declared by:
<nixpkgs/nixos/modules/services/mail/sympa.nix>
|
services.sympa.settingsFile.<name>.enableWhether this file should be generated. This option allows specific files to be disabled.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/mail/sympa.nix>
|
services.sympa.settingsFile.<name>.sourcePath of the source file.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/mail/sympa.nix>
|
services.sympa.settingsFile.<name>.textText of the file.
Type: null or strings concatenated with "\n"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/mail/sympa.nix>
|
services.sympa.web.enableWhether to enable Sympa web interface.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/mail/sympa.nix>
|
services.sympa.web.fcgiProcsNumber of FastCGI processes to fork.
Type: positive integer, meaning >0
Default: 2
Declared by:
<nixpkgs/nixos/modules/services/mail/sympa.nix>
|
services.sympa.web.httpsWhether to use HTTPS. When nginx integration is enabled, this option forces SSL and enables ACME. Please note that Sympa web interface always uses https links even when this option is disabled.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/mail/sympa.nix>
|
services.sympa.web.serverThe webserver used for the Sympa web interface. Set it to none if you want to configure it yourself.
Further nginx configuration can be done by adapting
services.nginx.virtualHosts.«name».
Type: one of "nginx", "none"
Default: "nginx"
Declared by:
<nixpkgs/nixos/modules/services/mail/sympa.nix>
|
services.syncoid.enableWhether to enable Syncoid ZFS synchronization service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/backup/syncoid.nix>
|
services.syncoid.commandsSyncoid commands to run.
Type: attribute set of (submodule)
Default: { }
Example:
{
"pool/test".target = "root@target:pool/test";
}
Declared by:
<nixpkgs/nixos/modules/services/backup/syncoid.nix>
|
services.syncoid.commands.<name>.extraArgsExtra syncoid arguments for this command.
Type: list of string
Default: [ ]
Example:
[ "--sshport 2222" ]
Declared by:
<nixpkgs/nixos/modules/services/backup/syncoid.nix>
|
services.syncoid.commands.<name>.localSourceAllowPermissions granted for the services.syncoid.user user
for local source datasets. See
https://openzfs.github.io/openzfs-docs/man/8/zfs-allow.8.html
for available permissions.
Defaults to services.syncoid.localSourceAllow option.
Type: list of string
Declared by:
<nixpkgs/nixos/modules/services/backup/syncoid.nix>
|
services.syncoid.commands.<name>.localTargetAllowPermissions granted for the services.syncoid.user user
for local target datasets. See
https://openzfs.github.io/openzfs-docs/man/8/zfs-allow.8.html
for available permissions.
Make sure to include the change-key permission if you send raw encrypted datasets,
the compression permission if you send raw compressed datasets, and so on.
For remote target datasets you'll have to set your remote user permissions by yourself.
Type: list of string
Declared by:
<nixpkgs/nixos/modules/services/backup/syncoid.nix>
|
services.syncoid.commands.<name>.recursiveWhether to enable the transfer of child datasets.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/backup/syncoid.nix>
|
services.syncoid.commands.<name>.recvOptionsAdvanced options to pass to zfs recv. Options are specified without their leading dashes and separated by spaces.
Type: strings concatenated with " "
Default: ""
Example: "ux recordsize o compression=lz4"
Declared by:
<nixpkgs/nixos/modules/services/backup/syncoid.nix>
|
services.syncoid.commands.<name>.sendOptionsAdvanced options to pass to zfs send. Options are specified without their leading dashes and separated by spaces.
Type: strings concatenated with " "
Default: ""
Example: "Lc e"
Declared by:
<nixpkgs/nixos/modules/services/backup/syncoid.nix>
|
services.syncoid.commands.<name>.serviceSystemd configuration specific to this syncoid service.
Type: attribute set
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/backup/syncoid.nix>
|
services.syncoid.commands.<name>.sourceSource ZFS dataset. Can be either local or remote. Defaults to the attribute name.
Type: string
Example: "pool/dataset"
Declared by:
<nixpkgs/nixos/modules/services/backup/syncoid.nix>
|
services.syncoid.commands.<name>.sshKeySSH private key file to use to login to the remote system.
Defaults to services.syncoid.sshKey option.
Type: null or path
Declared by:
<nixpkgs/nixos/modules/services/backup/syncoid.nix>
|
services.syncoid.commands.<name>.targetTarget ZFS dataset. Can be either local («pool/dataset») or remote («user@server:pool/dataset»).
Type: string
Example: "user@server:pool/dataset"
Declared by:
<nixpkgs/nixos/modules/services/backup/syncoid.nix>
|
services.syncoid.commands.<name>.useCommonArgsWhether to add the configured common arguments to this command.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/backup/syncoid.nix>
|
services.syncoid.commonArgsArguments to add to every syncoid command, unless disabled for that command. See https://github.com/jimsalterjrs/sanoid/#syncoid-command-line-options for available options.
Type: list of string
Default: [ ]
Example:
[ "--no-sync-snap" ]
Declared by:
<nixpkgs/nixos/modules/services/backup/syncoid.nix>
|
services.syncoid.groupThe group for the service.
Type: string
Default: "syncoid"
Example: "backup"
Declared by:
<nixpkgs/nixos/modules/services/backup/syncoid.nix>
|
services.syncoid.intervalRun syncoid at this interval. The default is to run hourly.
The format is described in systemd.time(7).
Type: string
Default: "hourly"
Example: "*-*-* *:15:00"
Declared by:
<nixpkgs/nixos/modules/services/backup/syncoid.nix>
|
services.syncoid.localSourceAllowPermissions granted for the services.syncoid.user user
for local source datasets. See
https://openzfs.github.io/openzfs-docs/man/8/zfs-allow.8.html
for available permissions.
Type: list of string
Default:
[ "bookmark" "hold" "send" "snapshot" "destroy" ]
Declared by:
<nixpkgs/nixos/modules/services/backup/syncoid.nix>
|
services.syncoid.localTargetAllowPermissions granted for the services.syncoid.user user
for local target datasets. See
https://openzfs.github.io/openzfs-docs/man/8/zfs-allow.8.html
for available permissions.
Make sure to include the change-key permission if you send raw encrypted datasets,
the compression permission if you send raw compressed datasets, and so on.
For remote target datasets you'll have to set your remote user permissions by yourself.
Type: list of string
Default:
[ "change-key" "compression" "create" "mount" "mountpoint" "receive" "rollback" ]
Example:
[ "create" "mount" "receive" "rollback" ]
Declared by:
<nixpkgs/nixos/modules/services/backup/syncoid.nix>
|
services.syncoid.serviceSystemd configuration common to all syncoid services.
Type: attribute set
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/backup/syncoid.nix>
|
services.syncoid.sshKeySSH private key file to use to login to the remote system. Can be overridden in individual commands.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/backup/syncoid.nix>
|
services.syncoid.userThe user for the service. ZFS privilege delegation will be automatically configured for any local pools used by syncoid if this option is set to a user other than root. The user will be given the "hold" and "send" privileges on any pool that has datasets being sent and the "create", "mount", "receive", and "rollback" privileges on any pool that has datasets being received.
Type: string
Default: "syncoid"
Example: "backup"
Declared by:
<nixpkgs/nixos/modules/services/backup/syncoid.nix>
|
services.syncplay.enableIf enabled, start the Syncplay server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/syncplay.nix>
|
services.syncplay.certDirTLS certificates directory to use for encryption. See https://github.com/Syncplay/syncplay/wiki/TLS-support.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/syncplay.nix>
|
services.syncplay.groupGroup to use when running Syncplay.
Type: string
Default: "nogroup"
Declared by:
<nixpkgs/nixos/modules/services/networking/syncplay.nix>
|
services.syncplay.passwordFilePath to the file that contains the server password. If
null, the server doesn't require a password.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/syncplay.nix>
|
services.syncplay.portTCP port to bind to.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8999
Declared by:
<nixpkgs/nixos/modules/services/networking/syncplay.nix>
|
services.syncplay.saltSalt to allow room operator passwords generated by this server instance to still work when the server is restarted.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/syncplay.nix>
|
services.syncplay.userUser to use when running Syncplay.
Type: string
Default: "nobody"
Declared by:
<nixpkgs/nixos/modules/services/networking/syncplay.nix>
|
services.syncthing.enableWhether to enable Syncthing, a self-hosted open-source alternative to Dropbox and Bittorrent Sync.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing.nix>
|
services.syncthing.packageThe Syncthing package to use.
Type: package
Default: pkgs.syncthing
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing.nix>
|
services.syncthing.all_proxyOverwrites the all_proxy environment variable for the Syncthing process to the given value. This is normally used to let Syncthing connect through a SOCKS5 proxy server. See https://docs.syncthing.net/users/proxying.html.
Type: null or string
Default: null
Example: "socks5://address.com:1234"
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing.nix>
|
services.syncthing.certPath to the cert.pem file, which will be copied into Syncthing's
configDir.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing.nix>
|
services.syncthing.configDirThe path where the settings and keys will exist.
Type: path
Default:
if stateVersion >= 19.03:
config.services.syncthing.dataDir + "/.config/syncthing"
otherwise:
config.services.syncthing.dataDir
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing.nix>
|
services.syncthing.dataDirThe path where synchronised directories will exist.
Type: path
Default: "/var/lib/syncthing"
Example: "/home/yourUser"
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing.nix>
|
services.syncthing.devicesPeers/devices which Syncthing should communicate with.
Note that you can still add devices manually, but those changes will be reverted on restart if overrideDevices is enabled.
Type: attribute set of (submodule)
Default: { }
Example:
{
bigbox = {
addresses = [
"tcp://192.168.0.10:51820"
];
id = "7CFNTQM-IMTJBHJ-3UWRDIU-ZGQJFR6-VCXZ3NB-XUH3KZO-N52ITXR-LAIYUAU";
};
}Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing.nix>
|
services.syncthing.devices.<name>.addressesThe addresses used to connect to the device. If this is left empty, dynamic configuration is attempted.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing.nix>
|
services.syncthing.devices.<name>.autoAcceptFoldersAutomatically create or share folders that this device advertises at the default path. See https://docs.syncthing.net/users/config.html?highlight=autoaccept#config-file-format.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing.nix>
|
services.syncthing.devices.<name>.idThe device ID. See https://docs.syncthing.net/dev/device-ids.html.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing.nix>
|
services.syncthing.devices.<name>.introducerWhether the device should act as an introducer and be allowed to add folders on this computer. See https://docs.syncthing.net/users/introducer.html.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing.nix>
|
services.syncthing.devices.<name>.nameThe name of the device.
Type: string
Default: "‹name›"
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing.nix>
|
services.syncthing.extraFlagsExtra flags passed to the syncthing command in the service definition.
Type: list of string
Default: [ ]
Example:
[ "--reset-deltas" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing.nix>
|
services.syncthing.extraOptionsExtra configuration options for Syncthing. See https://docs.syncthing.net/users/config.html.
Type: JSON value
Default: { }
Example:
{
gui = {
theme = "black";
};
options = {
localAnnounceEnabled = false;
};
}Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing.nix>
|
services.syncthing.foldersFolders which should be shared by Syncthing.
Note that you can still add folders manually, but those changes will be reverted on restart if overrideFolders is enabled.
Type: attribute set of (submodule)
Default: { }
Example:
{
"/home/user/sync" = {
id = "syncme";
devices = [ "bigbox" ];
};
}
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing.nix>
|
services.syncthing.folders.<name>.enableWhether to share this folder. This option is useful when you want to define all folders in one place, but not every machine should share all folders.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing.nix>
|
services.syncthing.folders.<name>.devicesThe devices this folder should be shared with. Each device must be defined in the devices option.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing.nix>
|
services.syncthing.folders.<name>.idThe ID of the folder. Must be the same on all devices.
Type: string
Default: "‹name›"
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing.nix>
|
services.syncthing.folders.<name>.ignoreDeleteWhether to skip deleting files that are deleted by peers. See https://docs.syncthing.net/advanced/folder-ignoredelete.html.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing.nix>
|
services.syncthing.folders.<name>.ignorePermsWhether to ignore permission changes.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing.nix>
|
services.syncthing.folders.<name>.labelThe label of the folder.
Type: string
Default: "‹name›"
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing.nix>
|
services.syncthing.folders.<name>.pathThe path to the folder which should be shared.
Only absolute paths (starting with /) and paths relative to
the user's home directory
(starting with ~/) are allowed.
Type: string starting with / or ~/
Default: "‹name›"
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing.nix>
|
services.syncthing.folders.<name>.rescanIntervalHow often the folder should be rescanned for changes.
Type: signed integer
Default: 3600
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing.nix>
|
services.syncthing.folders.<name>.typeWhether to only send changes for this folder, only receive them
or both. receiveencrypted can be used for untrusted devices. See
https://docs.syncthing.net/users/untrusted.html for reference.
Type: one of "sendreceive", "sendonly", "receiveonly", "receiveencrypted"
Default: "sendreceive"
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing.nix>
|
services.syncthing.folders.<name>.versioningHow to keep changed/deleted files with Syncthing. There are 4 different types of versioning with different parameters. See https://docs.syncthing.net/users/versioning.html.
Type: null or (submodule)
Default: null
Example:
[
{
versioning = {
type = "simple";
params.keep = "10";
};
}
{
versioning = {
type = "trashcan";
params.cleanoutDays = "1000";
};
}
{
versioning = {
type = "staggered";
fsPath = "/syncthing/backup";
params = {
cleanInterval = "3600";
maxAge = "31536000";
};
};
}
{
versioning = {
type = "external";
params.versionsPath = pkgs.writers.writeBash "backup" ''
folderpath="$1"
filepath="$2"
rm -rf "$folderpath/$filepath"
'';
};
}
]
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing.nix>
|
services.syncthing.folders.<name>.versioning.fsPathPath to the versioning folder. See https://docs.syncthing.net/users/versioning.html.
Type: string or path
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing.nix>
|
services.syncthing.folders.<name>.versioning.paramsThe parameters for versioning. Structure depends on versioning.type. See https://docs.syncthing.net/users/versioning.html.
Type: attribute set of (string or path)
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing.nix>
|
services.syncthing.folders.<name>.versioning.typeThe type of versioning. See https://docs.syncthing.net/users/versioning.html.
Type: one of "external", "simple", "staggered", "trashcan"
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing.nix>
|
services.syncthing.folders.<name>.watchWhether the folder should be watched for changes by inotify.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing.nix>
|
services.syncthing.folders.<name>.watchDelayThe delay after an inotify event is triggered.
Type: signed integer
Default: 10
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing.nix>
|
services.syncthing.groupThe group to run Syncthing under.
By default, a group named syncthing will be created.
Type: string
Default: "syncthing"
Example: "yourGroup"
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing.nix>
|
services.syncthing.guiAddressThe address to serve the web interface at.
Type: string
Default: "127.0.0.1:8384"
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing.nix>
|
services.syncthing.keyPath to the key.pem file, which will be copied into Syncthing's
configDir.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing.nix>
|
services.syncthing.openDefaultPortsWhether to open the default ports in the firewall: TCP/UDP 22000 for transfers and UDP 21027 for discovery.
If multiple users are running Syncthing on this machine, you will need to manually open a set of ports for each instance and leave this disabled. Alternatively, if you are running only a single instance on this machine using the default ports, enable this.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing.nix>
|
services.syncthing.overrideDevicesWhether to delete the devices which are not configured via the
devices option.
If set to false, devices added via the web
interface will persist and will have to be deleted manually.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing.nix>
|
services.syncthing.overrideFoldersWhether to delete the folders which are not configured via the
folders option.
If set to false, folders added via the web
interface will persist and will have to be deleted manually.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing.nix>
|
services.syncthing.relay.enableWhether to enable Syncthing relay service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing-relay.nix>
|
services.syncthing.relay.extraOptionsExtra command line arguments to pass to strelaysrv.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing-relay.nix>
|
services.syncthing.relay.globalRateBpsGlobal bandwidth rate limit in bytes per second.
Type: null or positive integer, meaning >0
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing-relay.nix>
|
services.syncthing.relay.listenAddressAddress to listen on for relay traffic.
Type: string
Default: ""
Example: "1.2.3.4"
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing-relay.nix>
|
services.syncthing.relay.perSessionRateBpsPer session bandwidth rate limit in bytes per second.
Type: null or positive integer, meaning >0
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing-relay.nix>
|
services.syncthing.relay.poolsRelay pools to join. If null, uses the default global pool.
Type: null or (list of string)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing-relay.nix>
|
services.syncthing.relay.portPort to listen on for relay traffic. This port should be added to
networking.firewall.allowedTCPPorts.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 22067
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing-relay.nix>
|
services.syncthing.relay.providedByHuman-readable description of the provider of the relay (you).
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing-relay.nix>
|
services.syncthing.relay.statusListenAddressAddress to listen on for serving the relay status API.
Type: string
Default: ""
Example: "1.2.3.4"
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing-relay.nix>
|
services.syncthing.relay.statusPortPort to listen on for serving the relay status API. This port should be
added to networking.firewall.allowedTCPPorts.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 22070
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing-relay.nix>
|
services.syncthing.systemServiceWhether to auto-launch Syncthing as a system service.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing.nix>
|
services.syncthing.userThe user to run Syncthing as.
By default, a user named syncthing will be created whose home
directory is dataDir.
Type: string
Default: "syncthing"
Example: "yourUser"
Declared by:
<nixpkgs/nixos/modules/services/networking/syncthing.nix>
|
services.synergy.client.enableWhether to enable the Synergy client (receive keyboard and mouse events from a Synergy server).
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/synergy.nix>
|
services.synergy.client.autoStartWhether the Synergy client should be started automatically.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/misc/synergy.nix>
|
services.synergy.client.screenNameUse the given name instead of the hostname to identify ourselves to the server.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/misc/synergy.nix>
|
services.synergy.client.serverAddressThe server address is of the form: [hostname][:port]. The hostname must be the address or hostname of the server. The port overrides the default port, 24800.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/misc/synergy.nix>
|
services.synergy.server.enableWhether to enable the Synergy server (send keyboard and mouse events).
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/synergy.nix>
|
services.synergy.server.addressAddress on which to listen for clients.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/misc/synergy.nix>
|
services.synergy.server.autoStartWhether the Synergy server should be started automatically.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/misc/synergy.nix>
|
services.synergy.server.configFileThe Synergy server configuration file.
Type: path
Default: "/etc/synergy-server.conf"
Declared by:
<nixpkgs/nixos/modules/services/misc/synergy.nix>
|
services.synergy.server.screenNameUse the given name instead of the hostname to identify this screen in the configuration.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/misc/synergy.nix>
|
services.synergy.server.tls.enableWhether TLS encryption should be used.
Using this requires a TLS certificate that can be generated by starting the Synergy GUI once and entering a valid product key.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/synergy.nix>
|
services.synergy.server.tls.certThe TLS certificate to use for encryption.
Type: null or string
Default: null
Example: "~/.synergy/SSL/Synergy.pem"
Declared by:
<nixpkgs/nixos/modules/services/misc/synergy.nix>
|
services.syslog-ng.enableWhether to enable the syslog-ng daemon.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/logging/syslog-ng.nix>
|
services.syslog-ng.packageThe package providing syslog-ng binaries.
Type: package
Default: pkgs.syslogng
Declared by:
<nixpkgs/nixos/modules/services/logging/syslog-ng.nix>
|
services.syslog-ng.configHeaderThe very first lines of the configuration file. Should usually contain the syslog-ng version header.
Type: strings concatenated with "\n"
Default:
'' @version: 3.6 @include "scl.conf" ''
Declared by:
<nixpkgs/nixos/modules/services/logging/syslog-ng.nix>
|
services.syslog-ng.extraConfigConfiguration added to the end of syslog-ng.conf.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/logging/syslog-ng.nix>
|
services.syslog-ng.extraModulePathsA list of paths that should be included in syslog-ng's
--module-path option. They should usually
end in /lib/syslog-ng
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/logging/syslog-ng.nix>
|
services.syslogd.enableWhether to enable syslogd. Note that systemd also logs syslog messages, so you normally don't need to run syslogd.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/logging/syslogd.nix>
|
services.syslogd.enableNetworkInputAccept logging through UDP. Option -r of syslogd(8).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/logging/syslogd.nix>
|
services.syslogd.defaultConfigThe default syslog.conf file configures a
fairly standard setup of log files, which can be extended by
means of extraConfig.
Type: strings concatenated with "\n"
Default:
'' # Send emergency messages to all users. *.emerg * # "local1" is used for dhcpd messages. local1.* -/var/log/dhcpd mail.* -/var/log/mail *.=warning;*.=err -/var/log/warn *.crit /var/log/warn *.*;mail.none;local1.none -/var/log/messages ''
Declared by:
<nixpkgs/nixos/modules/services/logging/syslogd.nix>
|
services.syslogd.extraConfigAdditional text appended to syslog.conf,
i.e. the contents of defaultConfig.
Type: strings concatenated with "\n"
Default: ""
Example: "news.* -/var/log/news"
Declared by:
<nixpkgs/nixos/modules/services/logging/syslogd.nix>
|
services.syslogd.extraParamsAdditional parameters passed to syslogd.
Type: list of string
Default: [ ]
Example:
[ "-m 0" ]
Declared by:
<nixpkgs/nixos/modules/services/logging/syslogd.nix>
|
services.syslogd.ttyThe tty device on which syslogd will print important log messages. Leave this option blank to disable tty logging.
Type: string
Default: "tty10"
Declared by:
<nixpkgs/nixos/modules/services/logging/syslogd.nix>
|
services.sysprof.enableWhether to enable sysprof profiling daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/sysprof.nix>
|
services.sysstat.enableWhether to enable sar system activity collection.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/sysstat.nix>
|
services.sysstat.collect-argsArguments to pass sa1 when collecting statistics
Type: string
Default: "1 1"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/sysstat.nix>
|
services.sysstat.collect-frequencyOnCalendar specification for sysstat-collect
Type: string
Default: "*:00/10"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/sysstat.nix>
|
services.system-config-printer.enableWhether to enable system-config-printer, a service for CUPS administration used by printing interfaces.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/desktops/system-config-printer.nix>
|
services.systembus-notify.enableWhether to enable System bus notification support
WARNING: enabling this option (while convenient) should not be done on a machine where you do not trust the other users as it allows any other local user to DoS your session by spamming notifications. .
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/system/systembus-notify.nix>
|
services.tahoe.introducersThe Tahoe introducers.
Type: attribute set of (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/tahoe.nix>
|
services.tahoe.introducers.<name>.packageThe package to use for the Tahoe LAFS daemon.
Type: package
Default: pkgs.tahoelafs
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/tahoe.nix>
|
services.tahoe.introducers.<name>.nicknameThe nickname of this Tahoe introducer.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/tahoe.nix>
|
services.tahoe.introducers.<name>.tub.locationThe external location that the introducer should listen on.
If specified, the port should be included.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/tahoe.nix>
|
services.tahoe.introducers.<name>.tub.portThe port on which the introducer will listen.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 3458
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/tahoe.nix>
|
services.tahoe.nodesThe Tahoe nodes.
Type: attribute set of (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/tahoe.nix>
|
services.tahoe.nodes.<name>.packageThe package to use for the Tahoe LAFS daemon.
Type: package
Default: pkgs.tahoelafs
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/tahoe.nix>
|
services.tahoe.nodes.<name>.client.helperThe furl for a Tahoe helper node.
Like all furls, keep this safe and don't share it.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/tahoe.nix>
|
services.tahoe.nodes.<name>.client.introducerThe furl for a Tahoe introducer node.
Like all furls, keep this safe and don't share it.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/tahoe.nix>
|
services.tahoe.nodes.<name>.client.shares.happyThe number of distinct storage nodes required to store a file.
Type: signed integer
Default: 7
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/tahoe.nix>
|
services.tahoe.nodes.<name>.client.shares.neededThe number of shares required to reconstitute a file.
Type: signed integer
Default: 3
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/tahoe.nix>
|
services.tahoe.nodes.<name>.client.shares.totalThe number of shares required to store a file.
Type: signed integer
Default: 10
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/tahoe.nix>
|
services.tahoe.nodes.<name>.helper.enableWhether to enable helper service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/tahoe.nix>
|
services.tahoe.nodes.<name>.nicknameThe nickname of this Tahoe node.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/tahoe.nix>
|
services.tahoe.nodes.<name>.sftpd.enableWhether to enable SFTP service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/tahoe.nix>
|
services.tahoe.nodes.<name>.sftpd.accounts.filePath to the accounts file.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/tahoe.nix>
|
services.tahoe.nodes.<name>.sftpd.accounts.urlURL of the accounts server.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/tahoe.nix>
|
services.tahoe.nodes.<name>.sftpd.hostPrivateKeyFilePath to the SSH host private key.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/tahoe.nix>
|
services.tahoe.nodes.<name>.sftpd.hostPublicKeyFilePath to the SSH host public key.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/tahoe.nix>
|
services.tahoe.nodes.<name>.sftpd.portThe port on which the SFTP server will listen.
This is the correct setting to tweak if you want Tahoe's SFTP daemon to listen on a different port.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/tahoe.nix>
|
services.tahoe.nodes.<name>.storage.enableWhether to enable storage service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/tahoe.nix>
|
services.tahoe.nodes.<name>.storage.reservedSpaceThe amount of filesystem space to not use for storage.
Type: string
Default: "1G"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/tahoe.nix>
|
services.tahoe.nodes.<name>.tub.locationThe external location that the node should listen on.
This is the setting to tweak if there are multiple interfaces and you want to alter which interface Tahoe is advertising.
If specified, the port should be included.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/tahoe.nix>
|
services.tahoe.nodes.<name>.tub.portThe port on which the tub will listen.
This is the correct setting to tweak if you want Tahoe's storage system to listen on a different port.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 3457
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/tahoe.nix>
|
services.tahoe.nodes.<name>.web.portThe port on which the Web server will listen.
This is the correct setting to tweak if you want Tahoe's WUI to listen on a different port.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 3456
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/tahoe.nix>
|
services.tailscale.enableWhether to enable Tailscale client daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/tailscale.nix>
|
services.tailscale.packageThe package to use for tailscale
Type: package
Default: pkgs.tailscale
Declared by:
<nixpkgs/nixos/modules/services/networking/tailscale.nix>
|
services.tailscale.interfaceNameThe interface name for tunnel traffic. Use "userspace-networking" (beta) to not use TUN.
Type: string
Default: "tailscale0"
Declared by:
<nixpkgs/nixos/modules/services/networking/tailscale.nix>
|
services.tailscale.permitCertUidUsername or user ID of the user allowed to to fetch Tailscale TLS certificates for the node.
Type: null or non-empty string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/tailscale.nix>
|
services.tailscale.portThe port to listen on for tunnel traffic (0=autoselect).
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 41641
Declared by:
<nixpkgs/nixos/modules/services/networking/tailscale.nix>
|
services.tailscale.useRoutingFeaturesEnables settings required for Tailscale's routing features like subnet routers and exit nodes.
To use these these features, you will still need to call sudo tailscale up with the relevant flags like --advertise-exit-node and --exit-node.
When set to client or both, reverse path filtering will be set to loose instead of strict.
When set to server or both, IP forwarding will be enabled.
Type: one of "none", "client", "server", "both"
Default: "none"
Example: "server"
Declared by:
<nixpkgs/nixos/modules/services/networking/tailscale.nix>
|
services.tandoor-recipes.enableEnable Tandoor Recipes.
When started, the Tandoor Recipes database is automatically created if it doesn't exist and updated if the package has changed. Both tasks are achieved by running a Django migration.
A script to manage the instance (by wrapping Django's manage.py) is linked to
/var/lib/tandoor-recipes/tandoor-recipes-manage.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/tandoor-recipes.nix>
|
services.tandoor-recipes.packageThe Tandoor Recipes package to use.
Type: package
Default: pkgs.tandoor-recipes
Declared by:
<nixpkgs/nixos/modules/services/misc/tandoor-recipes.nix>
|
services.tandoor-recipes.addressWeb interface address.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/misc/tandoor-recipes.nix>
|
services.tandoor-recipes.extraConfigExtra tandoor recipes config options.
See the example dot-env file for available options.
Type: attribute set
Default: { }
Example:
{
ENABLE_SIGNUP = "1";
}Declared by:
<nixpkgs/nixos/modules/services/misc/tandoor-recipes.nix>
|
services.tandoor-recipes.portWeb interface port.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8080
Declared by:
<nixpkgs/nixos/modules/services/misc/tandoor-recipes.nix>
|
services.target.enableWhether to enable the kernel's LIO iscsi target.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/iscsi/target.nix>
|
services.target.configContent of /etc/target/saveconfig.json This file is normally read and written by targetcli
Type: attribute set
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/iscsi/target.nix>
|
services.tarsnap.enableWhether to enable periodic tarsnap backups.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/backup/tarsnap.nix>
|
services.tarsnap.archivesTarsnap archive configurations. Each attribute names an archive
to be created at a given time interval, according to the options
associated with it. When uploading to the tarsnap server,
archive names are suffixed by a 1 second resolution timestamp,
with the format %Y%m%d%H%M%S.
For each member of the set is created a timer which triggers the
instanced tarsnap-archive-name service unit. You may use
systemctl start tarsnap-archive-name to
manually trigger creation of archive-name at
any time.
Type: attribute set of (submodule)
Default: { }
Example:
{
nixos =
{ directories = [ "/home" "/root/ssl" ];
};
gamedata =
{ directories = [ "/var/lib/minecraft" ];
period = "*:30";
};
}
Declared by:
<nixpkgs/nixos/modules/services/backup/tarsnap.nix>
|
services.tarsnap.archives.<name>.aggressiveNetworkingUpload data over multiple TCP connections, potentially increasing tarsnap's bandwidth utilisation at the cost of slowing down all other network traffic. Not recommended unless TCP congestion is the dominant limiting factor.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/backup/tarsnap.nix>
|
services.tarsnap.archives.<name>.cachedirThe cache allows tarsnap to identify previously stored data blocks, reducing archival time and bandwidth usage.
Should the cache become desynchronized or corrupted, tarsnap will refuse to run until you manually rebuild the cache with tarsnap --fsck.
Set to null to disable caching.
Type: null or path
Default:
"/var/cache/tarsnap/${utils.escapeSystemdPath config.services.tarsnap.archives.<name>.keyfile}"
Declared by:
<nixpkgs/nixos/modules/services/backup/tarsnap.nix>
|
services.tarsnap.archives.<name>.checkpointBytesCreate a checkpoint every checkpointBytes
of uploaded data (optionally specified using an SI prefix).
1GB is the minimum value. A higher value is recommended, as checkpointing is expensive.
Set to null to disable checkpointing.
Type: null or string
Default: "1GB"
Declared by:
<nixpkgs/nixos/modules/services/backup/tarsnap.nix>
|
services.tarsnap.archives.<name>.directoriesList of filesystem paths to archive.
Type: list of path
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/backup/tarsnap.nix>
|
services.tarsnap.archives.<name>.excludesExclude files and directories matching these patterns.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/backup/tarsnap.nix>
|
services.tarsnap.archives.<name>.explicitSymlinksWhether to follow symlinks specified as archives.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/backup/tarsnap.nix>
|
services.tarsnap.archives.<name>.followSymlinksWhether to follow all symlinks in archive trees.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/backup/tarsnap.nix>
|
services.tarsnap.archives.<name>.includesInclude only files and directories matching these patterns (the empty list includes everything).
Exclusions have precedence over inclusions.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/backup/tarsnap.nix>
|
services.tarsnap.archives.<name>.keyfileSet a specific keyfile for this archive. This defaults to
"/root/tarsnap.key" if left unspecified.
Use this option if you want to run multiple backups
concurrently - each archive must have a unique key. You can
generate a write-only key derived from your master key (which
is recommended) using tarsnap-keymgmt(1).
Note: every archive must have an individual master key. You
must generate multiple keys with
tarsnap-keygen(1), and then generate write
only keys from those.
The keyfile name should be given as a string and not a path, to avoid the key being copied into the Nix store.
Type: string
Default: config.services.tarsnap.keyfile
Declared by:
<nixpkgs/nixos/modules/services/backup/tarsnap.nix>
|
services.tarsnap.archives.<name>.lowmemReduce memory consumption by not caching small files. Possibly beneficial if the average file size is smaller than 1 MB and the number of files is lower than the total amount of RAM in KB.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/backup/tarsnap.nix>
|
services.tarsnap.archives.<name>.maxbwAbort archival if upstream bandwidth usage in bytes exceeds this threshold.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/backup/tarsnap.nix>
|
services.tarsnap.archives.<name>.maxbwRateDownDownload bandwidth rate limit in bytes.
Type: null or signed integer
Default: null
Example: 50 * 1000
Declared by:
<nixpkgs/nixos/modules/services/backup/tarsnap.nix>
|
services.tarsnap.archives.<name>.maxbwRateUpUpload bandwidth rate limit in bytes.
Type: null or signed integer
Default: null
Example: 25 * 1000
Declared by:
<nixpkgs/nixos/modules/services/backup/tarsnap.nix>
|
services.tarsnap.archives.<name>.nodumpExclude files with the nodump flag.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/backup/tarsnap.nix>
|
services.tarsnap.archives.<name>.periodCreate archive at this interval.
The format is described in systemd.time(7).
Type: string
Default: "01:15"
Example: "hourly"
Declared by:
<nixpkgs/nixos/modules/services/backup/tarsnap.nix>
|
services.tarsnap.archives.<name>.printStatsPrint global archive statistics upon completion. The output is available via systemctl status tarsnap-archive-name.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/backup/tarsnap.nix>
|
services.tarsnap.archives.<name>.verboseWhether to produce verbose logging output.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/backup/tarsnap.nix>
|
services.tarsnap.archives.<name>.verylowmemReduce memory consumption by a factor of 2 beyond what
lowmem does, at the cost of significantly
slowing down the archiving process.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/backup/tarsnap.nix>
|
services.tarsnap.keyfileThe keyfile which associates this machine with your tarsnap account. Create the keyfile with tarsnap-keygen.
Note that each individual archive (specified below) may also have its
own individual keyfile specified. Tarsnap does not allow multiple
concurrent backups with the same cache directory and key (starting a
new backup will cause another one to fail). If you have multiple
archives specified, you should either spread out your backups to be
far apart, or specify a separate key for each archive. By default
every archive defaults to using
"/root/tarsnap.key".
It's recommended for backups that you generate a key for every archive
using tarsnap-keygen(1), and then generate a
write-only tarsnap key using tarsnap-keymgmt(1),
and keep your master key(s) for a particular machine off-site.
The keyfile name should be given as a string and not a path, to avoid the key being copied into the Nix store.
Type: string
Default: "/root/tarsnap.key"
Declared by:
<nixpkgs/nixos/modules/services/backup/tarsnap.nix>
|
services.taskserver.enableWhether to enable the Taskwarrior server.
More instructions about NixOS in conjunction with Taskserver can be found in the NixOS manual.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/taskserver>
|
services.taskserver.allowedClientIDsA list of regular expressions that are matched against the reported
client id (such as task 2.3.0).
The values all or none have
special meaning. Overridden by any entry in the option
services.taskserver.disallowedClientIDs.
Type: string or list of string
Default: [ ]
Example:
[ "[Tt]ask [2-9]+" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/taskserver>
|
services.taskserver.ciphersList of GnuTLS ciphers to use. See the GnuTLS documentation about priority strings at https://gnutls.org/manual/html_node/Priority-Strings.html for full details.
Type: null or strings concatenated with ":"
Default: null
Example: "NORMAL:-VERS-SSL3.0"
Declared by:
<nixpkgs/nixos/modules/services/misc/taskserver>
|
services.taskserver.configConfiguration options to pass to Taskserver.
The options here are the same as described in taskdrc(5), but with one difference:
The server option is
server.listen here, because the
server option would collide with other options
like server.cert and we would run in a type error
(attribute set versus string).
Nix types like integers or booleans are automatically converted to the right values Taskserver would expect.
Type: attribute set
Example:
{
client = {
cert = "/tmp/debugging.cert";
};
}Declared by:
<nixpkgs/nixos/modules/services/misc/taskserver>
|
services.taskserver.confirmationDetermines whether certain commands are confirmed.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/misc/taskserver>
|
services.taskserver.dataDirData directory for Taskserver.
Type: path
Default: "/var/lib/taskserver"
Declared by:
<nixpkgs/nixos/modules/services/misc/taskserver>
|
services.taskserver.debugLogs debugging information.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/taskserver>
|
services.taskserver.disallowedClientIDsA list of regular expressions that are matched against the reported
client id (such as task 2.3.0).
The values all or none have
special meaning. Any entry here overrides those in
services.taskserver.allowedClientIDs.
Type: string or list of string
Default: [ ]
Example:
[ "[Tt]ask [2-9]+" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/taskserver>
|
services.taskserver.extensionsFully qualified path of the Taskserver extension scripts. Currently there are none.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/taskserver>
|
services.taskserver.fqdnThe fully qualified domain name of this server, which is also used as the common name in the certificates.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/misc/taskserver>
|
services.taskserver.groupGroup for Taskserver.
Type: string
Default: "taskd"
Declared by:
<nixpkgs/nixos/modules/services/misc/taskserver>
|
services.taskserver.ipLogLogs the IP addresses of incoming requests.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/taskserver>
|
services.taskserver.listenHostThe address (IPv4, IPv6 or DNS) to listen on.
Type: string
Default: "localhost"
Example: "::"
Declared by:
<nixpkgs/nixos/modules/services/misc/taskserver>
|
services.taskserver.listenPortPort number of the Taskserver.
Type: signed integer
Default: 53589
Declared by:
<nixpkgs/nixos/modules/services/misc/taskserver>
|
services.taskserver.openFirewallWhether to open the firewall for the specified Taskserver port.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/taskserver>
|
services.taskserver.organisationsAn attribute set where the keys name the organisation and the values
are a set of lists of users and
groups.
Type: attribute set of (submodule)
Default: { }
Example:
{
myShinyOrganisation = {
groups = [
"staff"
"outsiders"
];
users = [
"alice"
"bob"
];
};
yetAnotherOrganisation = {
users = [
"foo"
"bar"
];
};
}Declared by:
<nixpkgs/nixos/modules/services/misc/taskserver>
|
services.taskserver.organisations.<name>.groupsA list of group names that belong to the organization.
Type: list of string
Default: [ ]
Example:
[ "workers" "slackers" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/taskserver>
|
services.taskserver.organisations.<name>.usersA list of user names that belong to the organization.
Type: list of string
Default: [ ]
Example:
[ "alice" "bob" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/taskserver>
|
services.taskserver.pki.auto.bitsThe bit size for generated keys.
This option is for the automatically handled CA and will be ignored if any
of the services.taskserver.pki.manual.* options are set.
Type: signed integer
Default: 4096
Example: 2048
Declared by:
<nixpkgs/nixos/modules/services/misc/taskserver>
|
services.taskserver.pki.auto.expiration.caThe expiration time of the CA certificate in days or null for no
expiration time.
This option is for the automatically handled CA and will be ignored if any
of the services.taskserver.pki.manual.* options are set.
Type: null or signed integer
Default: null
Example: 365
Declared by:
<nixpkgs/nixos/modules/services/misc/taskserver>
|
services.taskserver.pki.auto.expiration.clientThe expiration time of client certificates in days or null for no
expiration time.
This option is for the automatically handled CA and will be ignored if any
of the services.taskserver.pki.manual.* options are set.
Type: null or signed integer
Default: null
Example: 365
Declared by:
<nixpkgs/nixos/modules/services/misc/taskserver>
|
services.taskserver.pki.auto.expiration.crlThe expiration time of the certificate revocation list (CRL) in days or null for no
expiration time.
This option is for the automatically handled CA and will be ignored if any
of the services.taskserver.pki.manual.* options are set.
Type: null or signed integer
Default: null
Example: 365
Declared by:
<nixpkgs/nixos/modules/services/misc/taskserver>
|
services.taskserver.pki.auto.expiration.serverThe expiration time of the server certificate in days or null for no
expiration time.
This option is for the automatically handled CA and will be ignored if any
of the services.taskserver.pki.manual.* options are set.
Type: null or signed integer
Default: null
Example: 365
Declared by:
<nixpkgs/nixos/modules/services/misc/taskserver>
|
services.taskserver.pki.manual.ca.certFully qualified path to the CA certificate.
Setting this option will prevent automatic CA creation and handling.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/taskserver>
|
services.taskserver.pki.manual.server.certFully qualified path to the server certificate.
Setting this option will prevent automatic CA creation and handling.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/taskserver>
|
services.taskserver.pki.manual.server.crlFully qualified path to the server certificate revocation list.
Setting this option will prevent automatic CA creation and handling.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/taskserver>
|
services.taskserver.pki.manual.server.keyFully qualified path to the server key.
Setting this option will prevent automatic CA creation and handling.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/misc/taskserver>
|
services.taskserver.queueSizeSize of the connection backlog, see listen(2).
Type: signed integer
Default: 10
Declared by:
<nixpkgs/nixos/modules/services/misc/taskserver>
|
services.taskserver.requestLimitSize limit of incoming requests, in bytes.
Type: signed integer
Default: 1048576
Declared by:
<nixpkgs/nixos/modules/services/misc/taskserver>
|
services.taskserver.trustDetermines how client certificates are validated.
The value allow all performs no client
certificate validation. This is not recommended. The value
strict causes the client certificate to be
validated against a CA.
Type: one of "allow all", "strict"
Default: "strict"
Declared by:
<nixpkgs/nixos/modules/services/misc/taskserver>
|
services.taskserver.userUser for Taskserver.
Type: string
Default: "taskd"
Declared by:
<nixpkgs/nixos/modules/services/misc/taskserver>
|
services.tautulli.enableWhether to enable Tautulli Plex Monitor.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/tautulli.nix>
|
services.tautulli.packageThe Tautulli package to use.
Type: package
Default: pkgs.tautulli
Declared by:
<nixpkgs/nixos/modules/services/misc/tautulli.nix>
|
services.tautulli.configFileThe location of Tautulli's config file.
Type: string
Default: "/var/lib/plexpy/config.ini"
Declared by:
<nixpkgs/nixos/modules/services/misc/tautulli.nix>
|
services.tautulli.dataDirThe directory where Tautulli stores its data files.
Type: string
Default: "/var/lib/plexpy"
Declared by:
<nixpkgs/nixos/modules/services/misc/tautulli.nix>
|
services.tautulli.groupGroup under which Tautulli runs.
Type: string
Default: "nogroup"
Declared by:
<nixpkgs/nixos/modules/services/misc/tautulli.nix>
|
services.tautulli.openFirewallOpen ports in the firewall for Tautulli.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/tautulli.nix>
|
services.tautulli.portTCP port where Tautulli listens.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8181
Declared by:
<nixpkgs/nixos/modules/services/misc/tautulli.nix>
|
services.tautulli.userUser account under which Tautulli runs.
Type: string
Default: "plexpy"
Declared by:
<nixpkgs/nixos/modules/services/misc/tautulli.nix>
|
services.tayga.enableWhether to enable Tayga.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/tayga.nix>
|
services.tayga.packageThis option specifies the TAYGA package to use.
Type: package
Default: pkgs.tayga
Declared by:
<nixpkgs/nixos/modules/services/networking/tayga.nix>
|
services.tayga.dataDirDirectory for persistent data
Type: path
Default: "/var/lib/tayga"
Declared by:
<nixpkgs/nixos/modules/services/networking/tayga.nix>
|
services.tayga.ipv4IPv4-specific configuration.
Type: submodule
Example:
{
address = "192.0.2.0";
router = {
address = "192.0.2.1";
};
pool = {
address = "192.0.2.1";
prefixLength = 24;
};
}
Declared by:
<nixpkgs/nixos/modules/services/networking/tayga.nix>
|
services.tayga.ipv4.addressThe source IPv4 address of the TAYGA server.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/tayga.nix>
|
services.tayga.ipv4.poolThe pool of IPv4 addresses which are used for translation.
Type: null or (submodule)
Declared by:
<nixpkgs/nixos/modules/services/networking/tayga.nix>
|
services.tayga.ipv4.pool.addressIPv4 address.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/tayga.nix>
|
services.tayga.ipv4.pool.prefixLengthSubnet mask of the interface, specified as the number of bits in the prefix ("24").
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/services/networking/tayga.nix>
|
services.tayga.ipv4.router.addressThe IPv4 address of the router.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/tayga.nix>
|
services.tayga.ipv6IPv6-specific configuration.
Type: submodule
Example:
{
address = "2001:db8::1";
router = {
address = "64:ff9b::1";
};
pool = {
address = "64:ff9b::";
prefixLength = 96;
};
}
Declared by:
<nixpkgs/nixos/modules/services/networking/tayga.nix>
|
services.tayga.ipv6.addressThe source IPv6 address of the TAYGA server.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/tayga.nix>
|
services.tayga.ipv6.poolThe pool of IPv6 addresses which are used for translation.
Type: null or (submodule)
Declared by:
<nixpkgs/nixos/modules/services/networking/tayga.nix>
|
services.tayga.ipv6.pool.addressIPv6 address.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/tayga.nix>
|
services.tayga.ipv6.pool.prefixLengthSubnet mask of the interface, specified as the number of bits in the prefix ("64").
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/services/networking/tayga.nix>
|
services.tayga.ipv6.router.addressThe IPv6 address of the router.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/tayga.nix>
|
services.tayga.tunDeviceName of the nat64 tun device
Type: string
Default: "nat64"
Declared by:
<nixpkgs/nixos/modules/services/networking/tayga.nix>
|
services.tcsd.enableWhether to enable tcsd, a Trusted Computing management service that provides TCG Software Stack (TSS). The tcsd daemon is the only portal to the Trusted Platform Module (TPM), a hardware chip on the motherboard.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/hardware/tcsd.nix>
|
services.tcsd.conformanceCredPath to the conformance credential for your TPM. See also the platformCred option
Type: path
Default: "${config.services.tcsd.stateDir}/conformance.cert"
Declared by:
<nixpkgs/nixos/modules/services/hardware/tcsd.nix>
|
services.tcsd.endorsementCredPath to the endorsement credential for your TPM. See also the platformCred option
Type: path
Default: "${config.services.tcsd.stateDir}/endorsement.cert"
Declared by:
<nixpkgs/nixos/modules/services/hardware/tcsd.nix>
|
services.tcsd.firmwarePCRsPCR indices used in the TPM for firmware measurements.
Type: string
Default: "0,1,2,3,4,5,6,7"
Declared by:
<nixpkgs/nixos/modules/services/hardware/tcsd.nix>
|
services.tcsd.groupGroup account under which tcsd runs.
Type: string
Default: "tss"
Declared by:
<nixpkgs/nixos/modules/services/hardware/tcsd.nix>
|
services.tcsd.kernelPCRsPCR indices used in the TPM for kernel measurements.
Type: string
Default: "8,9,10,11,12"
Declared by:
<nixpkgs/nixos/modules/services/hardware/tcsd.nix>
|
services.tcsd.platformCredPath to the platform credential for your TPM. Your TPM manufacturer may have provided you with a set of credentials (certificates) that should be used when creating identities using your TPM. When a user of your TPM makes an identity, this credential will be encrypted as part of that process. See the 1.1b TPM Main specification section 9.3 for information on this process.
Type: path
Default: "${config.services.tcsd.stateDir}/platform.cert"
Declared by:
<nixpkgs/nixos/modules/services/hardware/tcsd.nix>
|
services.tcsd.stateDirThe location of the system persistent storage file. The system persistent storage file holds keys and data across restarts of the TCSD and system reboots.
Type: path
Default: "/var/lib/tpm"
Declared by:
<nixpkgs/nixos/modules/services/hardware/tcsd.nix>
|
services.tcsd.userUser account under which tcsd runs.
Type: string
Default: "tss"
Declared by:
<nixpkgs/nixos/modules/services/hardware/tcsd.nix>
|
services.teamspeak3.enableWhether to run the Teamspeak3 voice communication server daemon.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/teamspeak3.nix>
|
services.teamspeak3.dataDirDirectory to store TS3 database and other state/data files.
Type: path
Default: "/var/lib/teamspeak3-server"
Declared by:
<nixpkgs/nixos/modules/services/networking/teamspeak3.nix>
|
services.teamspeak3.defaultVoicePortDefault UDP port for clients to connect to virtual servers - used for first virtual server, subsequent ones will open on incrementing port numbers by default.
Type: signed integer
Default: 9987
Declared by:
<nixpkgs/nixos/modules/services/networking/teamspeak3.nix>
|
services.teamspeak3.fileTransferIPIP on which the server instance will listen for incoming file transfer connections. Defaults to any IP.
Type: null or string
Default: null
Example: "[::]"
Declared by:
<nixpkgs/nixos/modules/services/networking/teamspeak3.nix>
|
services.teamspeak3.fileTransferPortTCP port opened for file transfers.
Type: signed integer
Default: 30033
Declared by:
<nixpkgs/nixos/modules/services/networking/teamspeak3.nix>
|
services.teamspeak3.logPathDirectory to store log files in.
Type: path
Default: "/var/log/teamspeak3-server/"
Declared by:
<nixpkgs/nixos/modules/services/networking/teamspeak3.nix>
|
services.teamspeak3.openFirewallOpen ports in the firewall for the TeamSpeak3 server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/teamspeak3.nix>
|
services.teamspeak3.openFirewallServerQueryOpen ports in the firewall for the TeamSpeak3 serverquery (administration) system. Requires openFirewall.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/teamspeak3.nix>
|
services.teamspeak3.queryIPIP on which the server instance will listen for incoming ServerQuery connections. Defaults to any IP.
Type: null or string
Default: null
Example: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/networking/teamspeak3.nix>
|
services.teamspeak3.queryPortTCP port opened for ServerQuery connections.
Type: signed integer
Default: 10011
Declared by:
<nixpkgs/nixos/modules/services/networking/teamspeak3.nix>
|
services.teamspeak3.voiceIPIP on which the server instance will listen for incoming voice connections. Defaults to any IP.
Type: null or string
Default: null
Example: "[::]"
Declared by:
<nixpkgs/nixos/modules/services/networking/teamspeak3.nix>
|
services.teamviewer.enableWhether to enable TeamViewer daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/teamviewer.nix>
|
services.tedicross.enableWhether to enable the TediCross Telegram-Discord bridge service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/tedicross.nix>
|
services.tedicross.configsettings.yaml configuration as a Nix attribute set.
Secret tokens should be specified using environmentFile
instead of this world-readable file.
Type: attribute set
Example:
{
telegram = {
useFirstNameInsteadOfUsername = false;
colonAfterSenderName = false;
skipOldMessages = true;
sendEmojiWithStickers = true;
};
discord = {
useNickname = false;
skipOldMessages = true;
displayTelegramReplies = "embed";
replyLength = 100;
};
bridges = [
{
name = "Default bridge";
direction = "both";
telegram = {
chatId = -123456789;
relayJoinMessages = true;
relayLeaveMessages = true;
sendUsernames = true;
ignoreCommands = true;
};
discord = {
serverId = "DISCORD_SERVER_ID";
channelId = "DISCORD_CHANNEL_ID";
relayJoinMessages = true;
relayLeaveMessages = true;
sendUsernames = true;
crossDeleteOnTelegram = true;
};
}
];
debug = false;
}
Declared by:
<nixpkgs/nixos/modules/services/networking/tedicross.nix>
|
services.tedicross.environmentFileFile containing environment variables to be passed to the TediCross service,
in which secret tokens can be specified securely using the
TELEGRAM_BOT_TOKEN and DISCORD_BOT_TOKEN
keys.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/tedicross.nix>
|
services.teeworlds.enableWhether to enable Teeworlds Server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/games/teeworlds.nix>
|
services.teeworlds.extraOptionsExtra configuration lines for the teeworlds.cfg. See Teeworlds Documentation.
Type: list of string
Default: [ ]
Example:
[ "sv_map dm1" "sv_gametype dm" ]
Declared by:
<nixpkgs/nixos/modules/services/games/teeworlds.nix>
|
services.teeworlds.motdSet the server message of the day text.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/games/teeworlds.nix>
|
services.teeworlds.nameName of the server. Defaults to 'unnamed server'.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/games/teeworlds.nix>
|
services.teeworlds.openPortsWhether to open firewall ports for Teeworlds
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/games/teeworlds.nix>
|
services.teeworlds.passwordPassword to connect to the server.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/games/teeworlds.nix>
|
services.teeworlds.portPort the server will listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8303
Declared by:
<nixpkgs/nixos/modules/services/games/teeworlds.nix>
|
services.teeworlds.rconPasswordPassword to access the remote console. If not set, a randomly generated one is displayed in the server log.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/games/teeworlds.nix>
|
services.teeworlds.registerWhether the server registers as public server in the global server list. This is disabled by default because of privacy.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/games/teeworlds.nix>
|
services.telegraf.enableWhether to enable telegraf server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/telegraf.nix>
|
services.telegraf.packageWhich telegraf derivation to use
Type: package
Default: pkgs.telegraf
Declared by:
<nixpkgs/nixos/modules/services/monitoring/telegraf.nix>
|
services.telegraf.environmentFilesFile to load as environment file. Environment variables from this file
will be interpolated into the config file using envsubst with this
syntax: $ENVIRONMENT or ${VARIABLE}.
This is useful to avoid putting secrets into the nix store.
Type: list of path
Default: [ ]
Example:
[ "/run/keys/telegraf.env" ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/telegraf.nix>
|
services.telegraf.extraConfigExtra configuration options for telegraf
Type: TOML value
Default: { }
Example:
{
inputs = {
statsd = {
delete_timings = true;
service_address = ":8125";
};
};
outputs = {
influxdb = {
database = "telegraf";
urls = [
"http://localhost:8086"
];
};
};
}Declared by:
<nixpkgs/nixos/modules/services/monitoring/telegraf.nix>
|
services.telepathy.enableWhether to enable Telepathy service, a communications framework that enables real-time communication via pluggable protocol backends.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/desktops/telepathy.nix>
|
services.teleport.enableWhether to enable the Teleport service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/teleport.nix>
|
services.teleport.diag.enableWhether to enable endpoints for monitoring purposes.
See https://goteleport.com/docs/setup/admin/troubleshooting/#troubleshooting/ .
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/teleport.nix>
|
services.teleport.diag.addrMetrics and diagnostics address.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/teleport.nix>
|
services.teleport.diag.portMetrics and diagnostics port.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 3000
Declared by:
<nixpkgs/nixos/modules/services/networking/teleport.nix>
|
services.teleport.insecure.enableWhether to enable starting teleport in insecure mode.
This is dangerous! Sensitive information will be logged to console and certificates will not be verified. Proceed with caution!
Teleport starts with disabled certificate validation on Proxy Service, validation still occurs on Auth Service .
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/teleport.nix>
|
services.teleport.settingsContents of the teleport.yaml config file.
The --config arguments will only be passed if this set is not empty.
See https://goteleport.com/docs/setup/reference/config/.
Type: YAML value
Default: { }
Example:
{
teleport = {
nodename = "client";
advertise_ip = "192.168.1.2";
auth_token = "60bdc117-8ff4-478d-95e4-9914597847eb";
auth_servers = [ "192.168.1.1:3025" ];
log.severity = "DEBUG";
};
ssh_service = {
enabled = true;
labels = {
role = "client";
};
};
proxy_service.enabled = false;
auth_service.enabled = false;
}
Declared by:
<nixpkgs/nixos/modules/services/networking/teleport.nix>
|
services.tempo.enableWhether to enable Grafana Tempo.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/tracing/tempo.nix>
|
services.tempo.configFileSpecify a path to a configuration file that Tempo should use.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/tracing/tempo.nix>
|
services.tempo.settingsSpecify the configuration for Tempo in Nix.
See https://grafana.com/docs/tempo/latest/configuration/ for available options.
Type: YAML value
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/tracing/tempo.nix>
|
services.terraria.enableIf enabled, starts a Terraria server. The server can be connected to via tmux -S ${config.services.terraria.dataDir}/terraria.sock attach
for administration by users who are a part of the terraria group (use C-b d shortcut to detach again).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/games/terraria.nix>
|
services.terraria.autoCreatedWorldSizeSpecifies the size of the auto-created world if worldPath does not
point to an existing world.
Type: one of "small", "medium", "large"
Default: "medium"
Declared by:
<nixpkgs/nixos/modules/services/games/terraria.nix>
|
services.terraria.banListPathThe path to the ban list.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/games/terraria.nix>
|
services.terraria.dataDirPath to variable state data directory for terraria.
Type: string
Default: "/var/lib/terraria"
Example: "/srv/terraria"
Declared by:
<nixpkgs/nixos/modules/services/games/terraria.nix>
|
services.terraria.maxPlayersSets the max number of players (between 1 and 255).
Type: 8 bit unsigned integer; between 0 and 255 (both inclusive)
Default: 255
Declared by:
<nixpkgs/nixos/modules/services/games/terraria.nix>
|
services.terraria.messageOfTheDaySet the server message of the day text.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/games/terraria.nix>
|
services.terraria.noUPnPDisables automatic Universal Plug and Play.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/games/terraria.nix>
|
services.terraria.openFirewallWhether to open ports in the firewall
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/games/terraria.nix>
|
services.terraria.passwordSets the server password. Leave null for no password.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/games/terraria.nix>
|
services.terraria.portSpecifies the port to listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 7777
Declared by:
<nixpkgs/nixos/modules/services/games/terraria.nix>
|
services.terraria.secureAdds additional cheat protection to the server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/games/terraria.nix>
|
services.terraria.worldPathThe path to the world file (.wld) which should be loaded.
If no world exists at this path, one will be created with the size
specified by autoCreatedWorldSize.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/games/terraria.nix>
|
services.tetrd.enableWhether to enable tetrd.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/tetrd.nix>
|
services.tftpd.enableWhether to enable tftpd, a Trivial File Transfer Protocol server. The server will be run as an xinetd service.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/tftpd.nix>
|
services.tftpd.pathWhere the tftp server files are stored.
Type: path
Default: "/srv/tftp"
Declared by:
<nixpkgs/nixos/modules/services/networking/tftpd.nix>
|
services.thanos.packageThe thanos package that should be used.
Type: package
Default: pkgs.thanos
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.compact.enableWhether to enable the Thanos compactor which continuously compacts blocks in an object store bucket.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.compact.argumentsArguments to the thanos compact command.
Defaults to a list of arguments formed by converting the structured
options of services.thanos.compact to a list of arguments.
Overriding this option will cause none of the structured options to have any effect. So only set this if you know what you're doing!
Type: list of string
Default: calculated from config.services.thanos.compact
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.compact.block-sync-concurrencyNumber of goroutines to use when syncing block metadata from object storage.
Defaults to 20 in Thanos
when set to null.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.compact.compact.concurrencyNumber of goroutines to use when compacting groups.
Defaults to 1 in Thanos
when set to null.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.compact.consistency-delayMinimum age of fresh (non-compacted) blocks before they are being processed. Malformed blocks older than the maximum of consistency-delay and 30m0s will be removed.
Defaults to 30m in Thanos
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.compact.downsampling.disableDisables downsampling.
This is not recommended as querying long time ranges without non-downsampled data is not efficient and useful e.g it is not possible to render all samples for a human eye anyway
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.compact.http-addressListen host:port for HTTP endpoints.
Defaults to 0.0.0.0:10902 in Thanos
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.compact.log.formatLog format to use.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.compact.log.levelLog filtering level.
Defaults to info in Thanos
when set to null.
Type: null or one of "debug", "info", "warn", "error", "fatal"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.compact.objstore.configObject store configuration.
When not null the attribute set gets converted to
a YAML file and stored in the Nix store. The option
objstore.config-file will default to its path.
If objstore.config-file is set this option has no effect.
See format details: https://thanos.io/storage.md/#configuration
Type: null or (attribute set)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.compact.objstore.config-filePath to YAML file that contains object store configuration.
See format details: https://thanos.io/storage.md/#configuration
Type: null or string
Default:
if config.services.thanos.<cmd>.objstore.config == null then null else toString (toYAML "objstore.yaml" config.services.thanos.<cmd>.objstore.config);
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.compact.retention.resolution-1hHow long to retain samples of resolution 2 (1 hour) in bucket.
0d - disables this retention
Defaults to 0d in Thanos
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.compact.retention.resolution-5mHow long to retain samples of resolution 1 (5 minutes) in bucket.
0d - disables this retention
Defaults to 0d in Thanos
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.compact.retention.resolution-rawHow long to retain raw samples in bucket.
0d - disables this retention
Defaults to 0d in Thanos
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.compact.startAtWhen this option is set to a systemd.time
specification the Thanos compactor will run at the specified period.
When this option is null the Thanos compactor service
will run continuously. So it will not exit after all compactions have
been processed but wait for new work.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.compact.stateDirData directory relative to /var/lib
in which to cache blocks and process compactions.
Type: string
Default: "thanos-compact"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.compact.tracing.configTracing configuration.
When not null the attribute set gets converted to
a YAML file and stored in the Nix store. The option
tracing.config-file will default to its path.
If tracing.config-file is set this option has no effect.
See format details: https://thanos.io/tracing.md/#configuration
Type: null or (attribute set)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.compact.tracing.config-filePath to YAML file that contains tracing configuration.
See format details: https://thanos.io/tracing.md/#configuration
Type: null or string
Default:
if config.services.thanos.<cmd>.tracing.config == null then null else toString (toYAML "tracing.yaml" config.services.thanos.<cmd>.tracing.config);
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.downsample.enableWhether to enable the Thanos downsampler which continuously downsamples blocks in an object store bucket.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.downsample.argumentsArguments to the thanos downsample command.
Defaults to a list of arguments formed by converting the structured
options of services.thanos.downsample to a list of arguments.
Overriding this option will cause none of the structured options to have any effect. So only set this if you know what you're doing!
Type: list of string
Default: calculated from config.services.thanos.downsample
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.downsample.log.formatLog format to use.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.downsample.log.levelLog filtering level.
Defaults to info in Thanos
when set to null.
Type: null or one of "debug", "info", "warn", "error", "fatal"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.downsample.objstore.configObject store configuration.
When not null the attribute set gets converted to
a YAML file and stored in the Nix store. The option
objstore.config-file will default to its path.
If objstore.config-file is set this option has no effect.
See format details: https://thanos.io/storage.md/#configuration
Type: null or (attribute set)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.downsample.objstore.config-filePath to YAML file that contains object store configuration.
See format details: https://thanos.io/storage.md/#configuration
Type: null or string
Default:
if config.services.thanos.<cmd>.objstore.config == null then null else toString (toYAML "objstore.yaml" config.services.thanos.<cmd>.objstore.config);
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.downsample.stateDirData directory relative to /var/lib
in which to cache blocks and process downsamplings.
Type: string
Default: "thanos-downsample"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.downsample.tracing.configTracing configuration.
When not null the attribute set gets converted to
a YAML file and stored in the Nix store. The option
tracing.config-file will default to its path.
If tracing.config-file is set this option has no effect.
See format details: https://thanos.io/tracing.md/#configuration
Type: null or (attribute set)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.downsample.tracing.config-filePath to YAML file that contains tracing configuration.
See format details: https://thanos.io/tracing.md/#configuration
Type: null or string
Default:
if config.services.thanos.<cmd>.tracing.config == null then null else toString (toYAML "tracing.yaml" config.services.thanos.<cmd>.tracing.config);
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.query.enableWhether to enable the Thanos query node exposing PromQL enabled Query API with data retrieved from multiple store nodes.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.query.argumentsArguments to the thanos query command.
Defaults to a list of arguments formed by converting the structured
options of services.thanos.query to a list of arguments.
Overriding this option will cause none of the structured options to have any effect. So only set this if you know what you're doing!
Type: list of string
Default: calculated from config.services.thanos.query
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.query.grpc-addressListen ip:port address for gRPC endpoints (StoreAPI).
Make sure this address is routable from other components.
Defaults to 0.0.0.0:10901 in Thanos
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.query.grpc-client-server-nameServer name to verify the hostname on the returned gRPC certificates. See https://tools.ietf.org/html/rfc4366#section-3.1
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.query.grpc-client-tls-caTLS CA Certificates to use to verify gRPC servers
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.query.grpc-client-tls-certTLS Certificates to use to identify this client to the server
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.query.grpc-client-tls-keyTLS Key for the client's certificate
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.query.grpc-client-tls-secureUse TLS when talking to the gRPC server
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.query.grpc-server-tls-certTLS Certificate for gRPC server, leave blank to disable TLS
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.query.grpc-server-tls-client-caTLS CA to verify clients against.
If no client CA is specified, there is no client verification on server side. (tls.NoClientCert)
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.query.grpc-server-tls-keyTLS Key for the gRPC server, leave blank to disable TLS
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.query.http-addressListen host:port for HTTP endpoints.
Defaults to 0.0.0.0:10902 in Thanos
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.query.log.formatLog format to use.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.query.log.levelLog filtering level.
Defaults to info in Thanos
when set to null.
Type: null or one of "debug", "info", "warn", "error", "fatal"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.query.query.auto-downsamplingEnable automatic adjustment (step / 5) to what source of data should
be used in store gateways if no
max_source_resolution param is specified.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.query.query.default-evaluation-intervalSet default evaluation interval for sub queries.
Defaults to 1m in Thanos
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.query.query.max-concurrentMaximum number of queries processed concurrently by query node.
Defaults to 20 in Thanos
when set to null.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.query.query.partial-responseEnable partial response for queries if no
partial_response param is specified.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.query.query.replica-labelLabel to treat as a replica indicator along which data is deduplicated.
Still you will be able to query without deduplication using
dedup=false parameter.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.query.query.timeoutMaximum time to process query by query node.
Defaults to 2m in Thanos
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.query.selector-labelsQuery selector labels that will be exposed in info endpoint.
Type: attribute set of string
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.query.store.addressesAddresses of statically configured store API servers.
The scheme may be prefixed with dns+ or
dnssrv+ to detect store API servers through
respective DNS lookups.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.query.store.response-timeoutIf a Store doesn't send any data in this specified duration then a
Store will be ignored and partial data will be returned if it's
enabled. 0 disables timeout.
Defaults to 0ms in Thanos
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.query.store.sd-dns-intervalInterval between DNS resolutions.
Defaults to 30s in Thanos
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.query.store.sd-filesPath to files that contain addresses of store API servers. The path can be a glob pattern.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.query.store.sd-intervalRefresh interval to re-read file SD files. It is used as a resync fallback.
Defaults to 5m in Thanos
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.query.store.unhealthy-timeoutTimeout before an unhealthy store is cleaned from the store UI page.
Defaults to 5m in Thanos
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.query.tracing.configTracing configuration.
When not null the attribute set gets converted to
a YAML file and stored in the Nix store. The option
tracing.config-file will default to its path.
If tracing.config-file is set this option has no effect.
See format details: https://thanos.io/tracing.md/#configuration
Type: null or (attribute set)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.query.tracing.config-filePath to YAML file that contains tracing configuration.
See format details: https://thanos.io/tracing.md/#configuration
Type: null or string
Default:
if config.services.thanos.<cmd>.tracing.config == null then null else toString (toYAML "tracing.yaml" config.services.thanos.<cmd>.tracing.config);
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.query.web.external-prefixStatic prefix for all HTML links and redirect URLs in the UI query web interface.
Actual endpoints are still served on / or the
web.route-prefix. This allows thanos UI to be served
behind a reverse proxy that strips a URL sub-path.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.query.web.prefix-headerName of HTTP request header used for dynamic prefixing of UI links and redirects.
This option is ignored if the option
web.external-prefix is set.
Security risk: enable this option only if a reverse proxy in front of thanos is resetting the header.
The setting web.prefix-header="X-Forwarded-Prefix"
can be useful, for example, if Thanos UI is served via Traefik reverse
proxy with PathPrefixStrip option enabled, which
sends the stripped prefix value in X-Forwarded-Prefix
header. This allows thanos UI to be served on a sub-path.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.query.web.route-prefixPrefix for API and UI endpoints.
This allows thanos UI to be served on a sub-path. This option is
analogous to web.route-prefix of Promethus.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.receive.enableWhether to enable the Thanos receiver which accept Prometheus remote write API requests and write to local tsdb (EXPERIMENTAL, this may change drastically without notice).
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.receive.argumentsArguments to the thanos receive command.
Defaults to a list of arguments formed by converting the structured
options of services.thanos.receive to a list of arguments.
Overriding this option will cause none of the structured options to have any effect. So only set this if you know what you're doing!
Type: list of string
Default: calculated from config.services.thanos.receive
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.receive.grpc-addressListen ip:port address for gRPC endpoints (StoreAPI).
Make sure this address is routable from other components.
Defaults to 0.0.0.0:10901 in Thanos
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.receive.grpc-server-tls-certTLS Certificate for gRPC server, leave blank to disable TLS
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.receive.grpc-server-tls-client-caTLS CA to verify clients against.
If no client CA is specified, there is no client verification on server side. (tls.NoClientCert)
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.receive.grpc-server-tls-keyTLS Key for the gRPC server, leave blank to disable TLS
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.receive.http-addressListen host:port for HTTP endpoints.
Defaults to 0.0.0.0:10902 in Thanos
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.receive.labelsExternal labels to announce.
This flag will be removed in the future when handling multiple tsdb instances is added.
Type: attribute set of string
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.receive.log.formatLog format to use.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.receive.log.levelLog filtering level.
Defaults to info in Thanos
when set to null.
Type: null or one of "debug", "info", "warn", "error", "fatal"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.receive.objstore.configObject store configuration.
When not null the attribute set gets converted to
a YAML file and stored in the Nix store. The option
objstore.config-file will default to its path.
If objstore.config-file is set this option has no effect.
See format details: https://thanos.io/storage.md/#configuration
Type: null or (attribute set)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.receive.objstore.config-filePath to YAML file that contains object store configuration.
See format details: https://thanos.io/storage.md/#configuration
Type: null or string
Default:
if config.services.thanos.<cmd>.objstore.config == null then null else toString (toYAML "objstore.yaml" config.services.thanos.<cmd>.objstore.config);
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.receive.remote-write.addressAddress to listen on for remote write requests.
Defaults to 0.0.0.0:19291 in Thanos
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.receive.stateDirData directory relative to /var/lib of TSDB.
Type: string
Default: "thanos-receive"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.receive.tracing.configTracing configuration.
When not null the attribute set gets converted to
a YAML file and stored in the Nix store. The option
tracing.config-file will default to its path.
If tracing.config-file is set this option has no effect.
See format details: https://thanos.io/tracing.md/#configuration
Type: null or (attribute set)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.receive.tracing.config-filePath to YAML file that contains tracing configuration.
See format details: https://thanos.io/tracing.md/#configuration
Type: null or string
Default:
if config.services.thanos.<cmd>.tracing.config == null then null else toString (toYAML "tracing.yaml" config.services.thanos.<cmd>.tracing.config);
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.receive.tsdb.retentionHow long to retain raw samples on local storage.
0d - disables this retention
Defaults to 15d in Thanos
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.rule.enableWhether to enable the Thanos ruler service which evaluates Prometheus rules against given Query nodes, exposing Store API and storing old blocks in bucket.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.rule.alert.label-dropLabels by name to drop before sending to alertmanager.
This allows alert to be deduplicated on replica label.
Similar Prometheus alert relabelling
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.rule.alert.query-urlThe external Thanos Query URL that would be set in all alerts 'Source' field.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.rule.alertmanagers.send-timeoutTimeout for sending alerts to alertmanager.
Defaults to 10s in Thanos
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.rule.alertmanagers.urlsAlertmanager replica URLs to push firing alerts.
Ruler claims success if push to at least one alertmanager from
discovered succeeds. The scheme may be prefixed with
dns+ or dnssrv+ to detect
Alertmanager IPs through respective DNS lookups. The port defaults to
9093 or the SRV record's value. The URL path is
used as a prefix for the regular Alertmanager API path.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.rule.argumentsArguments to the thanos rule command.
Defaults to a list of arguments formed by converting the structured
options of services.thanos.rule to a list of arguments.
Overriding this option will cause none of the structured options to have any effect. So only set this if you know what you're doing!
Type: list of string
Default: calculated from config.services.thanos.rule
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.rule.eval-intervalThe default evaluation interval to use.
Defaults to 30s in Thanos
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.rule.grpc-addressListen ip:port address for gRPC endpoints (StoreAPI).
Make sure this address is routable from other components.
Defaults to 0.0.0.0:10901 in Thanos
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.rule.grpc-server-tls-certTLS Certificate for gRPC server, leave blank to disable TLS
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.rule.grpc-server-tls-client-caTLS CA to verify clients against.
If no client CA is specified, there is no client verification on server side. (tls.NoClientCert)
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.rule.grpc-server-tls-keyTLS Key for the gRPC server, leave blank to disable TLS
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.rule.http-addressListen host:port for HTTP endpoints.
Defaults to 0.0.0.0:10902 in Thanos
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.rule.labelsLabels to be applied to all generated metrics.
Similar to external labels for Prometheus, used to identify ruler and its blocks as unique source.
Type: attribute set of string
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.rule.log.formatLog format to use.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.rule.log.levelLog filtering level.
Defaults to info in Thanos
when set to null.
Type: null or one of "debug", "info", "warn", "error", "fatal"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.rule.objstore.configObject store configuration.
When not null the attribute set gets converted to
a YAML file and stored in the Nix store. The option
objstore.config-file will default to its path.
If objstore.config-file is set this option has no effect.
See format details: https://thanos.io/storage.md/#configuration
Type: null or (attribute set)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.rule.objstore.config-filePath to YAML file that contains object store configuration.
See format details: https://thanos.io/storage.md/#configuration
Type: null or string
Default:
if config.services.thanos.<cmd>.objstore.config == null then null else toString (toYAML "objstore.yaml" config.services.thanos.<cmd>.objstore.config);
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.rule.query.addressesAddresses of statically configured query API servers.
The scheme may be prefixed with dns+ or
dnssrv+ to detect query API servers through
respective DNS lookups.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.rule.query.sd-dns-intervalInterval between DNS resolutions.
Defaults to 30s in Thanos
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.rule.query.sd-filesPath to file that contain addresses of query peers. The path can be a glob pattern.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.rule.query.sd-intervalRefresh interval to re-read file SD files. (used as a fallback)
Defaults to 5m in Thanos
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.rule.rule-filesRule files that should be used by rule manager. Can be in glob format.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.rule.stateDirData directory relative to /var/lib.
Type: string
Default: "thanos-rule"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.rule.tracing.configTracing configuration.
When not null the attribute set gets converted to
a YAML file and stored in the Nix store. The option
tracing.config-file will default to its path.
If tracing.config-file is set this option has no effect.
See format details: https://thanos.io/tracing.md/#configuration
Type: null or (attribute set)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.rule.tracing.config-filePath to YAML file that contains tracing configuration.
See format details: https://thanos.io/tracing.md/#configuration
Type: null or string
Default:
if config.services.thanos.<cmd>.tracing.config == null then null else toString (toYAML "tracing.yaml" config.services.thanos.<cmd>.tracing.config);
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.rule.tsdb.block-durationBlock duration for TSDB block.
Defaults to 2h in Thanos
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.rule.tsdb.retentionBlock retention time on local disk.
Defaults to 48h in Thanos
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.rule.web.external-prefixStatic prefix for all HTML links and redirect URLs in the UI query web interface.
Actual endpoints are still served on / or the
web.route-prefix. This allows thanos UI to be served
behind a reverse proxy that strips a URL sub-path.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.rule.web.prefix-headerName of HTTP request header used for dynamic prefixing of UI links and redirects.
This option is ignored if the option
web.external-prefix is set.
Security risk: enable this option only if a reverse proxy in front of thanos is resetting the header.
The header X-Forwarded-Prefix can be useful, for
example, if Thanos UI is served via Traefik reverse proxy with
PathPrefixStrip option enabled, which sends the
stripped prefix value in X-Forwarded-Prefix
header. This allows thanos UI to be served on a sub-path.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.rule.web.route-prefixPrefix for API and UI endpoints.
This allows thanos UI to be served on a sub-path.
This option is analogous to --web.route-prefix of Promethus.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.sidecar.enableWhether to enable the Thanos sidecar for Prometheus server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.sidecar.argumentsArguments to the thanos sidecar command.
Defaults to a list of arguments formed by converting the structured
options of services.thanos.sidecar to a list of arguments.
Overriding this option will cause none of the structured options to have any effect. So only set this if you know what you're doing!
Type: list of string
Default: calculated from config.services.thanos.sidecar
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.sidecar.grpc-addressListen ip:port address for gRPC endpoints (StoreAPI).
Make sure this address is routable from other components.
Defaults to 0.0.0.0:10901 in Thanos
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.sidecar.grpc-server-tls-certTLS Certificate for gRPC server, leave blank to disable TLS
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.sidecar.grpc-server-tls-client-caTLS CA to verify clients against.
If no client CA is specified, there is no client verification on server side. (tls.NoClientCert)
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.sidecar.grpc-server-tls-keyTLS Key for the gRPC server, leave blank to disable TLS
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.sidecar.http-addressListen host:port for HTTP endpoints.
Defaults to 0.0.0.0:10902 in Thanos
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.sidecar.log.formatLog format to use.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.sidecar.log.levelLog filtering level.
Defaults to info in Thanos
when set to null.
Type: null or one of "debug", "info", "warn", "error", "fatal"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.sidecar.objstore.configObject store configuration.
When not null the attribute set gets converted to
a YAML file and stored in the Nix store. The option
objstore.config-file will default to its path.
If objstore.config-file is set this option has no effect.
See format details: https://thanos.io/storage.md/#configuration
Type: null or (attribute set)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.sidecar.objstore.config-filePath to YAML file that contains object store configuration.
See format details: https://thanos.io/storage.md/#configuration
Type: null or string
Default:
if config.services.thanos.<cmd>.objstore.config == null then null else toString (toYAML "objstore.yaml" config.services.thanos.<cmd>.objstore.config);
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.sidecar.prometheus.urlURL at which to reach Prometheus's API.
For better performance use local network.
Defaults to http://localhost:9090 in Thanos
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.sidecar.reloader.config-envsubst-fileOutput file for environment variable substituted config file.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.sidecar.reloader.config-fileConfig file watched by the reloader.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.sidecar.reloader.rule-dirsRule directories for the reloader to refresh.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.sidecar.tracing.configTracing configuration.
When not null the attribute set gets converted to
a YAML file and stored in the Nix store. The option
tracing.config-file will default to its path.
If tracing.config-file is set this option has no effect.
See format details: https://thanos.io/tracing.md/#configuration
Type: null or (attribute set)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.sidecar.tracing.config-filePath to YAML file that contains tracing configuration.
See format details: https://thanos.io/tracing.md/#configuration
Type: null or string
Default:
if config.services.thanos.<cmd>.tracing.config == null then null else toString (toYAML "tracing.yaml" config.services.thanos.<cmd>.tracing.config);
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.sidecar.tsdb.pathData directory of TSDB.
Type: string
Default: "/var/lib/${config.services.prometheus.stateDir}/data"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.store.enableWhether to enable the Thanos store node giving access to blocks in a bucket provider..
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.store.argumentsArguments to the thanos store command.
Defaults to a list of arguments formed by converting the structured
options of services.thanos.store to a list of arguments.
Overriding this option will cause none of the structured options to have any effect. So only set this if you know what you're doing!
Type: list of string
Default: calculated from config.services.thanos.store
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.store.block-sync-concurrencyNumber of goroutines to use when syncing blocks from object storage.
Defaults to 20 in Thanos
when set to null.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.store.chunk-pool-sizeMaximum size of concurrently allocatable bytes for chunks.
Defaults to 2GB in Thanos
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.store.grpc-addressListen ip:port address for gRPC endpoints (StoreAPI).
Make sure this address is routable from other components.
Defaults to 0.0.0.0:10901 in Thanos
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.store.grpc-server-tls-certTLS Certificate for gRPC server, leave blank to disable TLS
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.store.grpc-server-tls-client-caTLS CA to verify clients against.
If no client CA is specified, there is no client verification on server side. (tls.NoClientCert)
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.store.grpc-server-tls-keyTLS Key for the gRPC server, leave blank to disable TLS
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.store.http-addressListen host:port for HTTP endpoints.
Defaults to 0.0.0.0:10902 in Thanos
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.store.index-cache-sizeMaximum size of items held in the index cache.
Defaults to 250MB in Thanos
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.store.log.formatLog format to use.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.store.log.levelLog filtering level.
Defaults to info in Thanos
when set to null.
Type: null or one of "debug", "info", "warn", "error", "fatal"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.store.max-timeEnd of time range limit to serve.
Thanos Store serves only blocks, which happened earlier than this value. Option can be a constant time in RFC3339 format or time duration relative to current time, such as -1d or 2h45m. Valid duration units are ms, s, m, h, d, w, y.
Defaults to 9999-12-31T23:59:59Z in Thanos
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.store.min-timeStart of time range limit to serve.
Thanos Store serves only metrics, which happened later than this value. Option can be a constant time in RFC3339 format or time duration relative to current time, such as -1d or 2h45m. Valid duration units are ms, s, m, h, d, w, y.
Defaults to 0000-01-01T00:00:00Z in Thanos
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.store.objstore.configObject store configuration.
When not null the attribute set gets converted to
a YAML file and stored in the Nix store. The option
objstore.config-file will default to its path.
If objstore.config-file is set this option has no effect.
See format details: https://thanos.io/storage.md/#configuration
Type: null or (attribute set)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.store.objstore.config-filePath to YAML file that contains object store configuration.
See format details: https://thanos.io/storage.md/#configuration
Type: null or string
Default:
if config.services.thanos.<cmd>.objstore.config == null then null else toString (toYAML "objstore.yaml" config.services.thanos.<cmd>.objstore.config);
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.store.stateDirData directory relative to /var/lib
in which to cache remote blocks.
Type: string
Default: "thanos-store"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.store.store.grpc.series-max-concurrencyMaximum number of concurrent Series calls.
Defaults to 20 in Thanos
when set to null.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.store.store.grpc.series-sample-limitMaximum amount of samples returned via a single Series call.
0 means no limit.
NOTE: for efficiency we take 120 as the number of samples in chunk (it cannot be bigger than that), so the actual number of samples might be lower, even though the maximum could be hit.
Defaults to 0 in Thanos
when set to null.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.store.sync-block-durationRepeat interval for syncing the blocks between local and remote view.
Defaults to 3m in Thanos
when set to null.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.store.tracing.configTracing configuration.
When not null the attribute set gets converted to
a YAML file and stored in the Nix store. The option
tracing.config-file will default to its path.
If tracing.config-file is set this option has no effect.
See format details: https://thanos.io/tracing.md/#configuration
Type: null or (attribute set)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thanos.store.tracing.config-filePath to YAML file that contains tracing configuration.
See format details: https://thanos.io/tracing.md/#configuration
Type: null or string
Default:
if config.services.thanos.<cmd>.tracing.config == null then null else toString (toYAML "tracing.yaml" config.services.thanos.<cmd>.tracing.config);
Declared by:
<nixpkgs/nixos/modules/services/monitoring/thanos.nix>
|
services.thelounge.enableWhether to enable The Lounge web IRC client.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/thelounge.nix>
|
services.thelounge.extraConfigThe Lounge's config.js contents as attribute set (will be
converted to JSON to generate the configuration file).
The options defined here will be merged to the default configuration file.
Note: In case of duplicate configuration, options from extraConfig have priority.
Documentation: https://thelounge.chat/docs/server/configuration
Type: attribute set
Default: { }
Example:
{
reverseProxy = true;
defaults = {
name = "Your Network";
host = "localhost";
port = 6697;
};
}Declared by:
<nixpkgs/nixos/modules/services/networking/thelounge.nix>
|
services.thelounge.pluginsThe Lounge plugins to install. Plugins can be found in
pkgs.theLoungePlugins.plugins and pkgs.theLoungePlugins.themes.
Type: list of package
Default: [ ]
Example: [ pkgs.theLoungePlugins.themes.solarized ]
Declared by:
<nixpkgs/nixos/modules/services/networking/thelounge.nix>
|
services.thelounge.portTCP port to listen on for http connections.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9000
Declared by:
<nixpkgs/nixos/modules/services/networking/thelounge.nix>
|
services.thelounge.publicMake your The Lounge instance public.
Setting this to false will require you to configure user
accounts by using the (thelounge) command or by adding
entries in /var/lib/thelounge/users. You might need to restart
The Lounge after making changes to the state directory.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/thelounge.nix>
|
services.thermald.enableWhether to enable thermald, the temperature management daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/hardware/thermald.nix>
|
services.thermald.packageWhich thermald package to use.
Type: package
Default: pkgs.thermald
Declared by:
<nixpkgs/nixos/modules/services/hardware/thermald.nix>
|
services.thermald.configFilethe thermald manual configuration file.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/hardware/thermald.nix>
|
services.thermald.debugWhether to enable debug logging.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/hardware/thermald.nix>
|
services.thinkfan.enableWhether to enable thinkfan, a fan control program.
This module targets IBM/Lenovo thinkpads by default, for other hardware you will have configure it more carefully.
Type: boolean
Default: false
Related packages:
Declared by:
<nixpkgs/nixos/modules/services/hardware/thinkfan.nix>
|
services.thinkfan.extraArgsA list of extra command line arguments to pass to thinkfan. Check the thinkfan(1) manpage for available arguments.
Type: list of string
Default: [ ]
Example:
[ "-b" "0" ]
Declared by:
<nixpkgs/nixos/modules/services/hardware/thinkfan.nix>
|
services.thinkfan.fansList of fans thinkfan will control.
This section slightly departs from the thinkfan.conf syntax. The type and path must be specified like this:
type = "tpacpi"; query = "/proc/acpi/ibm/fan";
instead of a single declaration like:
- tpacpi: /proc/acpi/ibm/fan
Type: list of (attribute set of (YAML value))
Default:
[
{
query = "/proc/acpi/ibm/fan";
type = "tpacpi";
}
]Declared by:
<nixpkgs/nixos/modules/services/hardware/thinkfan.nix>
|
services.thinkfan.fans.*.indicesA list of fans to pick in case multiple fans match the query.
Indices start from 0.
Type: null or (list of unsigned integer, meaning >=0)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/hardware/thinkfan.nix>
|
services.thinkfan.fans.*.queryThe query string used to match one or more fans: can be a fullpath to the temperature file (single fan) or a fullpath to a driver directory (multiple fans).
When multiple fans match, the query can be restricted using the
name or indices options.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/hardware/thinkfan.nix>
|
services.thinkfan.fans.*.typeThe fan type, can be
hwmon for standard fans,
atasmart to read the temperature via
S.M.A.R.T (requires smartSupport to be enabled),
tpacpi for the legacy thinkpac_acpi driver, or
nvml for the (proprietary) nVidia driver.
Type: one of "hwmon", "atasmart", "tpacpi", "nvml"
Declared by:
<nixpkgs/nixos/modules/services/hardware/thinkfan.nix>
|
services.thinkfan.levels[LEVEL LOW HIGH]
LEVEL is the fan level to use: it can be an integer (0-7 with thinkpad_acpi), "level auto" (to keep the default firmware behavior), "level full-speed" or "level disengaged" (to run the fan as fast as possible). LOW is the temperature at which to step down to the previous level. HIGH is the temperature at which to step up to the next level. All numbers are integers.
Type: list of (tuple of (unsigned integer, meaning >=0 or one of "level auto", "level full-speed", "level disengaged") (unsigned integer, meaning >=0) (unsigned integer, meaning >=0))
Default:
[
[
0
0
55
]
[
1
48
60
]
[
2
50
61
]
[
3
52
63
]
[
6
56
65
]
[
7
60
85
]
[
"level auto"
80
32767
]
]Declared by:
<nixpkgs/nixos/modules/services/hardware/thinkfan.nix>
|
services.thinkfan.sensorsList of temperature sensors thinkfan will monitor.
This section slightly departs from the thinkfan.conf syntax. The type and path must be specified like this:
type = "tpacpi"; query = "/proc/acpi/ibm/thermal";
instead of a single declaration like:
- tpacpi: /proc/acpi/ibm/thermal
Type: list of (attribute set of (YAML value))
Default:
[
{
query = "/proc/acpi/ibm/thermal";
type = "tpacpi";
}
]Declared by:
<nixpkgs/nixos/modules/services/hardware/thinkfan.nix>
|
services.thinkfan.sensors.*.correctionA list of values to be added to the temperature of each sensor, can be used to equalize small discrepancies in temperature ratings.
Type: null or (list of signed integer)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/hardware/thinkfan.nix>
|
services.thinkfan.sensors.*.indicesA list of sensors to pick in case multiple sensors match the query.
Indices start from 0.
Type: null or (list of unsigned integer, meaning >=0)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/hardware/thinkfan.nix>
|
services.thinkfan.sensors.*.queryThe query string used to match one or more sensors: can be a fullpath to the temperature file (single sensor) or a fullpath to a driver directory (multiple sensors).
When multiple sensors match, the query can be restricted using the
name or indices options.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/hardware/thinkfan.nix>
|
services.thinkfan.sensors.*.typeThe sensor type, can be
hwmon for standard sensors,
atasmart to read the temperature via
S.M.A.R.T (requires smartSupport to be enabled),
tpacpi for the legacy thinkpac_acpi driver, or
nvml for the (proprietary) nVidia driver.
Type: one of "hwmon", "atasmart", "tpacpi", "nvml"
Declared by:
<nixpkgs/nixos/modules/services/hardware/thinkfan.nix>
|
services.thinkfan.settingsThinkfan settings. Use this option to configure thinkfan
settings not exposed in a NixOS option or to bypass one.
Before changing this, read the thinkfan.conf(5)
manpage and take a look at the example config file at
https://github.com/vmatare/thinkfan/blob/master/examples/thinkfan.yaml
Type: attribute set of (YAML value)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/hardware/thinkfan.nix>
|
services.thinkfan.smartSupportWhether to build thinkfan with S.M.A.R.T. support to read temperatures directly from hard disks.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/hardware/thinkfan.nix>
|
services.throttled.enableWhether to enable fix for Intel CPU throttling.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/hardware/throttled.nix>
|
services.throttled.extraConfigAlternative configuration
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/hardware/throttled.nix>
|
services.tiddlywiki.enableWhether to enable TiddlyWiki nodejs server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/tiddlywiki.nix>
|
services.tiddlywiki.listenOptionsParameters passed to --listen command.
Refer to https://tiddlywiki.com/#WebServer
for details on supported values.
Type: attribute set
Default: { }
Example:
{
credentials = "../credentials.csv";
port = 3456;
readers = "(authenticated)";
}Declared by:
<nixpkgs/nixos/modules/services/misc/tiddlywiki.nix>
|
services.timesyncd.enableEnables the systemd NTP client daemon.
Type: boolean
Default: !config.boot.isContainer
Declared by:
<nixpkgs/nixos/modules/system/boot/timesyncd.nix>
|
services.timesyncd.extraConfigExtra config options for systemd-timesyncd. See timesyncd.conf(5) for available options.
Type: strings concatenated with "\n"
Default: ""
Example:
'' PollIntervalMaxSec=180 ''
Declared by:
<nixpkgs/nixos/modules/system/boot/timesyncd.nix>
|
services.timesyncd.serversThe set of NTP servers from which to synchronise.
Type: list of string
Default: config.networking.timeServers
Declared by:
<nixpkgs/nixos/modules/system/boot/timesyncd.nix>
|
services.tinc.networksDefines the tinc networks which will be started. Each network invokes a different daemon.
Type: attribute set of (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/tinc.nix>
|
services.tinc.networks.<name>.packageThe package to use for the tinc daemon's binary.
Type: package
Default: pkgs.tinc_pre
Declared by:
<nixpkgs/nixos/modules/services/networking/tinc.nix>
|
services.tinc.networks.<name>.bindToAddressThe ip address to bind to (both listen on and send packets from).
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/tinc.nix>
|
services.tinc.networks.<name>.chrootChange process root directory to the directory where the config file is located (/etc/tinc/netname/), for added security. The chroot is performed after all the initialization is done, after writing pid files and opening network sockets.
Note that this currently breaks dns resolution and tinc can't run scripts anymore (such as tinc-down or host-up), unless it is setup to be runnable inside chroot environment.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/tinc.nix>
|
services.tinc.networks.<name>.debugLevelThe amount of debugging information to add to the log. 0 means little logging while 5 is the most logging. man tincd for more details.
Type: signed integer
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/networking/tinc.nix>
|
services.tinc.networks.<name>.ed25519PrivateKeyFilePath of the private ed25519 keyfile.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/tinc.nix>
|
services.tinc.networks.<name>.extraConfigExtra lines to add to the tinc service configuration file.
Note that using the declarative service.tinc.networks.<name>.settings
option is preferred.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/tinc.nix>
|
services.tinc.networks.<name>.hostSettingsThe name of the host in the network as well as the configuration for that host. This name should only contain alphanumerics and underscores.
Type: attribute set of (submodule)
Default: { }
Example:
{
host1 = {
addresses = [
{ address = "192.168.1.42"; }
{ address = "192.168.1.42"; port = 1655; }
];
subnets = [ { address = "10.0.0.42"; } ];
rsaPublicKey = "...";
settings = {
Ed25519PublicKey = "...";
};
};
host2 = {
subnets = [ { address = "10.0.1.0"; prefixLength = 24; weight = 2; } ];
rsaPublicKey = "...";
settings = {
Compression = 10;
};
};
}
Declared by:
<nixpkgs/nixos/modules/services/networking/tinc.nix>
|
services.tinc.networks.<name>.hostSettings.<name>.addressesThe external address where the host can be reached. This will set this
host's settings.Address option.
This variable is only required if you want to connect to this host.
Type: list of (submodule)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/tinc.nix>
|
services.tinc.networks.<name>.hostSettings.<name>.addresses.*.addressThe external IP address or hostname where the host can be reached.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/tinc.nix>
|
services.tinc.networks.<name>.hostSettings.<name>.addresses.*.portThe port where the host can be reached.
If no port is specified, the default Port is used.
Type: null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/tinc.nix>
|
services.tinc.networks.<name>.hostSettings.<name>.rsaPublicKeyLegacy RSA public key of the host in PEM format, including start and end markers.
This will be appended as-is in the host's configuration file.
The ed25519 public key can be specified using the
settings.Ed25519PublicKey option instead.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/tinc.nix>
|
services.tinc.networks.<name>.hostSettings.<name>.settingsConfiguration for this host.
See https://tinc-vpn.org/documentation-1.1/Host-configuration-variables.html for supported values.
Type: attribute set of (boolean or string or signed integer or list of (boolean or string or signed integer))
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/tinc.nix>
|
services.tinc.networks.<name>.hostSettings.<name>.subnetsThe subnets which this tinc daemon will serve. This will set this
host's settings.Subnet option.
Tinc tries to look up which other daemon it should send a packet to by searching the appropriate subnet. If the packet matches a subnet, it will be sent to the daemon who has this subnet in his host configuration file.
Type: list of (submodule)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/tinc.nix>
|
services.tinc.networks.<name>.hostSettings.<name>.subnets.*.addressThe subnet of this host.
Subnets can either be single MAC, IPv4 or IPv6 addresses, in which case a subnet consisting of only that single address is assumed, or they can be a IPv4 or IPv6 network address with a prefix length.
IPv4 subnets are notated like 192.168.1.0/24, IPv6 subnets are notated like fec0:0:0:1::/64. MAC addresses are notated like 0:1a:2b:3c:4d:5e.
Note that subnets like 192.168.1.1/24 are invalid.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/tinc.nix>
|
services.tinc.networks.<name>.hostSettings.<name>.subnets.*.prefixLengthThe prefix length of the subnet.
If null, a subnet consisting of only that single address is assumed.
This conforms to standard CIDR notation as described in RFC1519.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/tinc.nix>
|
services.tinc.networks.<name>.hostSettings.<name>.subnets.*.weightIndicates the priority over identical Subnets owned by different nodes.
Lower values indicate higher priority. Packets will be sent to the node with the highest priority, unless that node is not reachable, in which case the node with the next highest priority will be tried, and so on.
Type: unsigned integer, meaning >=0
Default: 10
Declared by:
<nixpkgs/nixos/modules/services/networking/tinc.nix>
|
services.tinc.networks.<name>.hostsThe name of the host in the network as well as the configuration for that host. This name should only contain alphanumerics and underscores.
Note that using the declarative service.tinc.networks.<name>.hostSettings
option is preferred.
Type: attribute set of strings concatenated with "\n"
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/tinc.nix>
|
services.tinc.networks.<name>.interfaceTypeThe type of virtual interface used for the network connection.
Type: one of "tun", "tap"
Default: "tun"
Declared by:
<nixpkgs/nixos/modules/services/networking/tinc.nix>
|
services.tinc.networks.<name>.listenAddressThe ip address to listen on for incoming connections.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/tinc.nix>
|
services.tinc.networks.<name>.nameThe name of the node which is used as an identifier when communicating with the remote nodes in the mesh. If null then the hostname of the system is used to derive a name (note that tinc may replace non-alphanumeric characters in hostnames by underscores).
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/tinc.nix>
|
services.tinc.networks.<name>.rsaPrivateKeyFilePath of the private RSA keyfile.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/tinc.nix>
|
services.tinc.networks.<name>.settingsConfiguration of the Tinc daemon for this network.
See https://tinc-vpn.org/documentation-1.1/Main-configuration-variables.html for supported values.
Type: attribute set of (boolean or string or signed integer or list of (boolean or string or signed integer))
Default: { }
Example:
{
Interface = "custom.interface";
DirectOnly = true;
Mode = "switch";
}
Declared by:
<nixpkgs/nixos/modules/services/networking/tinc.nix>
|
services.tinydns.enableWhether to run the tinydns dns server
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/tinydns.nix>
|
services.tinydns.dataThe DNS data to serve, in the format described by tinydns-data(8)
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/tinydns.nix>
|
services.tinydns.ipIP address on which to listen for connections
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/networking/tinydns.nix>
|
services.tlp.enableWhether to enable the TLP power management daemon.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/hardware/tlp.nix>
|
services.tlp.extraConfigVerbatim additional configuration variables for TLP. DEPRECATED: use services.tlp.settings instead.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/hardware/tlp.nix>
|
services.tlp.settingsOptions passed to TLP. See https://linrunner.de/tlp for all supported options..
Type: attribute set of (boolean or signed integer or floating point number or string or list of string)
Default: { }
Example:
{
SATA_LINKPWR_ON_BAT = "med_power_with_dipm";
USB_BLACKLIST_PHONE = 1;
}Declared by:
<nixpkgs/nixos/modules/services/hardware/tlp.nix>
|
services.tmate-ssh-server.enableWhether to enable tmate ssh server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/tmate-ssh-server.nix>
|
services.tmate-ssh-server.packageThe package containing tmate-ssh-server
Type: package
Default: pkgs.tmate-ssh-server
Declared by:
<nixpkgs/nixos/modules/services/networking/tmate-ssh-server.nix>
|
services.tmate-ssh-server.advertisedPortExternal port advertised to clients
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Declared by:
<nixpkgs/nixos/modules/services/networking/tmate-ssh-server.nix>
|
services.tmate-ssh-server.hostExternal host name
Type: string
Default: config.networking.domain or config.networking.hostName
Declared by:
<nixpkgs/nixos/modules/services/networking/tmate-ssh-server.nix>
|
services.tmate-ssh-server.keysDirDirectory containing ssh keys, defaulting to auto-generation
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/tmate-ssh-server.nix>
|
services.tmate-ssh-server.openFirewallWhether to automatically open the specified ports in the firewall.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/tmate-ssh-server.nix>
|
services.tmate-ssh-server.portListen port for the ssh server
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 2222
Declared by:
<nixpkgs/nixos/modules/services/networking/tmate-ssh-server.nix>
|
services.tomcat.enableWhether to enable Apache Tomcat.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
|
services.tomcat.packageWhich tomcat package to use.
Type: package
Default: pkgs.tomcat9
Example: pkgs.tomcat9
Declared by:
<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
|
services.tomcat.axis2.enableWhether to enable an Apache Axis2 container
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
|
services.tomcat.axis2.servicesList containing AAR files or directories with AAR files which are web services to be deployed on Axis2
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
|
services.tomcat.baseDirLocation where Tomcat stores configuration files, web applications
and logfiles. Note that it is partially cleared on each service startup
if purifyOnStart is enabled.
Type: path
Default: "/var/tomcat"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
|
services.tomcat.catalinaOptsParameters to pass to the Java Virtual Machine which spawns the Catalina servlet container
Type: (list of string) or string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
|
services.tomcat.commonLibsList containing JAR files or directories with JAR files which are libraries shared by the web applications and the servlet container
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
|
services.tomcat.extraConfigFilesExtra configuration files to pull into the tomcat conf directory
Type: list of path
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
|
services.tomcat.extraEnvironmentEnvironment Variables to pass to the tomcat service
Type: list of string
Default: [ ]
Example:
[ "ENVIRONMENT=production" ]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
|
services.tomcat.extraGroupsDefines extra groups to which the tomcat user belongs.
Type: list of string
Default: [ ]
Example:
[ "users" ]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
|
services.tomcat.groupGroup account under which Apache Tomcat runs.
Type: string
Default: "tomcat"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
|
services.tomcat.javaOptsParameters to pass to the Java Virtual Machine which spawns Apache Tomcat
Type: (list of string) or string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
|
services.tomcat.jdkWhich JDK to use.
Type: package
Default: pkgs.jdk
Declared by:
<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
|
services.tomcat.logDirsDirectories to create in baseDir/logs/
Type: list of path
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
|
services.tomcat.logPerVirtualHostWhether to enable logging per virtual host.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
|
services.tomcat.purifyOnStartOn startup, the baseDir directory is populated with various files,
subdirectories and symlinks. If this option is enabled, these items
(except for the logs and work subdirectories) are first removed.
This prevents interference from remainders of an old configuration
(libraries, webapps, etc.), so it's recommended to enable this option.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
|
services.tomcat.serverXmlVerbatim server.xml configuration. This is mutually exclusive with the virtualHosts options.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
|
services.tomcat.sharedLibsList containing JAR files or directories with JAR files which are libraries shared by the web applications
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
|
services.tomcat.userUser account under which Apache Tomcat runs.
Type: string
Default: "tomcat"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
|
services.tomcat.virtualHostsList consisting of a virtual host name and a list of web applications to deploy on each virtual host
Type: list of (submodule)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
|
services.tomcat.virtualHosts.*.aliasesaliases of the virtualhost
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
|
services.tomcat.virtualHosts.*.namename of the virtualhost
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
|
services.tomcat.virtualHosts.*.webappsList containing web application WAR files and/or directories containing web applications and configuration files for the virtual host.
Type: list of path
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
|
services.tomcat.webappsList containing WAR files or directories with WAR files which are web applications to be deployed on Tomcat
Type: list of path
Default: [ config.services.tomcat.package.webapps ]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/tomcat.nix>
|
services.tor.enableWhether to enable Tor daemon. By default, the daemon is run without relay, exit, bridge or client connectivity.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.enableGeoIPWhether to enable use of GeoIP databases. Disabling this will disable by-country statistics for bridges and relays and some client and third-party software functionality.
Type: boolean
Default: true
Example: true
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.packageTor package to use.
Type: package
Default: pkgs.tor
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.client.enableWhether to enable the routing of application connections. You might want to disable this if you plan running a dedicated Tor relay.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.client.dns.enableWhether to enable DNS resolver.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.client.onionServicesSee torrc manual.
Type: attribute set of (submodule)
Default: { }
Example:
{
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx = {
clientAuthorizations = [
"/run/keys/tor/alice.prv.x25519"
];
};
}Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.client.onionServices.<name>.clientAuthorizationsClients' authorizations for a v3 onion service, as a list of files containing each one private key, in the format:
descriptor:x25519:<base32-private-key>
See torrc manual.
Type: list of path
Default: [ ]
Example:
[ "/run/keys/tor/alice.prv.x25519" ]
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.client.socksListenAddressBind to this address to listen for connections from Socks-speaking applications.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive) or (submodule)
Default:
{
IsolateDestAddr = true;
addr = "127.0.0.1";
port = 9050;
}Example:
{
IsolateDestAddr = true;
addr = "192.168.0.1";
port = 9090;
}Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.client.transparentProxy.enableWhether to enable transparent proxy.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.controlSocket.enableWhether to enable control socket,
created in /run/tor/control.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.openFirewallWhether to enable opening of the relay port(s) in the firewall.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.relay.enableWhether to enable relaying of Tor traffic for others.
See https://www.torproject.org/docs/tor-doc-relay for details.
Setting this to true requires setting
services.tor.relay.role
and
services.tor.settings.ORPort
options.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.relay.onionServicesSee torrc manual.
Type: attribute set of (submodule)
Default: { }
Example:
{
"example.org/www" = {
authorizedClients = [
"descriptor:x25519:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
];
map = [
80
];
};
}Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.relay.onionServices.<name>.authorizeClientSee torrc manual.
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.relay.onionServices.<name>.authorizeClient.authTypeEither "basic" for a general-purpose authorization protocol
or "stealth" for a less scalable protocol
that also hides service activity from unauthorized clients.
Type: one of "basic", "stealth"
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.relay.onionServices.<name>.authorizeClient.clientNamesOnly clients that are listed here are authorized to access the hidden service.
Generated authorization data can be found in /var/lib/tor/onion/$name/hostname.
Clients need to put this authorization data in their configuration file using
services.tor.settings.HidServAuth.
Type: non-empty (list of string matching the pattern [A-Za-z0-9+-_]+)
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.relay.onionServices.<name>.authorizedClientsAuthorized clients for a v3 onion service, as a list of public key, in the format:
descriptor:x25519:<base32-public-key>
See torrc manual.
Type: list of string
Default: [ ]
Example:
[ "descriptor:x25519:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" ]
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.relay.onionServices.<name>.mapSee torrc manual.
Type: list of (16 bit unsigned integer; between 0 and 65535 (both inclusive) or (submodule))
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.relay.onionServices.<name>.pathPath where to store the data files of the hidden service.
If the secretKey is null
this defaults to /var/lib/tor/onion/$onion,
otherwise to /run/tor/onion/$onion.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.relay.onionServices.<name>.secretKeySecret key of the onion service.
If null, Tor reuses any preexisting secret key (in path)
or generates a new one.
The associated public key and hostname are deterministically regenerated
from this file if they do not exist.
Type: null or path
Default: null
Example: "/run/keys/tor/onion/expyuzz4wqqyqhjn/hs_ed25519_secret_key"
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.relay.onionServices.<name>.settingsSettings of the onion service. See torrc manual.
Type: settings option
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.relay.onionServices.<name>.settings.HiddenServiceAllowUnknownPortsSee torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.relay.onionServices.<name>.settings.HiddenServiceDirGroupReadableSee torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.relay.onionServices.<name>.settings.HiddenServiceExportCircuitIDSee torrc manual.
Type: null or value "haproxy" (singular enum)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.relay.onionServices.<name>.settings.HiddenServiceMaxStreamsSee torrc manual.
Type: null or integer between 0 and 65535 (both inclusive)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.relay.onionServices.<name>.settings.HiddenServiceMaxStreamsCloseCircuitSee torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.relay.onionServices.<name>.settings.HiddenServiceNumIntroductionPointsSee torrc manual.
Type: null or integer between 0 and 20 (both inclusive)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.relay.onionServices.<name>.settings.HiddenServiceSingleHopModeSee torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.relay.onionServices.<name>.settings.RendPostPeriodSee torrc manual.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.relay.onionServices.<name>.versionSee torrc manual.
Type: null or one of 2, 3
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.relay.roleYour role in Tor network. There're several options:
exit:
An exit relay. This allows Tor users to access regular
Internet services through your public IP.
You can specify which services Tor users may access via
your exit relay using settings.ExitPolicy option.
relay:
Regular relay. This allows Tor users to relay onion
traffic to other Tor nodes, but not to public
Internet.
See
https://www.torproject.org/docs/tor-doc-relay.html.en
for more info.
bridge:
Regular bridge. Works like a regular relay, but
doesn't list you in the public relay directory and
hides your Tor node behind obfs4proxy.
Using this option will make Tor advertise your bridge
to users through various mechanisms like
https://bridges.torproject.org/, though.
See https://www.torproject.org/docs/bridges.html.en
for more info.
private-bridge:
Private bridge. Works like regular bridge, but does
not advertise your node in any way.
Using this role means that you won't contribute to Tor
network in any way unless you advertise your node
yourself in some way.
Use this if you want to run a private bridge, for
example because you'll give out your bridge addr
manually to your friends.
Switching to this role after measurable time in
"bridge" role is pretty useless as some Tor users
would have learned about your node already. In the
latter case you can still change
port option.
See https://www.torproject.org/docs/bridges.html.en
for more info.
Running an exit relay may expose you to abuse complaints. See https://www.torproject.org/faq.html.en#ExitPolicies for more info.
Note that some misconfigured and/or disrespectful towards privacy sites will block you even if your relay is not an exit relay. That is, just being listed in a public relay directory can have unwanted consequences. Which means you might not want to use this role if you browse public Internet from the same network as your relay, unless you want to write e-mails to those sites (you should!).
WARNING: THE FOLLOWING PARAGRAPH IS NOT LEGAL ADVICE.
Consult with your lawyer when in doubt.
The bridge role should be safe to use in most situations
(unless the act of forwarding traffic for others is
a punishable offence under your local laws, which
would be pretty insane as it would make ISP illegal).
Type: one of "exit", "relay", "bridge", "private-bridge"
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settingsSee torrc manual for documentation.
Type: settings option
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.AccountingMaxSee torrc manual.
Type: null or signed integer or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.AccountingStartSee torrc manual.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.AddressSee torrc manual.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.AssumeReachableSee torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.AuthDirHasIPv6ConnectivitySee torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.AuthDirListBadExitsSee torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.AuthDirPinKeysSee torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.AuthDirSharedRandomnessSee torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.AuthDirTestEd25519LinkKeysSee torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.AuthoritativeDirectorySee torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.AutomapHostsOnResolveSee torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.AutomapHostsSuffixesSee torrc manual.
Type: list of string
Default:
[ ".onion" ".exit" ]
Example:
[ ".onion" ]
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.BandwidthBurstSee torrc manual.
Type: null or signed integer or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.BandwidthRateSee torrc manual.
Type: null or signed integer or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.BridgeAuthoritativeDirSee torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.BridgeRecordUsageByCountrySee torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.BridgeRelaySee torrc manual.
Type: null or boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.CacheDirectorySee torrc manual.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.CacheDirectoryGroupReadableSee torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.CellStatisticsSee torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.ClientAutoIPv6ORPortSee torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.ClientDNSRejectInternalAddressesSee torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.ClientOnionAuthDirSee torrc manual.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.ClientPreferIPv6DirPortSee torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.ClientPreferIPv6ORPortSee torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.ClientRejectInternalAddressesSee torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.ClientUseIPv4See torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.ClientUseIPv6See torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.ConnDirectionStatisticsSee torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.ConstrainedSocketsSee torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.ContactInfoSee torrc manual.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.ControlPortSee torrc manual.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive) or value "auto" (singular enum) or list of (16 bit unsigned integer; between 0 and 65535 (both inclusive) or value "auto" (singular enum) or (submodule))
Default: [ ]
Example:
[
{
port = 9051;
}
]Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.ControlPortFileGroupReadableSee torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.ControlPortWriteToFileSee torrc manual.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.ControlSocketSee torrc manual.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.ControlSocketsGroupWritableSee torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.CookieAuthFileSee torrc manual.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.CookieAuthFileGroupReadableSee torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.CookieAuthenticationSee torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.DNSPortSee torrc manual.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive) or value "auto" (singular enum) or (submodule) or list of (16 bit unsigned integer; between 0 and 65535 (both inclusive) or value "auto" (singular enum) or (submodule))
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.DataDirectorySee torrc manual.
Type: null or path
Default: "/var/lib/tor"
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.DataDirectoryGroupReadableSee torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.DirAllowPrivateAddressesSee torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.DirCacheSee torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.DirPolicySee torrc manual.
Type: list of string
Default: [ ]
Example:
[ "accept *:*" ]
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.DirPortSee torrc manual.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive) or value "auto" (singular enum) or list of (16 bit unsigned integer; between 0 and 65535 (both inclusive) or value "auto" (singular enum) or (submodule))
Default: [ ]
Example: 443
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.DirPortFrontPageSee torrc manual.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.DirReqStatisticsSee torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.DisableAllSwapSee torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.DisableDebuggerAttachmentSee torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.DisableNetworkSee torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.DisableOOSCheckSee torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.DoSCircuitCreationEnabledSee torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.DoSConnectionEnabledSee torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.DoSRefuseSingleHopClientRendezvousSee torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.DormantCanceledByStartupSee torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.DormantOnFirstStartupSee torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.DormantTimeoutDisabledByIdleStreamsSee torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.DownloadExtraInfoSee torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.EnforceDistinctSubnetsSee torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.EntryStatisticsSee torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.ExitPolicySee torrc manual.
Type: list of string
Default:
[ "reject *:*" ]
Example:
[ "accept *:*" ]
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.ExitPolicyRejectLocalInterfacesSee torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.ExitPolicyRejectPrivateSee torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.ExitPortStatisticsSee torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.ExitRelaySee torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.ExtORPortSee torrc manual.
Type: null or 16 bit unsigned integer; between 0 and 65535 (both inclusive) or value "auto" (singular enum) or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.ExtORPortCookieAuthFileSee torrc manual.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.ExtORPortCookieAuthFileGroupReadableSee torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.ExtendAllowPrivateAddressesSee torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.ExtraInfoStatisticsSee torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.FascistFirewallSee torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.FetchDirInfoEarlySee torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.FetchDirInfoExtraEarlySee torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.FetchHidServDescriptorsSee torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.FetchServerDescriptorsSee torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.FetchUselessDescriptorsSee torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.GeoIPFileSee torrc manual.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.GeoIPv6FileSee torrc manual.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.GuardfractionFileSee torrc manual.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.HSLayer2NodesSee torrc manual.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.HSLayer3NodesSee torrc manual.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.HTTPTunnelPortSee torrc manual.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive) or value "auto" (singular enum) or (submodule) or list of (16 bit unsigned integer; between 0 and 65535 (both inclusive) or value "auto" (singular enum) or (submodule))
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.HidServAuthSee torrc manual.
Type: list of (submodule)
Default: [ ]
Example:
[
{
auth = "xxxxxxxxxxxxxxxxxxxxxx";
onion = "xxxxxxxxxxxxxxxx.onion";
}
]Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.HidServAuth.*.authAuthentication cookie.
Type: string matching the pattern [A-Za-z0-9+/]{22}
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.HidServAuth.*.onionOnion address.
Type: string matching the pattern [a-z2-7]{16}\.onion
Example: "xxxxxxxxxxxxxxxx.onion"
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.HiddenServiceNonAnonymousModeSee torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.HiddenServiceStatisticsSee torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.IPv6ExitSee torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.KeyDirectorySee torrc manual.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.KeyDirectoryGroupReadableSee torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.LogMessageDomainsSee torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.LongLivedPortsSee torrc manual.
Type: list of 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.MainloopStatsSee torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.MaxAdvertisedBandwidthSee torrc manual.
Type: null or signed integer or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.MaxCircuitDirtinessSee torrc manual.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.MaxClientCircuitsPendingSee torrc manual.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.NATDPortSee torrc manual.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive) or value "auto" (singular enum) or (submodule) or list of (16 bit unsigned integer; between 0 and 65535 (both inclusive) or value "auto" (singular enum) or (submodule))
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.NewCircuitPeriodSee torrc manual.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.NicknameSee torrc manual.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.ORPortSee torrc manual.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive) or value "auto" (singular enum) or list of (16 bit unsigned integer; between 0 and 65535 (both inclusive) or value "auto" (singular enum) or (submodule))
Default: [ ]
Example: 443
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.OfflineMasterKeySee torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.OptimisticDataSee torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.PaddingStatisticsSee torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.PerConnBWBurstSee torrc manual.
Type: null or signed integer or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.PerConnBWRateSee torrc manual.
Type: null or signed integer or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.PidFileSee torrc manual.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.ProtocolWarningsSee torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.PublishHidServDescriptorsSee torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.PublishServerDescriptorSee torrc manual.
Type: null or one of false, true, 0, 1, "0", "1", "v3", "bridge"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.ReachableAddressesSee torrc manual.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.ReachableDirAddressesSee torrc manual.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.ReachableORAddressesSee torrc manual.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.ReducedExitPolicySee torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.RefuseUnknownExitsSee torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.RejectPlaintextPortsSee torrc manual.
Type: list of 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.RelayBandwidthBurstSee torrc manual.
Type: null or signed integer or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.RelayBandwidthRateSee torrc manual.
Type: null or signed integer or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.SOCKSPortSee torrc manual.
Type: list of (16 bit unsigned integer; between 0 and 65535 (both inclusive) or (submodule))
Default:
if config.services.tor.settings.HiddenServiceNonAnonymousMode == true
then [ { port = 0; } ]
else [ ]
Example:
[
{
port = 9090;
}
]Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.SandboxSee torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.ServerDNSAllowBrokenConfigSee torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.ServerDNSAllowNonRFC953HostnamesSee torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.ServerDNSDetectHijackingSee torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.ServerDNSRandomizeCaseSee torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.ServerDNSResolvConfFileSee torrc manual.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.ServerDNSSearchDomainsSee torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.ServerTransportPluginSee torrc manual.
Type: null or (submodule)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.ServerTransportPlugin.execCommand of pluggable transport.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.ServerTransportPlugin.transportsList of pluggable transports.
Type: list of string
Example:
[ "obfs2" "obfs3" "obfs4" "scramblesuit" ]
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.ShutdownWaitLengthSee torrc manual.
Type: signed integer
Default: 30
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.SocksPolicySee torrc manual.
Type: list of string
Default: [ ]
Example:
[ "accept *:*" ]
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.TestingTorNetworkSee torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.TransPortSee torrc manual.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive) or value "auto" (singular enum) or (submodule) or list of (16 bit unsigned integer; between 0 and 65535 (both inclusive) or value "auto" (singular enum) or (submodule))
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.TransProxyTypeSee torrc manual.
Type: null or one of "default", "TPROXY", "ipfw", "pf-divert"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.UnixSocksGroupWritableSee torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.UseDefaultFallbackDirsSee torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.UseMicrodescriptorsSee torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.V3AuthUseLegacyKeySee torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.V3AuthoritativeDirectorySee torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.VersioningAuthoritativeDirectorySee torrc manual.
Type: null or boolean
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.VirtualAddrNetworkIPv4See torrc manual.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.VirtualAddrNetworkIPv6See torrc manual.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.settings.WarnPlaintextPortsSee torrc manual.
Type: list of 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/security/tor.nix>
|
services.tor.torsocks.enableWhether to build /etc/tor/torsocks.conf
containing the specified global torsocks configuration.
Type: boolean
Default: config.services.tor.enable && config.services.tor.client.enable
Declared by:
<nixpkgs/nixos/modules/services/security/torsocks.nix>
|
services.tor.torsocks.allowInboundSet Torsocks to accept inbound connections. If set to
true, listen() and accept() will be
allowed to be used with non localhost address.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/security/torsocks.nix>
|
services.tor.torsocks.fasterServerIP/Port of the Tor SOCKS server for torsocks-faster wrapper suitable for HTTP. Currently, hostnames are NOT supported by torsocks.
Type: string
Default: "127.0.0.1:9063"
Example: "192.168.0.20:1234"
Declared by:
<nixpkgs/nixos/modules/services/security/torsocks.nix>
|
services.tor.torsocks.onionAddrRangeTor hidden sites do not have real IP addresses. This specifies what range of IP addresses will be handed to the application as "cookies" for .onion names. Of course, you should pick a block of addresses which you aren't going to ever need to actually connect to. This is similar to the MapAddress feature of the main tor daemon.
Type: string
Default: "127.42.42.0/24"
Declared by:
<nixpkgs/nixos/modules/services/security/torsocks.nix>
|
services.tor.torsocks.serverIP/Port of the Tor SOCKS server. Currently, hostnames are NOT supported by torsocks.
Type: string
Default: "127.0.0.1:9050"
Example: "192.168.0.20:1234"
Declared by:
<nixpkgs/nixos/modules/services/security/torsocks.nix>
|
services.tor.torsocks.socks5PasswordSOCKS5 password. The TORSOCKS_PASSWORD
environment variable overrides this option if it is set.
Type: null or string
Default: null
Example: "sekret"
Declared by:
<nixpkgs/nixos/modules/services/security/torsocks.nix>
|
services.tor.torsocks.socks5UsernameSOCKS5 username. The TORSOCKS_USERNAME
environment variable overrides this option if it is set.
Type: null or string
Default: null
Example: "bob"
Declared by:
<nixpkgs/nixos/modules/services/security/torsocks.nix>
|
services.tor.tsocks.enableWhether to build tsocks wrapper script to relay application traffic via Tor.
You shouldn't use this unless you know what you're
doing because your installation of Tor already comes with
its own superior (doesn't leak DNS queries)
torsocks wrapper which does pretty much
exactly the same thing as this.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/security/torify.nix>
|
services.tor.tsocks.configExtra configuration. Contents will be added verbatim to TSocks configuration file.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/security/torify.nix>
|
services.tor.tsocks.serverIP address of TOR client to use.
Type: string
Default: "localhost:9050"
Example: "192.168.0.20"
Declared by:
<nixpkgs/nixos/modules/services/security/torify.nix>
|
services.torque.mom.enableWhether to enable torque computing node.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/computing/torque/mom.nix>
|
services.torque.mom.serverNodeHostname running pbs server.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/computing/torque/mom.nix>
|
services.torque.server.enableWhether to enable torque server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/computing/torque/server.nix>
|
services.touchegg.enableWhether to enable touchegg, a multi-touch gesture recognizer.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/touchegg.nix>
|
services.touchegg.packagetouchegg derivation to use.
Type: package
Default: pkgs.touchegg
Declared by:
<nixpkgs/nixos/modules/services/x11/touchegg.nix>
|
services.tox-node.enableWhether to enable Tox Node service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/tox-node.nix>
|
services.tox-node.keysFilePath to the file where DHT keys are stored.
Type: string
Default: "/var/lib/tox-node/keys"
Declared by:
<nixpkgs/nixos/modules/services/networking/tox-node.nix>
|
services.tox-node.lanDiscoveryEnable local network discovery.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/tox-node.nix>
|
services.tox-node.logTypeLogging implementation.
Type: one of "Stderr", "Stdout", "Syslog", "None"
Default: "Stderr"
Declared by:
<nixpkgs/nixos/modules/services/networking/tox-node.nix>
|
services.tox-node.motdMessage of the day
Type: string
Default: "Hi from tox-rs! I'm up {{uptime}}. TCP: incoming {{tcp_packets_in}}, outgoing {{tcp_packets_out}}, UDP: incoming {{udp_packets_in}}, outgoing {{udp_packets_out}}"
Declared by:
<nixpkgs/nixos/modules/services/networking/tox-node.nix>
|
services.tox-node.tcpAddressesTCP addresses to run TCP relay.
Type: list of string
Default:
[ "0.0.0.0:33445" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/tox-node.nix>
|
services.tox-node.tcpConnectionLimitMaximum number of active TCP connections relay can hold
Type: signed integer
Default: 8192
Declared by:
<nixpkgs/nixos/modules/services/networking/tox-node.nix>
|
services.tox-node.threadsNumber of threads for execution
Type: signed integer
Default: 1
Declared by:
<nixpkgs/nixos/modules/services/networking/tox-node.nix>
|
services.tox-node.udpAddressUDP address to run DHT node.
Type: string
Default: "0.0.0.0:33445"
Declared by:
<nixpkgs/nixos/modules/services/networking/tox-node.nix>
|
services.toxBootstrapd.enableWhether to enable the Tox DHT bootstrap daemon.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/tox-bootstrapd.nix>
|
services.toxBootstrapd.extraConfigConfiguration for bootstrap daemon. See https://github.com/irungentoo/toxcore/blob/master/other/bootstrap_daemon/tox-bootstrapd.conf and http://wiki.tox.im/Nodes.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/tox-bootstrapd.nix>
|
services.toxBootstrapd.keysFileNode key file.
Type: string
Default: "/var/lib/tox-bootstrapd/keys"
Declared by:
<nixpkgs/nixos/modules/services/networking/tox-bootstrapd.nix>
|
services.toxBootstrapd.portListening port (UDP).
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 33445
Declared by:
<nixpkgs/nixos/modules/services/networking/tox-bootstrapd.nix>
|
services.toxvpn.enableWhether to enable toxvpn running on startup.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/toxvpn.nix>
|
services.toxvpn.auto_add_peerspeers to automatically connect to on startup
Type: list of string
Default: [ ]
Example:
[ "toxid1" "toxid2" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/toxvpn.nix>
|
services.toxvpn.localipyour ip on the vpn
Type: string
Default: "10.123.123.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/toxvpn.nix>
|
services.toxvpn.portudp port for toxcore, port-forward to help with connectivity if you run many nodes behind one NAT
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 33445
Declared by:
<nixpkgs/nixos/modules/services/networking/toxvpn.nix>
|
services.tp-auto-kbbl.enableWhether to enable Auto toggle keyboard back-lighting on Thinkpads (and maybe other laptops) for Linux.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/tp-auto-kbbl.nix>
|
services.tp-auto-kbbl.packagePackage providing tp-auto-kbbl.
Type: package
Default: pkgs.tp-auto-kbbl
Declared by:
<nixpkgs/nixos/modules/services/misc/tp-auto-kbbl.nix>
|
services.tp-auto-kbbl.argumentsList of arguments appended to ./tp-auto-kbbl --device [device] [arguments]
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/misc/tp-auto-kbbl.nix>
|
services.tp-auto-kbbl.deviceDevice watched for activities.
Type: string
Default: "/dev/input/event0"
Declared by:
<nixpkgs/nixos/modules/services/misc/tp-auto-kbbl.nix>
|
services.traefik.enableWhether to enable Traefik web server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-servers/traefik.nix>
|
services.traefik.packageTraefik package to use.
Type: package
Default: pkgs.traefik
Declared by:
<nixpkgs/nixos/modules/services/web-servers/traefik.nix>
|
services.traefik.dataDirLocation for any persistent data traefik creates, ie. acme
Type: path
Default: "/var/lib/traefik"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/traefik.nix>
|
services.traefik.dynamicConfigFilePath to traefik's dynamic configuration to use.
(Using that option has precedence over dynamicConfigOptions)
Type: null or path
Default: null
Example: /path/to/dynamic_config.toml
Declared by:
<nixpkgs/nixos/modules/services/web-servers/traefik.nix>
|
services.traefik.dynamicConfigOptionsDynamic configuration for Traefik.
Type: JSON value
Default: { }
Example:
{
http = {
routers = {
router1 = {
rule = "Host(`localhost`)";
service = "service1";
};
};
services = {
service1 = {
loadBalancer = {
servers = [
{
url = "http://localhost:8080";
}
];
};
};
};
};
}Declared by:
<nixpkgs/nixos/modules/services/web-servers/traefik.nix>
|
services.traefik.groupSet the group that traefik runs under.
For the docker backend this needs to be set to docker instead.
Type: string
Default: "traefik"
Example: "docker"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/traefik.nix>
|
services.traefik.staticConfigFilePath to traefik's static configuration to use.
(Using that option has precedence over staticConfigOptions and dynamicConfigOptions)
Type: null or path
Default: null
Example: /path/to/static_config.toml
Declared by:
<nixpkgs/nixos/modules/services/web-servers/traefik.nix>
|
services.traefik.staticConfigOptionsStatic configuration for Traefik.
Type: JSON value
Default:
{
entryPoints = {
http = {
address = ":80";
};
};
}Example:
{
api = { };
entryPoints = {
http = {
address = ":80";
};
web = {
address = ":8080";
};
};
}Declared by:
<nixpkgs/nixos/modules/services/web-servers/traefik.nix>
|
services.trafficserver.enableWhether to enable Apache Traffic Server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-servers/trafficserver/default.nix>
|
services.trafficserver.cacheCaching rules that overrule the origin's caching policy.
Consult the upstream documentation for more details.
Type: strings concatenated with "\n"
Default: ""
Example: "dest_domain=example.com suffix=js action=never-cache"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/trafficserver/default.nix>
|
services.trafficserver.hostingPartition the cache according to origin server or domain
Consult the upstream documentation for more details.
Type: strings concatenated with "\n"
Default: ""
Example: "domain=example.com volume=1"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/trafficserver/default.nix>
|
services.trafficserver.ipAllowControl client access to Traffic Server and Traffic Server connections to upstream servers.
Consult the upstream documentation for more details.
Type: null or YAML value
Default: upstream defaults
Example:
{
ip_allow = [{
apply = "in";
ip_addrs = "127.0.0.1";
action = "allow";
methods = "ALL";
}];
}
Declared by:
<nixpkgs/nixos/modules/services/web-servers/trafficserver/default.nix>
|
services.trafficserver.loggingConfigure logs.
Consult the upstream documentation for more details.
Type: null or YAML value
Default: upstream defaults
Example: { }
Declared by:
<nixpkgs/nixos/modules/services/web-servers/trafficserver/default.nix>
|
services.trafficserver.parentIdentify the parent proxies used in an cache hierarchy.
Consult the upstream documentation for more details.
Type: strings concatenated with "\n"
Default: ""
Example:
'' dest_domain=. method=get parent="p1.example:8080; p2.example:8080" round_robin=true ''
Declared by:
<nixpkgs/nixos/modules/services/web-servers/trafficserver/default.nix>
|
services.trafficserver.pluginsControls run-time loadable plugins available to Traffic Server, as well as their configuration.
Consult the upstream documentation for more details.
Type: list of (submodule)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/trafficserver/default.nix>
|
services.trafficserver.plugins.*.argarguments to pass to the plugin
Type: string
Default: ""
Example: "--header=ATS-My-Debug"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/trafficserver/default.nix>
|
services.trafficserver.plugins.*.pathPath to plugin. The path can either be absolute, or relative to the plugin directory.
Type: string
Example: "xdebug.so"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/trafficserver/default.nix>
|
services.trafficserver.recordsList of configurable variables used by Traffic Server.
Consult the upstream documentation for more details.
Type: Traffic Server records value
Default: { }
Example:
{
proxy = {
config = {
proxy_name = "my_server";
};
};
}Declared by:
<nixpkgs/nixos/modules/services/web-servers/trafficserver/default.nix>
|
services.trafficserver.remapURL remapping rules used by Traffic Server.
Consult the upstream documentation for more details.
Type: strings concatenated with "\n"
Default: ""
Example: "map http://from.example http://origin.example"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/trafficserver/default.nix>
|
services.trafficserver.sniConfigure aspects of TLS connection handling for both inbound and outbound connections.
Consult the upstream documentation for more details.
Type: null or YAML value
Default: null
Example:
{
sni = [{
fqdn = "no-http2.example.com";
https = "off";
}];
}
Declared by:
<nixpkgs/nixos/modules/services/web-servers/trafficserver/default.nix>
|
services.trafficserver.splitDnsSpecify the DNS server that Traffic Server should use under specific conditions.
Consult the upstream documentation for more details.
Type: strings concatenated with "\n"
Default: ""
Example:
'' dest_domain=internal.corp.example named="255.255.255.255:212 255.255.255.254" def_domain=corp.example search_list="corp.example corp1.example" dest_domain=!internal.corp.example named=255.255.255.253 ''
Declared by:
<nixpkgs/nixos/modules/services/web-servers/trafficserver/default.nix>
|
services.trafficserver.sslMulticertConfigure SSL server certificates to terminate the SSL sessions.
Consult the upstream documentation for more details.
Type: strings concatenated with "\n"
Default: ""
Example: "dest_ip=* ssl_cert_name=default.pem"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/trafficserver/default.nix>
|
services.trafficserver.storageList all the storage that make up the Traffic Server cache.
Consult the upstream documentation for more details.
Type: strings concatenated with "\n"
Default: "/var/cache/trafficserver 256M"
Example: "/dev/disk/by-id/XXXXX volume=1"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/trafficserver/default.nix>
|
services.trafficserver.strategiesSpecify the next hop proxies used in an cache hierarchy and the algorithms used to select the next proxy.
Consult the upstream documentation for more details.
Type: null or YAML value
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-servers/trafficserver/default.nix>
|
services.trafficserver.volumeManage cache space more efficiently and restrict disk usage by creating cache volumes of different sizes.
Consult the upstream documentation for more details.
Type: null or YAML value
Default: ""
Example: "volume=1 scheme=http size=20%"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/trafficserver/default.nix>
|
services.transmission.enableWhether to enable the headless Transmission BitTorrent daemon.
Transmission daemon can be controlled via the RPC interface using transmission-remote, the WebUI (http://127.0.0.1:9091/ by default), or other clients like stig or tremc.
Torrents are downloaded to services.transmission.home/Downloads by default and are
accessible to users in the "transmission" group.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/torrent/transmission.nix>
|
services.transmission.packageThe transmission package to use.
Type: package
Default: pkgs.transmission
Declared by:
<nixpkgs/nixos/modules/services/torrent/transmission.nix>
|
services.transmission.credentialsFilePath to a JSON file to be merged with the settings.
Useful to merge a file which is better kept out of the Nix store
to set secret config parameters like rpc-password.
Type: path
Default: "/dev/null"
Example: "/var/lib/secrets/transmission/settings.json"
Declared by:
<nixpkgs/nixos/modules/services/torrent/transmission.nix>
|
services.transmission.downloadDirPermissionsIf not null, is used as the permissions
set by systemd.activationScripts.transmission-daemon
on the directories services.transmission.settings.download-dir,
services.transmission.settings.incomplete-dir.
and services.transmission.settings.watch-dir.
Note that you may also want to change
services.transmission.settings.umask.
Type: null or string
Default: null
Example: "770"
Declared by:
<nixpkgs/nixos/modules/services/torrent/transmission.nix>
|
services.transmission.extraFlagsExtra flags passed to the transmission command in the service definition.
Type: list of string
Default: [ ]
Example:
[ "--log-debug" ]
Declared by:
<nixpkgs/nixos/modules/services/torrent/transmission.nix>
|
services.transmission.groupGroup account under which Transmission runs.
Type: string
Default: "transmission"
Declared by:
<nixpkgs/nixos/modules/services/torrent/transmission.nix>
|
services.transmission.homeThe directory where Transmission will create .config/transmission-daemon.
as well as Downloads/ unless
services.transmission.settings.download-dir is changed,
and .incomplete/ unless
services.transmission.settings.incomplete-dir is changed.
Type: path
Default: "/var/lib/transmission"
Declared by:
<nixpkgs/nixos/modules/services/torrent/transmission.nix>
|
services.transmission.openFirewallAlias of services.transmission.openPeerPorts.
Type: boolean
Declared by:
<nixpkgs/nixos/modules/services/torrent/transmission.nix>
|
services.transmission.openPeerPortsWhether to enable opening of the peer port(s) in the firewall.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/torrent/transmission.nix>
|
services.transmission.openRPCPortWhether to enable opening of the RPC port in the firewall.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/torrent/transmission.nix>
|
services.transmission.performanceNetParametersWhether to enable tweaking of kernel parameters to open many more connections at the same time.
Note that you may also want to increase
peer-limit-global.
And be aware that these settings are quite aggressive
and might not suite your regular desktop use.
For instance, SSH sessions may time out more easily.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/torrent/transmission.nix>
|
services.transmission.settingsSettings whose options overwrite fields in
.config/transmission-daemon/settings.json
(each time the service starts).
See Transmission's Wiki for documentation of settings not explicitly covered by this module.
Type: JSON value
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/torrent/transmission.nix>
|
services.transmission.settings.download-dirDirectory where to download torrents.
Type: path
Default: "${config.services.transmission.home}/Downloads"
Declared by:
<nixpkgs/nixos/modules/services/torrent/transmission.nix>
|
services.transmission.settings.incomplete-dirWhen enabled with
services.transmission.home
services.transmission.settings.incomplete-dir-enabled,
new torrents will download the files to this directory.
When complete, the files will be moved to download-dir
services.transmission.settings.download-dir.
Type: path
Default: "${config.services.transmission.home}/.incomplete"
Declared by:
<nixpkgs/nixos/modules/services/torrent/transmission.nix>
|
services.transmission.settings.incomplete-dir-enabled
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/torrent/transmission.nix>
|
services.transmission.settings.message-levelSet verbosity of transmission messages.
Type: integer between 0 and 3 (both inclusive)
Default: 2
Declared by:
<nixpkgs/nixos/modules/services/torrent/transmission.nix>
|
services.transmission.settings.peer-portThe peer port to listen for incoming connections.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 51413
Declared by:
<nixpkgs/nixos/modules/services/torrent/transmission.nix>
|
services.transmission.settings.peer-port-random-highThe maximum peer port to listen to for incoming connections
when services.transmission.settings.peer-port-random-on-start is enabled.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 65535
Declared by:
<nixpkgs/nixos/modules/services/torrent/transmission.nix>
|
services.transmission.settings.peer-port-random-lowThe minimal peer port to listen to for incoming connections
when services.transmission.settings.peer-port-random-on-start is enabled.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 65535
Declared by:
<nixpkgs/nixos/modules/services/torrent/transmission.nix>
|
services.transmission.settings.peer-port-random-on-startRandomize the peer port.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/torrent/transmission.nix>
|
services.transmission.settings.rpc-bind-addressWhere to listen for RPC connections.
Use 0.0.0.0 to listen on all interfaces.
Type: string
Default: "127.0.0.1"
Example: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/torrent/transmission.nix>
|
services.transmission.settings.rpc-portThe RPC port to listen to.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9091
Declared by:
<nixpkgs/nixos/modules/services/torrent/transmission.nix>
|
services.transmission.settings.script-torrent-done-enabledWhether to run
services.transmission.settings.script-torrent-done-filename
at torrent completion.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/torrent/transmission.nix>
|
services.transmission.settings.script-torrent-done-filenameExecutable to be run at torrent completion.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/torrent/transmission.nix>
|
services.transmission.settings.trash-original-torrent-filesWhether to delete torrents added from the
services.transmission.settings.watch-dir.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/torrent/transmission.nix>
|
services.transmission.settings.umaskSets transmission's file mode creation mask. See the umask(2) manpage for more information. Users who want their saved torrents to be world-writable may want to set this value to 0. Bear in mind that the json markup language only accepts numbers in base 10, so the standard umask(2) octal notation "022" is written in settings.json as 18.
Type: signed integer
Default: 2
Declared by:
<nixpkgs/nixos/modules/services/torrent/transmission.nix>
|
services.transmission.settings.utp-enabledWhether to enable Micro Transport Protocol (µTP).
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/torrent/transmission.nix>
|
services.transmission.settings.watch-dirWatch a directory for torrent files and add them to transmission.
Type: path
Default: "${config.services.transmission.home}/watchdir"
Declared by:
<nixpkgs/nixos/modules/services/torrent/transmission.nix>
|
services.transmission.settings.watch-dir-enabledWhether to enable the
services.transmission.settings.watch-dir.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/torrent/transmission.nix>
|
services.transmission.userUser account under which Transmission runs.
Type: string
Default: "transmission"
Declared by:
<nixpkgs/nixos/modules/services/torrent/transmission.nix>
|
services.tremor-rs.enableWhether to enable Tremor event- or stream-processing system.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/tremor-rs.nix>
|
services.tremor-rs.hostThe host tremor should be listening on
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/tremor-rs.nix>
|
services.tremor-rs.loggerSettingsTremor logger configuration
Type: YAML value
Default:
{
refresh_rate = "30 seconds";
appenders.stdout.kind = "console";
root = {
level = "warn";
appenders = [ "stdout" ];
};
loggers = {
tremor_runtime = {
level = "debug";
appenders = [ "stdout" ];
additive = false;
};
tremor = {
level = "debug";
appenders = [ "stdout" ];
additive = false;
};
};
}
Example:
{
appenders = {
stdout = {
kind = "console";
};
};
loggers = {
tremor = {
additive = false;
appenders = [
"stdout"
];
level = "debug";
};
tremor_runtime = {
additive = false;
appenders = [
"stdout"
];
level = "debug";
};
};
refresh_rate = "30 seconds";
root = {
appenders = [
"stdout"
];
level = "warn";
};
}Declared by:
<nixpkgs/nixos/modules/services/monitoring/tremor-rs.nix>
|
services.tremor-rs.portthe port tremor should be listening on
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9898
Declared by:
<nixpkgs/nixos/modules/services/monitoring/tremor-rs.nix>
|
services.tremor-rs.tremorLibDirDirectory where to find /lib containing tremor script files
Type: path
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/tremor-rs.nix>
|
services.tremor-rs.troyFileListList of troy files to load.
Type: list of path
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/tremor-rs.nix>
|
services.trezord.enableEnable Trezor bridge daemon, for use with Trezor hardware bitcoin wallets.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/hardware/trezord.nix>
|
services.trezord.emulator.enableEnable Trezor emulator support.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/hardware/trezord.nix>
|
services.trezord.emulator.portListening port for the Trezor emulator.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 21324
Declared by:
<nixpkgs/nixos/modules/services/hardware/trezord.nix>
|
services.trickster.enableEnable Trickster.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/trickster.nix>
|
services.trickster.packagePackage that should be used for trickster.
Type: package
Default: pkgs.trickster
Declared by:
<nixpkgs/nixos/modules/services/networking/trickster.nix>
|
services.trickster.configFilePath to configuration file.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/trickster.nix>
|
services.trickster.instance-idInstance ID for when running multiple processes (default null).
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/trickster.nix>
|
services.trickster.log-levelLevel of Logging to use (debug, info, warn, error) (default "info").
Type: string
Default: "info"
Declared by:
<nixpkgs/nixos/modules/services/networking/trickster.nix>
|
services.trickster.metrics-portPort that the /metrics endpoint will listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8082
Declared by:
<nixpkgs/nixos/modules/services/networking/trickster.nix>
|
services.trickster.origin-typeType of origin (prometheus, influxdb)
Type: one of "prometheus", "influxdb"
Default: "prometheus"
Declared by:
<nixpkgs/nixos/modules/services/networking/trickster.nix>
|
services.trickster.origin-urlURL to the Origin. Enter it like you would in grafana, e.g., http://prometheus:9090 (default http://prometheus:9090).
Type: string
Default: "http://prometheus:9090"
Declared by:
<nixpkgs/nixos/modules/services/networking/trickster.nix>
|
services.trickster.profiler-portPort that the /debug/pprof endpoint will listen on.
Type: null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/trickster.nix>
|
services.trickster.proxy-portPort that the Proxy server will listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9090
Declared by:
<nixpkgs/nixos/modules/services/networking/trickster.nix>
|
services.triggerhappy.enableWhether to enable the triggerhappy hotkey daemon.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/hardware/triggerhappy.nix>
|
services.triggerhappy.bindingsKey bindings for triggerhappy.
Type: list of (submodule)
Default: [ ]
Example:
[ { keys = ["PLAYPAUSE"]; cmd = "${pkgs.mpc-cli}/bin/mpc -q toggle"; } ]
Declared by:
<nixpkgs/nixos/modules/services/hardware/triggerhappy.nix>
|
services.triggerhappy.bindings.*.cmdWhat to run.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/hardware/triggerhappy.nix>
|
services.triggerhappy.bindings.*.eventEvent to match.
Type: one of "press", "hold", "release"
Default: "press"
Declared by:
<nixpkgs/nixos/modules/services/hardware/triggerhappy.nix>
|
services.triggerhappy.bindings.*.keysList of keys to match. Key names as defined in linux/input-event-codes.h
Type: list of string
Declared by:
<nixpkgs/nixos/modules/services/hardware/triggerhappy.nix>
|
services.triggerhappy.extraConfigLiteral contents to append to the end of triggerhappy configuration file.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/hardware/triggerhappy.nix>
|
services.triggerhappy.userUser account under which triggerhappy runs.
Type: string
Default: "nobody"
Example: "root"
Declared by:
<nixpkgs/nixos/modules/services/hardware/triggerhappy.nix>
|
services.trilium-server.enableWhether to enable trilium-server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/trilium.nix>
|
services.trilium-server.dataDirThe directory storing the notes database and the configuration.
Type: string
Default: "/var/lib/trilium"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/trilium.nix>
|
services.trilium-server.hostThe host address to bind to (defaults to localhost).
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/trilium.nix>
|
services.trilium-server.instanceNameInstance name used to distinguish between different instances
Type: string
Default: "Trilium"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/trilium.nix>
|
services.trilium-server.nginxConfiguration for nginx reverse proxy.
Type: submodule
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/web-apps/trilium.nix>
|
services.trilium-server.nginx.enableConfigure the nginx reverse proxy settings.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/trilium.nix>
|
services.trilium-server.nginx.hostNameThe hostname use to setup the virtualhost configuration
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/trilium.nix>
|
services.trilium-server.noAuthenticationIf set to true, no password is required to access the web frontend.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/trilium.nix>
|
services.trilium-server.noBackupDisable periodic database backups.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/trilium.nix>
|
services.trilium-server.portThe port number to bind to.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8080
Declared by:
<nixpkgs/nixos/modules/services/web-apps/trilium.nix>
|
services.tsmBackup.enableWhether to enable automatic backups with the
IBM Spectrum Protect (Tivoli Storage Manager, TSM) client.
This also enables
programs.tsmClient.enable
.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/backup/tsm.nix>
|
services.tsmBackup.autoTimeThe backup service will be invoked
automatically at the given date/time,
which must be in the format described in
systemd.time(5).
The default null
disables automatic backups.
Type: null or non-empty string
Default: null
Example: "12:00"
Declared by:
<nixpkgs/nixos/modules/services/backup/tsm.nix>
|
services.tsmBackup.commandThe actual command passed to the
dsmc executable to start the backup.
Type: non-empty string
Default: "backup"
Example: "incr"
Declared by:
<nixpkgs/nixos/modules/services/backup/tsm.nix>
|
services.tsmBackup.servernameCreate a systemd system service
tsm-backup.service that starts
a backup based on the given servername's stanza.
Note that this server's
passwdDir will default to
/var/lib/tsm-backup/password
(but may be overridden);
also, the service will use
/var/lib/tsm-backup as
HOME when calling
dsmc.
Type: non-empty string
Example: "mainTsmServer"
Declared by:
<nixpkgs/nixos/modules/services/backup/tsm.nix>
|
services.tt-rss.enableWhether to enable tt-rss.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
|
services.tt-rss.enableGZipOutputSelectively gzip output to improve wire performance. This requires PHP Zlib extension on the server. Enabling this can break tt-rss in several httpd/php configurations, if you experience weird errors and tt-rss failing to start, blank pages after login, or content encoding errors, disable it.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
|
services.tt-rss.auth.autoCreateAllow authentication modules to auto-create users in tt-rss internal database when authenticated successfully.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
|
services.tt-rss.auth.autoLoginAutomatically login user on remote or other kind of externally supplied authentication, otherwise redirect to login form as normal. If set to true, users won't be able to set application language and settings profile.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
|
services.tt-rss.database.createLocallyCreate the database and database user locally.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
|
services.tt-rss.database.hostHost of the database. Leave null to use Unix domain socket.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
|
services.tt-rss.database.nameName of the existing database.
Type: string
Default: "tt_rss"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
|
services.tt-rss.database.passwordThe database user's password.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
|
services.tt-rss.database.passwordFileThe database user's password.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
|
services.tt-rss.database.portThe database's port. If not set, the default ports will be provided (5432 and 3306 for pgsql and mysql respectively).
Type: null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
|
services.tt-rss.database.typeDatabase to store feeds. Supported are pgsql and mysql.
Type: one of "pgsql", "mysql"
Default: "pgsql"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
|
services.tt-rss.database.userThe database user. The user must exist and has access to the specified database.
Type: string
Default: "tt_rss"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
|
services.tt-rss.email.digestSubjectSubject line for email digests.
Type: string
Default: "[tt-rss] New headlines for last 24 hours"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
|
services.tt-rss.email.fromAddressAddress for sending outgoing mail. This applies to password reset notifications, digest emails and any other mail.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
|
services.tt-rss.email.fromNameName for sending outgoing mail. This applies to password reset notifications, digest emails and any other mail.
Type: string
Default: "Tiny Tiny RSS"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
|
services.tt-rss.email.loginSMTP authentication login used when sending outgoing mail.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
|
services.tt-rss.email.passwordSMTP authentication password used when sending outgoing mail.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
|
services.tt-rss.email.securityUsed to select a secure SMTP connection. Allowed values: ssl, tls, or empty.
Type: one of "", "ssl", "tls"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
|
services.tt-rss.email.serverHostname:port combination to send outgoing mail. Blank - use system MTA.
Type: string
Default: ""
Example: "localhost:25"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
|
services.tt-rss.extraConfigAdditional lines to append to config.php.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
|
services.tt-rss.feedCryptKeyKey used for encryption of passwords for password-protected feeds in the database. A string of 24 random characters. If left blank, encryption is not used. Requires mcrypt functions. Warning: changing this key will make your stored feed passwords impossible to decrypt.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
|
services.tt-rss.forceArticlePurgeWhen this option is not 0, users ability to control feed purging intervals is disabled and all articles (which are not starred) older than this amount of days are purged.
Type: signed integer
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
|
services.tt-rss.logDestinationLog destination to use. Possible values: sql (uses internal logging you can read in Preferences -> System), syslog - logs to system log. Setting this to blank uses PHP logging (usually to http server error.log).
Type: one of "", "sql", "syslog"
Default: "sql"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
|
services.tt-rss.pluginPackagesList of plugins to install. The list elements are expected to
be derivations. All elements in this derivation are automatically
copied to the plugins.local directory.
Type: list of package
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
|
services.tt-rss.pluginsList of plugins to load automatically for all users. System plugins have to be specified here. Please enable at least one authentication plugin here (auth_*). Users may enable other user plugins from Preferences/Plugins but may not disable plugins specified in this list. Disabling auth_internal in this list would automatically disable reset password link on the login form.
Type: list of string
Default:
[ "auth_internal" "note" ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
|
services.tt-rss.poolName of existing phpfpm pool that is used to run web-application. If not specified a pool will be created automatically with default values.
Type: string
Default: "tt-rss"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
|
services.tt-rss.pubSubHubbub.enableEnable client PubSubHubbub support in tt-rss. When disabled, tt-rss won't try to subscribe to PUSH feed updates.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
|
services.tt-rss.pubSubHubbub.hubURL to a PubSubHubbub-compatible hub server. If defined, "Published articles" generated feed would automatically become PUSH-enabled.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
|
services.tt-rss.registration.enableAllow users to register themselves. Please be aware that allowing random people to access your tt-rss installation is a security risk and potentially might lead to data loss or server exploit. Disabled by default.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
|
services.tt-rss.registration.maxUsersMaximum amount of users which will be allowed to register on this system. 0 - no limit.
Type: signed integer
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
|
services.tt-rss.registration.notifyAddressEmail address to send new user notifications to.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
|
services.tt-rss.rootRoot of the application.
Type: path
Default: "/var/lib/tt-rss"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
|
services.tt-rss.selfUrlPathFull URL of your tt-rss installation. This should be set to the location of tt-rss directory, e.g. http://example.org/tt-rss/ You need to set this option correctly otherwise several features including PUSH, bookmarklets and browser integration will not work properly.
Type: string
Example: "http://localhost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
|
services.tt-rss.sessionCookieLifetimeDefault lifetime of a session (e.g. login) cookie. In seconds, 0 means cookie will be deleted when browser closes.
Type: signed integer
Default: 86400
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
|
services.tt-rss.simpleUpdateModeEnables fallback update mode where tt-rss tries to update feeds in background while tt-rss is open in your browser. If you don't have a lot of feeds and don't want to or can't run background processes while not running tt-rss, this method is generally viable to keep your feeds up to date. Still, there are more robust (and recommended) updating methods available, you can read about them here: http://tt-rss.org/wiki/UpdatingFeeds
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
|
services.tt-rss.singleUserModeOperate in single user mode, disables all functionality related to multiple users and authentication. Enabling this assumes you have your tt-rss directory protected by other means (e.g. http auth).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
|
services.tt-rss.sphinx.indexIndex names in Sphinx configuration. Example configuration files are available on tt-rss wiki.
Type: list of string
Default:
[ "ttrss" "delta" ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
|
services.tt-rss.sphinx.serverHostname:port combination for the Sphinx server.
Type: string
Default: "localhost:9312"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
|
services.tt-rss.themePackagesList of themes to install. The list elements are expected to
be derivations. All elements in this derivation are automatically
copied to the themes.local directory.
Type: list of package
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
|
services.tt-rss.userUser account under which both the update daemon and the web-application run.
Type: string
Default: "tt_rss"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
|
services.tt-rss.virtualHostName of the nginx virtualhost to use and setup. If null, do not setup any virtualhost.
Type: null or string
Default: "tt-rss"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/tt-rss.nix>
|
services.ttyd.enableWhether to enable ttyd daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-servers/ttyd.nix>
|
services.ttyd.enableIPv6Whether or not to enable IPv6 support.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/ttyd.nix>
|
services.ttyd.enableSSLWhether or not to enable SSL (https) support.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/ttyd.nix>
|
services.ttyd.caFileSSL CA file path for client certificate verification.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-servers/ttyd.nix>
|
services.ttyd.certFileSSL certificate file path.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-servers/ttyd.nix>
|
services.ttyd.checkOriginWhether to allow a websocket connection from a different origin.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/ttyd.nix>
|
services.ttyd.clientOptionsAttribute set of client options for xtermjs. https://xtermjs.org/docs/api/terminal/interfaces/iterminaloptions/
Type: attribute set of string
Default: { }
Example:
{
fontSize = "16";
fontFamily = "Fira Code";
}Declared by:
<nixpkgs/nixos/modules/services/web-servers/ttyd.nix>
|
services.ttyd.indexFileCustom index.html path
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-servers/ttyd.nix>
|
services.ttyd.interfaceNetwork interface to bind.
Type: null or string
Default: null
Example: "eth0"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/ttyd.nix>
|
services.ttyd.keyFileSSL key file path.
For insecurely putting the keyFile in the globally readable store use
pkgs.writeText "ttydKeyFile" "SSLKEY".
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-servers/ttyd.nix>
|
services.ttyd.logLevelSet log level.
Type: signed integer
Default: 7
Declared by:
<nixpkgs/nixos/modules/services/web-servers/ttyd.nix>
|
services.ttyd.maxClientsMaximum clients to support (0, no limit)
Type: signed integer
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/web-servers/ttyd.nix>
|
services.ttyd.passwordFileFile containing the password to use for basic authentication.
For insecurely putting the password in the globally readable store use
pkgs.writeText "ttydpw" "MyPassword".
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-servers/ttyd.nix>
|
services.ttyd.portPort to listen on (use 0 for random port)
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 7681
Declared by:
<nixpkgs/nixos/modules/services/web-servers/ttyd.nix>
|
services.ttyd.signalSignal to send to the command on session close.
Type: 8 bit unsigned integer; between 0 and 255 (both inclusive)
Default: 1
Declared by:
<nixpkgs/nixos/modules/services/web-servers/ttyd.nix>
|
services.ttyd.socketUNIX domain socket path to bind.
Type: null or path
Default: null
Example: "/var/run/ttyd.sock"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/ttyd.nix>
|
services.ttyd.terminalTypeTerminal type to report.
Type: string
Default: "xterm-256color"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/ttyd.nix>
|
services.ttyd.usernameUsername for basic authentication.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-servers/ttyd.nix>
|
services.tumbler.enableWhether to enable Tumbler, A D-Bus thumbnailer service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/desktops/tumbler.nix>
|
services.tuptime.enableWhether to enable the total uptime service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/tuptime.nix>
|
services.tuptime.timer.enableWhether to regularly log uptime to detect bad shutdowns.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/tuptime.nix>
|
services.tuptime.timer.periodsystemd calendar event
Type: string
Default: "*:0/5"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/tuptime.nix>
|
services.tvheadend.enableWhether to enable Tvheadend.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/tvheadend.nix>
|
services.tvheadend.htspPortPort to bind HTSP to.
Type: signed integer
Default: 9982
Declared by:
<nixpkgs/nixos/modules/services/networking/tvheadend.nix>
|
services.tvheadend.httpPortPort to bind HTTP to.
Type: signed integer
Default: 9981
Declared by:
<nixpkgs/nixos/modules/services/networking/tvheadend.nix>
|
services.twingate.enableWhether to enable Twingate Client daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/twingate.nix>
|
services.tzupdate.enableEnable the tzupdate timezone updating service. This provides a one-shot service which can be activated with systemctl to update the timezone.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/tzupdate.nix>
|
services.u9fs.enableWhether to run the u9fs 9P server for Unix.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/u9fs.nix>
|
services.u9fs.extraArgsExtra arguments to pass on invocation, see man 4 u9fs
Type: string
Default: ""
Example: "-a none"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/u9fs.nix>
|
services.u9fs.listenStreamsSockets to listen for clients on. See man 5 systemd.socket for socket syntax.
Type: list of string
Default:
[ "564" ]
Example:
[ "192.168.16.1:564" ]
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/u9fs.nix>
|
services.u9fs.userUser to run u9fs under.
Type: string
Default: "nobody"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/u9fs.nix>
|
services.udev.enableWhether to enable udev.
Type: boolean
Default: true
Example: true
Declared by:
<nixpkgs/nixos/modules/services/hardware/udev.nix>
|
services.udev.packagesList of packages containing udev rules.
All files found in
«pkg»/etc/udev/rules.d and
«pkg»/lib/udev/rules.d
will be included.
Type: list of path
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/hardware/udev.nix>
|
services.udev.extraHwdbAdditional hwdb files. They'll be written
into file 99-local.hwdb. Thus they are
read after all other files.
Type: strings concatenated with "\n"
Default: ""
Example:
''
evdev:input:b0003v05AFp8277*
KEYBOARD_KEY_70039=leftalt
KEYBOARD_KEY_700e2=leftctrl
''Declared by:
<nixpkgs/nixos/modules/services/hardware/udev.nix>
|
services.udev.extraRulesAdditional udev rules. They'll be written
into file 99-local.rules. Thus they are
read and applied after all other rules.
Type: strings concatenated with "\n"
Default: ""
Example:
''
ENV{ID_VENDOR_ID}=="046d", ENV{ID_MODEL_ID}=="0825", ENV{PULSE_IGNORE}="1"
''Declared by:
<nixpkgs/nixos/modules/services/hardware/udev.nix>
|
services.udev.pathPackages added to the PATH environment variable when
executing programs from Udev rules.
Type: list of path
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/hardware/udev.nix>
|
services.udisks2.enableWhether to enable udisks2, a DBus service that allows applications to query and manipulate storage devices..
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/hardware/udisks2.nix>
|
services.udisks2.settingsOptions passed to udisksd. See here and drive configuration in here for supported options.
Type: attribute set of attribute set of attribute set of (INI atom (null, bool, int, float or string) or a non-empty list of them)
Default:
{
"udisks2.conf" = {
defaults = {
encryption = "luks2";
};
udisks2 = {
modules = [
"*"
];
modules_load_preference = "ondemand";
};
};
}Example:
{
"WDC-WD10EZEX-60M2NA0-WD-WCC3F3SJ0698.conf" = {
ATA = {
StandbyTimeout = 50;
};
};
};
Declared by:
<nixpkgs/nixos/modules/services/hardware/udisks2.nix>
|
services.uhubUhub ADC hub instances
Type: attribute set of (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/misc/uhub.nix>
|
services.uhub.<name>.enableWhether to enable hub instance.
Type: boolean
Default: true
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/uhub.nix>
|
services.uhub.<name>.enableTLSWhether to enable TLS support.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/uhub.nix>
|
services.uhub.<name>.pluginsUhub plugin configuration.
Type: list of (submodule)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/misc/uhub.nix>
|
services.uhub.<name>.plugins.*.pluginPath to plugin file.
Type: path
Example: $${pkgs.uhub}/plugins/mod_auth_sqlite.so
Declared by:
<nixpkgs/nixos/modules/services/misc/uhub.nix>
|
services.uhub.<name>.plugins.*.settingsSettings specific to this plugin.
Type: attribute set of string
Example:
{
file = "/etc/uhub/users.db";
}Declared by:
<nixpkgs/nixos/modules/services/misc/uhub.nix>
|
services.uhub.<name>.settingsConfiguration of uhub. See https://www.uhub.org/doc/config.php for a list of options.
Type: attribute set of (boolean or signed integer or string)
Default: { }
Example:
{
hub_description = "Yet another ADC hub";
hub_name = "My Public Hub";
max_users = 150;
server_bind_addr = "any";
server_port = 1511;
}Declared by:
<nixpkgs/nixos/modules/services/misc/uhub.nix>
|
services.unbound.enableWhether to enable Unbound domain name server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/unbound.nix>
|
services.unbound.enableRootTrustAnchorUse and update root trust anchor for DNSSEC validation.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/unbound.nix>
|
services.unbound.packageThe unbound package to use
Type: package
Default: pkgs.unbound-with-systemd
Declared by:
<nixpkgs/nixos/modules/services/networking/unbound.nix>
|
services.unbound.groupGroup under which unbound runs.
Type: string
Default: "unbound"
Declared by:
<nixpkgs/nixos/modules/services/networking/unbound.nix>
|
services.unbound.localControlSocketPathWhen not set to null this option defines the path
at which the unbound remote control socket should be created at. The
socket will be owned by the unbound user (unbound)
and group will be nogroup.
Users that should be permitted to access the socket must be in the
config.services.unbound.group group.
If this option is null remote control will not be
enabled. Unbounds default values apply.
Type: null or string
Default: null
Example: "/run/unbound/unbound.ctl"
Declared by:
<nixpkgs/nixos/modules/services/networking/unbound.nix>
|
services.unbound.resolveLocalQueriesWhether unbound should resolve local queries (i.e. add 127.0.0.1 to /etc/resolv.conf).
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/unbound.nix>
|
services.unbound.settingsDeclarative Unbound configuration See the unbound.conf(5) manpage for a list of available options.
Type: unbound.conf configuration type. The format consist of an attribute set of settings. Each settings can be either one value, a list of values or an attribute set. The allowed values are integers, strings, booleans or floats.
Default: { }
Example:
{
server = {
interface = [ "127.0.0.1" ];
};
forward-zone = [
{
name = ".";
forward-addr = "1.1.1.1@853#cloudflare-dns.com";
}
{
name = "example.org.";
forward-addr = [
"1.1.1.1@853#cloudflare-dns.com"
"1.0.0.1@853#cloudflare-dns.com"
];
}
];
remote-control.control-enable = true;
};
Declared by:
<nixpkgs/nixos/modules/services/networking/unbound.nix>
|
services.unbound.stateDirDirectory holding all state for unbound to run.
Type: path
Default: "/var/lib/unbound"
Declared by:
<nixpkgs/nixos/modules/services/networking/unbound.nix>
|
services.unbound.userUser account under which unbound runs.
Type: string
Default: "unbound"
Declared by:
<nixpkgs/nixos/modules/services/networking/unbound.nix>
|
services.unclutter.enableEnable unclutter to hide your mouse cursor when inactive
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/unclutter.nix>
|
services.unclutter.packageunclutter derivation to use.
Type: package
Default: pkgs.unclutter
Declared by:
<nixpkgs/nixos/modules/services/x11/unclutter.nix>
|
services.unclutter.excludedNames of windows where unclutter should not apply
Type: list of string
Default: [ ]
Example:
[ "" ]
Declared by:
<nixpkgs/nixos/modules/services/x11/unclutter.nix>
|
services.unclutter.extraOptionsMore arguments to pass to the unclutter command
Type: list of string
Default: [ ]
Example:
[ "noevent" "grab" ]
Declared by:
<nixpkgs/nixos/modules/services/x11/unclutter.nix>
|
services.unclutter.keystrokeWait for a keystroke before hiding the cursor
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/unclutter.nix>
|
services.unclutter.thresholdMinimum number of pixels considered cursor movement
Type: signed integer
Default: 1
Declared by:
<nixpkgs/nixos/modules/services/x11/unclutter.nix>
|
services.unclutter.timeoutNumber of seconds before the cursor is marked inactive
Type: signed integer
Default: 1
Declared by:
<nixpkgs/nixos/modules/services/x11/unclutter.nix>
|
services.unclutter-xfixes.enableEnable unclutter-xfixes to hide your mouse cursor when inactive.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/unclutter-xfixes.nix>
|
services.unclutter-xfixes.packageunclutter-xfixes derivation to use.
Type: package
Default: pkgs.unclutter-xfixes
Declared by:
<nixpkgs/nixos/modules/services/x11/unclutter-xfixes.nix>
|
services.unclutter-xfixes.extraOptionsMore arguments to pass to the unclutter-xfixes command.
Type: list of string
Default: [ ]
Example:
[ "exclude-root" "ignore-scrolling" "fork" ]
Declared by:
<nixpkgs/nixos/modules/services/x11/unclutter-xfixes.nix>
|
services.unclutter-xfixes.thresholdMinimum number of pixels considered cursor movement.
Type: signed integer
Default: 1
Declared by:
<nixpkgs/nixos/modules/services/x11/unclutter-xfixes.nix>
|
services.unclutter-xfixes.timeoutNumber of seconds before the cursor is marked inactive.
Type: signed integer
Default: 1
Declared by:
<nixpkgs/nixos/modules/services/x11/unclutter-xfixes.nix>
|
services.undervolt.enableWhether to enable Undervolting service for Intel CPUs.
Warning: This service is not endorsed by Intel and may permanently damage your hardware. Use at your own risk! .
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/hardware/undervolt.nix>
|
services.undervolt.packageundervolt derivation to use.
Type: package
Default: pkgs.undervolt
Declared by:
<nixpkgs/nixos/modules/services/hardware/undervolt.nix>
|
services.undervolt.analogioOffsetThe amount of voltage in mV to offset analogio by.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/hardware/undervolt.nix>
|
services.undervolt.coreOffsetThe amount of voltage in mV to offset the CPU cores by.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/hardware/undervolt.nix>
|
services.undervolt.gpuOffsetThe amount of voltage in mV to offset the GPU by.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/hardware/undervolt.nix>
|
services.undervolt.p1.limitThe P1 Power Limit in Watts. Both limit and window must be set.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/hardware/undervolt.nix>
|
services.undervolt.p1.windowThe P1 Time Window in seconds. Both limit and window must be set.
Type: null or floating point number or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/hardware/undervolt.nix>
|
services.undervolt.p2.limitThe P2 Power Limit in Watts. Both limit and window must be set.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/hardware/undervolt.nix>
|
services.undervolt.p2.windowThe P2 Time Window in seconds. Both limit and window must be set.
Type: null or floating point number or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/hardware/undervolt.nix>
|
services.undervolt.tempThe temperature target in Celsius degrees.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/hardware/undervolt.nix>
|
services.undervolt.tempAcThe temperature target on AC power in Celsius degrees.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/hardware/undervolt.nix>
|
services.undervolt.tempBatThe temperature target on battery power in Celsius degrees.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/hardware/undervolt.nix>
|
services.undervolt.uncoreOffsetThe amount of voltage in mV to offset uncore by.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/hardware/undervolt.nix>
|
services.undervolt.useTimerWhether to set a timer that applies the undervolt settings every 30s. This will cause spam in the journal but might be required for some hardware under specific conditions. Enable this if your undervolt settings don't hold.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/hardware/undervolt.nix>
|
services.undervolt.verboseWhether to enable verbose logging.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/hardware/undervolt.nix>
|
services.unifi.enableWhether or not to enable the unifi controller service.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/unifi.nix>
|
services.unifi.initialJavaHeapSizeSet the initial heap size for the JVM in MB. If this option isn't set, the JVM will decide this value at runtime.
Type: null or signed integer
Default: null
Example: 1024
Declared by:
<nixpkgs/nixos/modules/services/networking/unifi.nix>
|
services.unifi.jrePackageThe JRE package to use. Check the release notes to ensure it is supported.
Type: package
Default: if (lib.versionAtLeast (lib.getVersion cfg.unifiPackage) "7.3" then pkgs.jdk11 else pkgs.jre8
Declared by:
<nixpkgs/nixos/modules/services/networking/unifi.nix>
|
services.unifi.maximumJavaHeapSizeSet the maximum heap size for the JVM in MB. If this option isn't set, the JVM will decide this value at runtime.
Type: null or signed integer
Default: null
Example: 4096
Declared by:
<nixpkgs/nixos/modules/services/networking/unifi.nix>
|
services.unifi.mongodbPackageThe mongodb package to use.
Type: package
Default: pkgs.mongodb
Declared by:
<nixpkgs/nixos/modules/services/networking/unifi.nix>
|
services.unifi.openFirewallWhether or not to open the minimum required ports on the firewall.
This is necessary to allow firmware upgrades and device discovery to work. For remote login, you should additionally open (or forward) port 8443.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/unifi.nix>
|
services.unifi.unifiPackageThe unifi package to use.
Type: package
Default: pkgs.unifiLTS
Declared by:
<nixpkgs/nixos/modules/services/networking/unifi.nix>
|
services.unifi-video.enableWhether or not to enable the unifi-video service.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/video/unifi-video.nix>
|
services.unifi-video.dataDirWhere to store the database and other data.
Type: string
Default: "/var/lib/unifi-video/data"
Declared by:
<nixpkgs/nixos/modules/services/video/unifi-video.nix>
|
services.unifi-video.jrePackageThe JRE package to use. Check the release notes to ensure it is supported.
Type: package
Default: pkgs.jre8
Declared by:
<nixpkgs/nixos/modules/services/video/unifi-video.nix>
|
services.unifi-video.logDirWhere to store the logs.
Type: string
Default: "/var/lib/unifi-video/logs"
Declared by:
<nixpkgs/nixos/modules/services/video/unifi-video.nix>
|
services.unifi-video.maximumJavaHeapSizeSet the maximum heap size for the JVM in MB.
Type: null or signed integer
Default: 1024
Example: 4096
Declared by:
<nixpkgs/nixos/modules/services/video/unifi-video.nix>
|
services.unifi-video.mongodbPackageThe mongodb package to use.
Type: package
Default: pkgs.mongodb
Declared by:
<nixpkgs/nixos/modules/services/video/unifi-video.nix>
|
services.unifi-video.openFirewallWhether or not to open the required ports on the firewall.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/video/unifi-video.nix>
|
services.unifi-video.pidFileLocation of unifi-video pid file.
Type: path
Default: "${config.services.unifi-video.dataDir}/unifi-video.pid"
Declared by:
<nixpkgs/nixos/modules/services/video/unifi-video.nix>
|
services.unifi-video.unifiVideoPackageThe unifi-video package to use.
Type: package
Default: pkgs.unifi-video
Declared by:
<nixpkgs/nixos/modules/services/video/unifi-video.nix>
|
services.unit.enableWhether to enable Unit App Server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-servers/unit/default.nix>
|
services.unit.packageUnit package to use.
Type: package
Default: pkgs.unit
Declared by:
<nixpkgs/nixos/modules/services/web-servers/unit/default.nix>
|
services.unit.configUnit configuration in JSON format. More details here https://unit.nginx.org/configuration
Type: string
Default:
''
{
"listeners": {},
"applications": {}
}
''Example:
''
{
"listeners": {
"*:8300": {
"application": "example-php-72"
}
},
"applications": {
"example-php-72": {
"type": "php 7.2",
"processes": 4,
"user": "nginx",
"group": "nginx",
"root": "/var/www",
"index": "index.php",
"options": {
"file": "/etc/php.d/default.ini",
"admin": {
"max_execution_time": "30",
"max_input_time": "30",
"display_errors": "off",
"display_startup_errors": "off",
"open_basedir": "/dev/urandom:/proc/cpuinfo:/proc/meminfo:/etc/ssl/certs:/var/www",
"disable_functions": "exec,passthru,shell_exec,system"
}
}
}
}
}
''Declared by:
<nixpkgs/nixos/modules/services/web-servers/unit/default.nix>
|
services.unit.groupGroup account under which unit runs.
Type: string
Default: "unit"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/unit/default.nix>
|
services.unit.logDirUnit log directory.
Type: path
Default: "/var/log/unit"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/unit/default.nix>
|
services.unit.stateDirUnit data directory.
Type: path
Default: "/var/spool/unit"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/unit/default.nix>
|
services.unit.userUser account under which unit runs.
Type: string
Default: "unit"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/unit/default.nix>
|
services.unpoller.enableWhether to enable unpoller.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unpoller.nix>
|
services.unpoller.influxdb.dbDatabase name. Database should exist.
Type: string
Default: "unifi"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unpoller.nix>
|
services.unpoller.influxdb.disableWhether to disable the influxdb ouput plugin.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unpoller.nix>
|
services.unpoller.influxdb.intervalSetting this lower than the Unifi controller's refresh interval may lead to zeroes in your database.
Type: string
Default: "30s"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unpoller.nix>
|
services.unpoller.influxdb.passPath of a file containing the password for influxdb. This file needs to be readable by the unifi-poller user.
Type: path
Default: unpoller-influxdb-default.password
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unpoller.nix>
|
services.unpoller.influxdb.urlURL of the influxdb host.
Type: string
Default: "http://127.0.0.1:8086"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unpoller.nix>
|
services.unpoller.influxdb.userUsername for the influxdb.
Type: string
Default: "unifipoller"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unpoller.nix>
|
services.unpoller.influxdb.verify_sslVerify the influxdb's certificate.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unpoller.nix>
|
services.unpoller.loki.intervalHow often the events are polled and pushed to Loki.
Type: string
Default: "2m"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unpoller.nix>
|
services.unpoller.loki.passPath of a file containing the password for Loki. This file needs to be readable by the unifi-poller user.
Type: path
Default: "unpoller-influxdb-default.password"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unpoller.nix>
|
services.unpoller.loki.tenant_idTenant ID to use in Loki.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unpoller.nix>
|
services.unpoller.loki.timeoutShould be increased in case of timeout errors.
Type: string
Default: "10s"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unpoller.nix>
|
services.unpoller.loki.urlURL of the Loki host.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unpoller.nix>
|
services.unpoller.loki.userUsername for Loki.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unpoller.nix>
|
services.unpoller.loki.verify_sslVerify Loki's certificate.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unpoller.nix>
|
services.unpoller.poller.debugTurns on line numbers, microsecond logging, and a per-device log. This may be noisy if you have a lot of devices. It adds one line per device.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unpoller.nix>
|
services.unpoller.poller.pluginsLoad additional plugins.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unpoller.nix>
|
services.unpoller.poller.quietTurns off per-interval logs. Only startup and error logs will be emitted.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unpoller.nix>
|
services.unpoller.prometheus.disableWhether to disable the prometheus ouput plugin.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unpoller.nix>
|
services.unpoller.prometheus.http_listenBind the prometheus exporter to this IP or hostname.
Type: string
Default: "[::]:9130"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unpoller.nix>
|
services.unpoller.prometheus.report_errorsWhether to report errors.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unpoller.nix>
|
services.unpoller.unifi.controllersList of Unifi controllers to poll. Use defaults if empty.
Type: list of (submodule)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unpoller.nix>
|
services.unpoller.unifi.controllers.*.hash_piiHash, with md5, client names and MAC addresses. This attempts to protect personally identifiable information.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unpoller.nix>
|
services.unpoller.unifi.controllers.*.passPath of a file containing the password for the unifi service user. This file needs to be readable by the unifi-poller user.
Type: path
Default: unpoller-unifi-default.password
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unpoller.nix>
|
services.unpoller.unifi.controllers.*.save_alarmsCollect and save data from UniFi alarms to influxdb and Loki.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unpoller.nix>
|
services.unpoller.unifi.controllers.*.save_anomaliesCollect and save data from UniFi anomalies to influxdb and Loki.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unpoller.nix>
|
services.unpoller.unifi.controllers.*.save_dpiCollect and save data from deep packet inspection. Adds around 150 data points and impacts performance.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unpoller.nix>
|
services.unpoller.unifi.controllers.*.save_eventsCollect and save data from UniFi events to influxdb and Loki.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unpoller.nix>
|
services.unpoller.unifi.controllers.*.save_idsCollect and save data from the intrusion detection system to influxdb and Loki.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unpoller.nix>
|
services.unpoller.unifi.controllers.*.save_sitesCollect and save site data.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unpoller.nix>
|
services.unpoller.unifi.controllers.*.sitesList of site names for which statistics should be exported. Or the string "default" for the default site or the string "all" for all sites.
Type: one of "default", "all" or list of string
Default: "all"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unpoller.nix>
|
services.unpoller.unifi.controllers.*.urlURL of the Unifi controller.
Type: string
Default: "https://unifi:8443"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unpoller.nix>
|
services.unpoller.unifi.controllers.*.userUnifi service user name.
Type: string
Default: "unifi"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unpoller.nix>
|
services.unpoller.unifi.controllers.*.verify_sslVerify the Unifi controller's certificate.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unpoller.nix>
|
services.unpoller.unifi.defaults.hash_piiHash, with md5, client names and MAC addresses. This attempts to protect personally identifiable information.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unpoller.nix>
|
services.unpoller.unifi.defaults.passPath of a file containing the password for the unifi service user. This file needs to be readable by the unifi-poller user.
Type: path
Default: unpoller-unifi-default.password
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unpoller.nix>
|
services.unpoller.unifi.defaults.save_alarmsCollect and save data from UniFi alarms to influxdb and Loki.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unpoller.nix>
|
services.unpoller.unifi.defaults.save_anomaliesCollect and save data from UniFi anomalies to influxdb and Loki.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unpoller.nix>
|
services.unpoller.unifi.defaults.save_dpiCollect and save data from deep packet inspection. Adds around 150 data points and impacts performance.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unpoller.nix>
|
services.unpoller.unifi.defaults.save_eventsCollect and save data from UniFi events to influxdb and Loki.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unpoller.nix>
|
services.unpoller.unifi.defaults.save_idsCollect and save data from the intrusion detection system to influxdb and Loki.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unpoller.nix>
|
services.unpoller.unifi.defaults.save_sitesCollect and save site data.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unpoller.nix>
|
services.unpoller.unifi.defaults.sitesList of site names for which statistics should be exported. Or the string "default" for the default site or the string "all" for all sites.
Type: one of "default", "all" or list of string
Default: "all"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unpoller.nix>
|
services.unpoller.unifi.defaults.urlURL of the Unifi controller.
Type: string
Default: "https://unifi:8443"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unpoller.nix>
|
services.unpoller.unifi.defaults.userUnifi service user name.
Type: string
Default: "unifi"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unpoller.nix>
|
services.unpoller.unifi.defaults.verify_sslVerify the Unifi controller's certificate.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unpoller.nix>
|
services.unpoller.unifi.dynamicLet prometheus select which controller to poll when scraping. Use with default credentials. See unifi-poller wiki for more.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/unpoller.nix>
|
services.upower.enableWhether to enable Upower, a DBus service that provides power management support to applications.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/hardware/upower.nix>
|
services.upower.enableWattsUpProEnable the Watts Up Pro device.
The Watts Up Pro contains a generic FTDI USB device without a specific vendor and product ID. When we probe for WUP devices, we can cause the user to get a perplexing "Device or resource busy" error when attempting to use their non-WUP device.
The generic FTDI device is known to also be used on:
Sparkfun FT232 breakout board
Parallax Propeller
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/hardware/upower.nix>
|
services.upower.packageWhich upower package to use.
Type: package
Default: pkgs.upower
Declared by:
<nixpkgs/nixos/modules/services/hardware/upower.nix>
|
services.upower.criticalPowerActionThe action to take when timeAction or
percentageAction has been reached for the batteries
(UPS or laptop batteries) supplying the computer
Type: one of "PowerOff", "Hibernate", "HybridSleep"
Default: "HybridSleep"
Declared by:
<nixpkgs/nixos/modules/services/hardware/upower.nix>
|
services.upower.ignoreLidDo we ignore the lid state
Some laptops are broken. The lid state is either inverted, or stuck on or off. We can't do much to fix these problems, but this is a way for users to make the laptop panel vanish, a state that might be used by a couple of user-space daemons. On Linux systems, see also logind.conf(5).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/hardware/upower.nix>
|
services.upower.noPollBatteriesDon't poll the kernel for battery level changes.
Some hardware will send us battery level changes through events, rather than us having to poll for it. This option allows disabling polling for hardware that sends out events.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/hardware/upower.nix>
|
services.upower.percentageActionWhen usePercentageForPolicy is
true, the levels at which UPower will take action
for the critical battery level.
This will also be used for batteries which don't have time information such as that of peripherals.
If any value (of percentageLow,
percentageCritical and
percentageAction) is invalid, or not in descending
order, the defaults will be used.
Type: unsigned integer, meaning >=0
Default: 2
Declared by:
<nixpkgs/nixos/modules/services/hardware/upower.nix>
|
services.upower.percentageCriticalWhen usePercentageForPolicy is
true, the levels at which UPower will consider the
battery critical.
This will also be used for batteries which don't have time information such as that of peripherals.
If any value (of percentageLow,
percentageCritical and
percentageAction) is invalid, or not in descending
order, the defaults will be used.
Type: unsigned integer, meaning >=0
Default: 3
Declared by:
<nixpkgs/nixos/modules/services/hardware/upower.nix>
|
services.upower.percentageLowWhen usePercentageForPolicy is
true, the levels at which UPower will consider the
battery low.
This will also be used for batteries which don't have time information such as that of peripherals.
If any value (of percentageLow,
percentageCritical and
percentageAction) is invalid, or not in descending
order, the defaults will be used.
Type: unsigned integer, meaning >=0
Default: 10
Declared by:
<nixpkgs/nixos/modules/services/hardware/upower.nix>
|
services.upower.timeActionWhen usePercentageForPolicy is
false, the time remaining in seconds at which
UPower will take action for the critical battery level.
If any value (of timeLow,
timeCritical and timeAction) is
invalid, or not in descending order, the defaults will be used.
Type: unsigned integer, meaning >=0
Default: 120
Declared by:
<nixpkgs/nixos/modules/services/hardware/upower.nix>
|
services.upower.timeCriticalWhen usePercentageForPolicy is
false, the time remaining in seconds at which
UPower will consider the battery critical.
If any value (of timeLow,
timeCritical and timeAction) is
invalid, or not in descending order, the defaults will be used.
Type: unsigned integer, meaning >=0
Default: 300
Declared by:
<nixpkgs/nixos/modules/services/hardware/upower.nix>
|
services.upower.timeLowWhen usePercentageForPolicy is
false, the time remaining in seconds at which
UPower will consider the battery low.
If any value (of timeLow,
timeCritical and timeAction) is
invalid, or not in descending order, the defaults will be used.
Type: unsigned integer, meaning >=0
Default: 1200
Declared by:
<nixpkgs/nixos/modules/services/hardware/upower.nix>
|
services.upower.usePercentageForPolicyPolicy for warnings and action based on battery levels
Whether battery percentage based policy should be used. The default is to use the percentage, which should work around broken firmwares. It is also more reliable than the time left (frantically saving all your files is going to use more battery than letting it rest for example).
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/hardware/upower.nix>
|
services.uptermd.enableWhether to enable uptermd.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/uptermd.nix>
|
services.uptermd.extraFlagsExtra flags passed to the uptermd command.
Type: list of string
Default: [ ]
Example:
[ "--debug" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/uptermd.nix>
|
services.uptermd.hostKeyPath to SSH host key. If not defined, an ed25519 keypair is generated automatically.
Type: null or path
Default: null
Example: "/run/keys/upterm_host_ed25519_key"
Declared by:
<nixpkgs/nixos/modules/services/networking/uptermd.nix>
|
services.uptermd.listenAddressAddress the server will listen on.
Type: string
Default: "[::]"
Example: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/uptermd.nix>
|
services.uptermd.openFirewallWhether to open the firewall for the port in services.uptermd.port.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/uptermd.nix>
|
services.uptermd.portPort the server will listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 2222
Declared by:
<nixpkgs/nixos/modules/services/networking/uptermd.nix>
|
services.uptime.enableSeparateMonitoringServiceWhether to enable the uptime monitoring service.
Type: boolean
Default: config.services.uptime.enableWebService
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/uptime.nix>
|
services.uptime.enableWebServiceWhether to enable the uptime monitoring program web service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/uptime.nix>
|
services.uptime.configFileThe uptime configuration file
If mongodb: server != localhost, please set usesRemoteMongo = true
If you only want to run the monitor, please set enableWebService = false and enableSeparateMonitoringService = true
If autoStartMonitor: false (recommended) and you want to run both services, please set enableSeparateMonitoringService = true
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/monitoring/uptime.nix>
|
services.uptime.nodeEnvThe node environment to run in (development, production, etc.)
Type: string
Default: "production"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/uptime.nix>
|
services.uptime.usesRemoteMongoWhether the configuration file specifies a remote mongo instance
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/uptime.nix>
|
services.uptime-kuma.enableWhether to enable Uptime Kuma, this assumes a reverse proxy to be set..
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/uptime-kuma.nix>
|
services.uptime-kuma.packageUptime Kuma package to use.
Type: package
Default: pkgs.uptime-kuma
Declared by:
<nixpkgs/nixos/modules/services/monitoring/uptime-kuma.nix>
|
services.uptime-kuma.settingsAdditional configuration for Uptime Kuma, see https://github.com/louislam/uptime-kuma/wiki/Environment-Variables" for supported values.
Type: attribute set of string
Default: { }
Example:
{
NODE_EXTRA_CA_CERTS = "/etc/ssl/certs/ca-certificates.crt";
PORT = "4000";
}Declared by:
<nixpkgs/nixos/modules/services/monitoring/uptime-kuma.nix>
|
services.uptimed.enableEnable uptimed, allowing you to track
your highest uptimes.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/system/uptimed.nix>
|
services.urserver.enableWhether to enable urserver.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/urserver.nix>
|
services.urxvtd.enableEnable urxvtd, the urxvt terminal daemon. To use urxvtd, run "urxvtc".
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/urxvtd.nix>
|
services.urxvtd.packagePackage to install. Usually pkgs.rxvt-unicode.
Type: package
Default: pkgs.rxvt-unicode
Declared by:
<nixpkgs/nixos/modules/services/x11/urxvtd.nix>
|
services.usbguard.enableWhether to enable USBGuard daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/security/usbguard.nix>
|
services.usbguard.packageThe usbguard package to use. If you do not need the Qt GUI, use
pkgs.usbguard-nox to save disk space.
Type: package
Default: pkgs.usbguard
Declared by:
<nixpkgs/nixos/modules/services/security/usbguard.nix>
|
services.usbguard.IPCAllowedGroupsA list of groupnames that the daemon will accept IPC connections from.
Type: list of string
Default: [ ]
Example:
[ "wheel" ]
Declared by:
<nixpkgs/nixos/modules/services/security/usbguard.nix>
|
services.usbguard.IPCAllowedUsersA list of usernames that the daemon will accept IPC connections from.
Type: list of string
Default:
[ "root" ]
Example:
[ "root" "yourusername" ]
Declared by:
<nixpkgs/nixos/modules/services/security/usbguard.nix>
|
services.usbguard.deviceRulesWithPortGenerate device specific rules including the "via-port" attribute.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/security/usbguard.nix>
|
services.usbguard.implictPolicyTargetHow to treat USB devices that don't match any rule in the policy. Target should be one of allow, block or reject (logically remove the device node from the system).
Type: one of "allow", "block", "reject", "keep", "apply-policy"
Default: "block"
Declared by:
<nixpkgs/nixos/modules/services/security/usbguard.nix>
|
services.usbguard.insertedDevicePolicyHow to treat USB devices that are already connected after the daemon starts. One of block, reject, apply-policy.
Type: one of "allow", "block", "reject", "keep", "apply-policy"
Default: "apply-policy"
Declared by:
<nixpkgs/nixos/modules/services/security/usbguard.nix>
|
services.usbguard.presentControllerPolicyHow to treat USB controller devices that are already connected when the daemon starts. One of allow, block, reject, keep or apply-policy.
Type: one of "allow", "block", "reject", "keep", "apply-policy"
Default: "keep"
Declared by:
<nixpkgs/nixos/modules/services/security/usbguard.nix>
|
services.usbguard.presentDevicePolicyHow to treat USB devices that are already connected when the daemon starts. Policy should be one of allow, block, reject, keep (keep whatever state the device is currently in) or apply-policy (evaluate the rule set for every present device).
Type: one of "allow", "block", "reject", "keep", "apply-policy"
Default: "apply-policy"
Declared by:
<nixpkgs/nixos/modules/services/security/usbguard.nix>
|
services.usbguard.restoreControllerDeviceStateThe USBGuard daemon modifies some attributes of controller devices like the default authorization state of new child device instances. Using this setting, you can control whether the daemon will try to restore the attribute values to the state before modification on shutdown.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/security/usbguard.nix>
|
services.usbguard.rulesThe USBGuard daemon will load this as the policy rule set. As these rules are NixOS managed they are immutable and can't be changed by the IPC interface.
If you do not set this option, the USBGuard daemon will load
it's policy rule set from /var/lib/usbguard/rules.conf.
This file can be changed manually or via the IPC interface.
Running usbguard generate-policy as root will
generate a config for your currently plugged in devices.
For more details see usbguard-rules.conf(5).
Type: null or strings concatenated with "\n"
Default: null
Example:
''
allow with-interface equals { 08:*:* }
''Declared by:
<nixpkgs/nixos/modules/services/security/usbguard.nix>
|
services.usbmuxd.enableEnable the usbmuxd ("USB multiplexing daemon") service. This daemon is in charge of multiplexing connections over USB to an iOS device. This is needed for transferring data from and to iOS devices (see ifuse). Also this may enable plug-n-play tethering for iPhones.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/hardware/usbmuxd.nix>
|
services.usbmuxd.groupThe group usbmuxd should use to run after startup.
Type: string
Default: "usbmux"
Declared by:
<nixpkgs/nixos/modules/services/hardware/usbmuxd.nix>
|
services.usbmuxd.userThe user usbmuxd should use to run after startup.
Type: string
Default: "usbmux"
Declared by:
<nixpkgs/nixos/modules/services/hardware/usbmuxd.nix>
|
services.usbrelayd.enableWhether to enable USB Relay MQTT daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/hardware/usbrelayd.nix>
|
services.usbrelayd.brokerHostname or IP address of your MQTT Broker.
Type: string
Default: "127.0.0.1"
Example:
[ "mqtt" "192.168.1.1" ]
Declared by:
<nixpkgs/nixos/modules/services/hardware/usbrelayd.nix>
|
services.usbrelayd.clientNameName, your client connects as.
Type: string
Default: "MyUSBRelay"
Declared by:
<nixpkgs/nixos/modules/services/hardware/usbrelayd.nix>
|
services.uvcvideo.dynctrl.enableWhether to enable uvcvideo dynamic controls.
Note that enabling this brings the uvcdynctrl tool into your environment and register all dynamic controls from specified packages to the uvcvideo driver.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/hardware/video/uvcvideo/default.nix>
|
services.uvcvideo.dynctrl.packagesList of packages containing uvcvideo dynamic controls
rules. All files found in
«pkg»/share/uvcdynctrl/data
will be included.
Note that these will serve as input to the libwebcam package which through its own udev rule will register the dynamic controls from specified packages to the uvcvideo driver.
Type: list of path
Example: [ pkgs.tiscamera ]
Declared by:
<nixpkgs/nixos/modules/hardware/video/uvcvideo/default.nix>
|
services.uwsgi.enableEnable uWSGI
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-servers/uwsgi.nix>
|
services.uwsgi.capabilitiesGrant capabilities to the uWSGI instance. See the
capabilities(7) for available values.
uWSGI runs as an unprivileged user (even as Emperor) with the minimal
capabilities required. This option can be used to add fine-grained
permissions without running the service as root.
When in Emperor mode, any capability to be inherited by a vassal must
be specified again in the vassal configuration using cap.
See the uWSGI docs
for more information.
Type: list of string
Default: [ ]
Example:
[ "CAP_NET_BIND_SERVICE" # bind on ports <1024 "CAP_NET_RAW" # open raw sockets ]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/uwsgi.nix>
|
services.uwsgi.groupGroup account under which uWSGI runs.
Type: string
Default: "uwsgi"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/uwsgi.nix>
|
services.uwsgi.instanceuWSGI configuration. It awaits an attribute type inside which can be either
normal or emperor.
For normal mode you can specify pythonPackages as a function
from libraries set into a list of libraries. pythonpath will be set accordingly.
For emperor mode, you should use vassals attribute
which should be either a set of names and configurations or a path to a directory.
Other attributes will be used in configuration file as-is. Notice that you can redefine
plugins setting here.
Type: Json value or lambda
Default:
{
type = "normal";
}Example:
{
type = "emperor";
vassals = {
moin = {
type = "normal";
pythonPackages = self: with self; [ moinmoin ];
socket = "${config.services.uwsgi.runDir}/uwsgi.sock";
};
};
}
Declared by:
<nixpkgs/nixos/modules/services/web-servers/uwsgi.nix>
|
services.uwsgi.pluginsPlugins used with uWSGI
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/uwsgi.nix>
|
services.uwsgi.runDirWhere uWSGI communication sockets can live
Type: path
Default: "/run/uwsgi"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/uwsgi.nix>
|
services.uwsgi.userUser account under which uWSGI runs.
Type: string
Default: "uwsgi"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/uwsgi.nix>
|
services.v2ray.enableWhether to run v2ray server.
Either configFile or config must be specified.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/v2ray.nix>
|
services.v2ray.packageWhich v2ray package to use.
Type: package
Default: pkgs.v2ray
Declared by:
<nixpkgs/nixos/modules/services/networking/v2ray.nix>
|
services.v2ray.configThe configuration object.
Either configFile or config must be specified.
See https://www.v2fly.org/en_US/v5/config/overview.html.
Type: null or (attribute set of unspecified value)
Default: null
Example:
{
inbounds = [
{
listen = "127.0.0.1";
port = 1080;
protocol = "http";
}
];
outbounds = [
{
protocol = "freedom";
}
];
}Declared by:
<nixpkgs/nixos/modules/services/networking/v2ray.nix>
|
services.v2ray.configFileThe absolute path to the configuration file.
Either configFile or config must be specified.
See https://www.v2fly.org/en_US/v5/config/overview.html.
Type: null or string
Default: null
Example: "/etc/v2ray/config.json"
Declared by:
<nixpkgs/nixos/modules/services/networking/v2ray.nix>
|
services.v2raya.enableWhether to enable the v2rayA service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/v2raya.nix>
|
services.varnish.enableWhether to enable Varnish Server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-servers/varnish/default.nix>
|
services.varnish.enableConfigCheckWhether to enable checking the config during build time.
Type: boolean
Default: true
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-servers/varnish/default.nix>
|
services.varnish.packageThe package to use
Type: package
Default: pkgs.varnish
Declared by:
<nixpkgs/nixos/modules/services/web-servers/varnish/default.nix>
|
services.varnish.configVerbatim default.vcl configuration.
Type: strings concatenated with "\n"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/varnish/default.nix>
|
services.varnish.extraCommandLineCommand line switches for varnishd (run 'varnishd -?' to get list of options)
Type: string
Default: ""
Example: "-s malloc,256M"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/varnish/default.nix>
|
services.varnish.extraModulesVarnish modules (except 'std').
Type: list of package
Default: [ ]
Example: [ pkgs.varnishPackages.geoip ]
Declared by:
<nixpkgs/nixos/modules/services/web-servers/varnish/default.nix>
|
services.varnish.http_addressHTTP listen address and port.
Type: string
Default: "*:6081"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/varnish/default.nix>
|
services.varnish.stateDirDirectory holding all state for Varnish to run.
Type: path
Default: "/var/spool/varnish/${config.networking.hostName}"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/varnish/default.nix>
|
services.vault.enableWhether to enable Vault daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/security/vault.nix>
|
services.vault.packageThis option specifies the vault package to use.
Type: package
Default: pkgs.vault
Declared by:
<nixpkgs/nixos/modules/services/security/vault.nix>
|
services.vault.addressThe name of the ip interface to listen to
Type: string
Default: "127.0.0.1:8200"
Declared by:
<nixpkgs/nixos/modules/services/security/vault.nix>
|
services.vault.devIn this mode, Vault runs in-memory and starts unsealed. This option is not meant production but for development and testing i.e. for nixos tests.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/security/vault.nix>
|
services.vault.devRootTokenIDInitial root token. This only applies when services.vault.dev is true
Type: string
Default: false
Declared by:
<nixpkgs/nixos/modules/services/security/vault.nix>
|
services.vault.extraConfigExtra text appended to vault.hcl.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/security/vault.nix>
|
services.vault.extraSettingsPathsConfiguration files to load besides the immutable one defined by the NixOS module. This can be used to avoid putting credentials in the Nix store, which can be read by any user.
Each path can point to a JSON- or HCL-formatted file, or a directory
to be scanned for files with .hcl or
.json extensions.
To upload the confidential file with NixOps, use for example:
# https://releases.nixos.org/nixops/latest/manual/manual.html#opt-deployment.keys
deployment.keys."vault.hcl" = let db = import ./db-credentials.nix; in {
text = ''
storage "postgresql" {
connection_url = "postgres://${db.username}:${db.password}@host.example.com/exampledb?sslmode=verify-ca"
}
'';
user = "vault";
};
services.vault.extraSettingsPaths = ["/run/keys/vault.hcl"];
services.vault.storageBackend = "postgresql";
users.users.vault.extraGroups = ["keys"];
Type: list of path
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/security/vault.nix>
|
services.vault.listenerExtraConfigExtra text appended to the listener section.
Type: strings concatenated with "\n"
Default:
'' tls_min_version = "tls12" ''
Declared by:
<nixpkgs/nixos/modules/services/security/vault.nix>
|
services.vault.storageBackendThe name of the type of storage backend
Type: one of "inmem", "file", "consul", "zookeeper", "s3", "azure", "dynamodb", "etcd", "mssql", "mysql", "postgresql", "swift", "gcs", "raft"
Default: "inmem"
Declared by:
<nixpkgs/nixos/modules/services/security/vault.nix>
|
services.vault.storageConfigHCL configuration to insert in the storageBackend section.
Confidential values should not be specified here because this option's
value is written to the Nix store, which is publicly readable.
Provide credentials and such in a separate file using
services.vault.extraSettingsPaths.
Type: null or strings concatenated with "\n"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/vault.nix>
|
services.vault.storagePathData directory for file backend
Type: null or path
Default:
if config.services.vault.storageBackend == "file" || cfg.storageBackend == "raft" then "/var/lib/vault" else null
Declared by:
<nixpkgs/nixos/modules/services/security/vault.nix>
|
services.vault.telemetryConfigTelemetry configuration
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/security/vault.nix>
|
services.vault.tlsCertFileTLS certificate file. TLS will be disabled unless this option is set
Type: null or string
Default: null
Example: "/path/to/your/cert.pem"
Declared by:
<nixpkgs/nixos/modules/services/security/vault.nix>
|
services.vault.tlsKeyFileTLS private key file. TLS will be disabled unless this option is set
Type: null or string
Default: null
Example: "/path/to/your/key.pem"
Declared by:
<nixpkgs/nixos/modules/services/security/vault.nix>
|
services.vaultwarden.enableWhether to enable vaultwarden.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/security/vaultwarden/default.nix>
|
services.vaultwarden.packageVaultwarden package to use.
Type: package
Default: pkgs.vaultwarden
Declared by:
<nixpkgs/nixos/modules/services/security/vaultwarden/default.nix>
|
services.vaultwarden.backupDirThe directory under which vaultwarden will backup its persistent data.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/security/vaultwarden/default.nix>
|
services.vaultwarden.configThe configuration of vaultwarden is done through environment variables,
therefore it is recommended to use upper snake case (e.g. DISABLE_2FA_REMEMBER).
However, camel case (e.g. disable2FARemember) is also supported:
The NixOS module will convert it automatically to
upper case snake case (e.g. DISABLE_2FA_REMEMBER).
In this conversion digits (0-9) are handled just like upper case characters,
so foo2 would be converted to FOO_2.
Names already in this format remain unchanged, so FOO2 remains FOO2 if passed as such,
even though foo2 would have been converted to FOO_2.
This allows working around any potential future conflicting naming conventions.
Based on the attributes passed to this config option an environment file will be generated that is passed to vaultwarden's systemd service.
The available configuration options can be found in the environment template file.
See ()[#opt-services.vaultwarden.environmentFile) for how to set up access to the Admin UI to invite initial users.
Type: attribute set of (null or boolean or signed integer or string)
Default: { }
Example:
{
DOMAIN = "https://bitwarden.example.com";
SIGNUPS_ALLOWED = false;
# Vaultwarden currently recommends running behind a reverse proxy
# (nginx or similar) for TLS termination, see
# https://github.com/dani-garcia/vaultwarden/wiki/Hardening-Guide#reverse-proxying
# > you should avoid enabling HTTPS via vaultwarden's built-in Rocket TLS support,
# > especially if your instance is publicly accessible.
#
# A suitable NixOS nginx reverse proxy example config might be:
#
# services.nginx.virtualHosts."bitwarden.example.com" = {
# enableACME = true;
# forceSSL = true;
# locations."/" = {
# proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}";
# };
# };
ROCKET_ADDRESS = "127.0.0.1";
ROCKET_PORT = 8222;
ROCKET_LOG = "critical";
# This example assumes a mailserver running on localhost,
# thus without transport encryption.
# If you use an external mail server, follow:
# https://github.com/dani-garcia/vaultwarden/wiki/SMTP-configuration
SMTP_HOST = "127.0.0.1";
SMTP_PORT = 25;
SMTP_SSL = false;
SMTP_FROM = "admin@bitwarden.example.com";
SMTP_FROM_NAME = "example.com Bitwarden server";
}
Declared by:
<nixpkgs/nixos/modules/services/security/vaultwarden/default.nix>
|
services.vaultwarden.dbBackendWhich database backend vaultwarden will be using.
Type: one of "sqlite", "mysql", "postgresql"
Default: "sqlite"
Declared by:
<nixpkgs/nixos/modules/services/security/vaultwarden/default.nix>
|
services.vaultwarden.environmentFileAdditional environment file as defined in systemd.exec(5).
Secrets like ADMIN_TOKEN and SMTP_PASSWORD
may be passed to the service without adding them to the world-readable Nix store.
Note that this file needs to be available on the host on which
vaultwarden is running.
As a concrete example, to make the Admin UI available
(from which new users can be invited initially),
the secret ADMIN_TOKEN needs to be defined as described
here.
Setting environmentFile to /var/lib/vaultwarden.env
and ensuring permissions with e.g.
chown vaultwarden:vaultwarden /var/lib/vaultwarden.env
(the vaultwarden user will only exist after activating with
enable = true; before this), we can set the contents of the file to have
contents such as:
# Admin secret token, see # https://github.com/dani-garcia/vaultwarden/wiki/Enabling-admin-page ADMIN_TOKEN=...copy-paste a unique generated secret token here...
Type: null or path
Default: null
Example: "/var/lib/vaultwarden.env"
Declared by:
<nixpkgs/nixos/modules/services/security/vaultwarden/default.nix>
|
services.vaultwarden.webVaultPackageWeb vault package to use.
Type: package
Default: pkgs.vaultwarden.webvault
Declared by:
<nixpkgs/nixos/modules/services/security/vaultwarden/default.nix>
|
services.vdirsyncer.enableWhether to enable vdirsyncer.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/vdirsyncer.nix>
|
services.vdirsyncer.packageThe vdirsyncer package to use.
Type: package
Default: pkgs.vdirsyncer
Declared by:
<nixpkgs/nixos/modules/services/networking/vdirsyncer.nix>
|
services.vdirsyncer.jobsvdirsyncer job configurations
Type: attribute set of (submodule)
Declared by:
<nixpkgs/nixos/modules/services/networking/vdirsyncer.nix>
|
services.vdirsyncer.jobs.<name>.enableWhether to enable this vdirsyncer job.
Type: boolean
Default: true
Example: false
Declared by:
<nixpkgs/nixos/modules/services/networking/vdirsyncer.nix>
|
services.vdirsyncer.jobs.<name>.additionalGroupsadditional groups to add the dynamic user to
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/vdirsyncer.nix>
|
services.vdirsyncer.jobs.<name>.config.generalgeneral configuration
Type: attribute set
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/vdirsyncer.nix>
|
services.vdirsyncer.jobs.<name>.config.pairsvdirsyncer pair configurations
Type: attribute set of (attribute set)
Default: { }
Example:
{
my_contacts = {
a = "my_cloud_contacts";
b = "my_local_contacts";
collections = [ "from a" ];
conflict_resolution = "a wins";
metadata = [ "color" "displayname" ];
};
};
Declared by:
<nixpkgs/nixos/modules/services/networking/vdirsyncer.nix>
|
services.vdirsyncer.jobs.<name>.config.statusPathvdirsyncer's status path
Type: null or string
Default: /var/lib/vdirsyncer/${attrName}
Declared by:
<nixpkgs/nixos/modules/services/networking/vdirsyncer.nix>
|
services.vdirsyncer.jobs.<name>.config.storagesvdirsyncer storage configurations
Type: attribute set of (attribute set)
Default: { }
Example:
{
my_cloud_contacts = {
type = "carddav";
url = "https://dav.example.com/";
read_only = true;
username = "user";
"password.fetch" = [ "command" "cat" "/etc/vdirsyncer/cloud.passwd" ];
};
my_local_contacts = {
type = "carddav";
url = "https://localhost/";
username = "user";
"password.fetch" = [ "command" "cat" "/etc/vdirsyncer/local.passwd" ];
};
}
Declared by:
<nixpkgs/nixos/modules/services/networking/vdirsyncer.nix>
|
services.vdirsyncer.jobs.<name>.configFileexisting configuration file
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/vdirsyncer.nix>
|
services.vdirsyncer.jobs.<name>.forceDiscoverRun yes | vdirsyncer discover prior to vdirsyncer sync
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/vdirsyncer.nix>
|
services.vdirsyncer.jobs.<name>.groupgroup to run vdirsyncer as
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/vdirsyncer.nix>
|
services.vdirsyncer.jobs.<name>.timerConfigsystemd timer configuration
Type: attribute set
Default:
{
OnBootSec = "1h";
OnUnitActiveSec = "6h";
}Declared by:
<nixpkgs/nixos/modules/services/networking/vdirsyncer.nix>
|
services.vdirsyncer.jobs.<name>.userUser account to run vdirsyncer as, otherwise as a systemd dynamic user
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/vdirsyncer.nix>
|
services.vdr.enableWhether to enable VDR. Please put config into /var/lib/vdr.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/hardware/vdr.nix>
|
services.vdr.enableLircWhether to enable LIRC.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/hardware/vdr.nix>
|
services.vdr.packagePackage to use.
Type: package
Default: pkgs.vdr
Example: pkgs.wrapVdr.override { plugins = with pkgs.vdrPlugins; [ hello ]; }
Declared by:
<nixpkgs/nixos/modules/services/hardware/vdr.nix>
|
services.vdr.extraArgumentsAdditional command line arguments to pass to VDR.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/hardware/vdr.nix>
|
services.vdr.videoDirRecording directory
Type: path
Default: "/srv/vdr/video"
Declared by:
<nixpkgs/nixos/modules/services/hardware/vdr.nix>
|
services.vector.enableWhether to enable Vector.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/logging/vector.nix>
|
services.vector.journaldAccessEnable Vector to access journald.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/logging/vector.nix>
|
services.vector.settingsSpecify the configuration for Vector in Nix.
Type: JSON value
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/logging/vector.nix>
|
services.victoriametrics.enableWhether to enable victoriametrics.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/databases/victoriametrics.nix>
|
services.victoriametrics.packageThe VictoriaMetrics distribution to use.
Type: package
Default: pkgs.victoriametrics
Declared by:
<nixpkgs/nixos/modules/services/databases/victoriametrics.nix>
|
services.victoriametrics.extraOptionsExtra options to pass to VictoriaMetrics. See the README: https://github.com/VictoriaMetrics/VictoriaMetrics/blob/master/README.md or victoriametrics -help for more information.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/databases/victoriametrics.nix>
|
services.victoriametrics.listenAddressThe listen address for the http interface.
Type: string
Default: ":8428"
Declared by:
<nixpkgs/nixos/modules/services/databases/victoriametrics.nix>
|
services.victoriametrics.retentionPeriodRetention period in months.
Type: signed integer
Default: 1
Declared by:
<nixpkgs/nixos/modules/services/databases/victoriametrics.nix>
|
services.vikunja.enableWhether to enable vikunja service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/vikunja.nix>
|
services.vikunja.package-apivikunja-api derivation to use.
Type: package
Default: pkgs.vikunja-api
Declared by:
<nixpkgs/nixos/modules/services/web-apps/vikunja.nix>
|
services.vikunja.package-frontendvikunja-frontend derivation to use.
Type: package
Default: pkgs.vikunja-frontend
Declared by:
<nixpkgs/nixos/modules/services/web-apps/vikunja.nix>
|
services.vikunja.database.databaseDatabase name.
Type: string
Default: "vikunja"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/vikunja.nix>
|
services.vikunja.database.hostDatabase host address. Can also be a socket.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/vikunja.nix>
|
services.vikunja.database.pathPath to the sqlite3 database file.
Type: string
Default: "/var/lib/vikunja/vikunja.db"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/vikunja.nix>
|
services.vikunja.database.typeDatabase engine to use.
Type: one of "sqlite", "mysql", "postgres"
Default: "sqlite"
Example: "postgres"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/vikunja.nix>
|
services.vikunja.database.userDatabase user.
Type: string
Default: "vikunja"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/vikunja.nix>
|
services.vikunja.environmentFilesList of environment files set in the vikunja systemd service. For example passwords should be set in one of these files.
Type: list of path
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/vikunja.nix>
|
services.vikunja.frontendHostnameThe Hostname under which the frontend is running.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/web-apps/vikunja.nix>
|
services.vikunja.frontendSchemeWhether the site is available via http or https. This does not configure https or ACME in nginx!
Type: one of "http", "https"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/vikunja.nix>
|
services.vikunja.settingsVikunja configuration. Refer to https://vikunja.io/docs/config-options/ for details on supported values.
Type: YAML value
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/web-apps/vikunja.nix>
|
services.vikunja.setupNginxWhether to setup NGINX.
Further nginx configuration can be done by changing
services.nginx.virtualHosts.<frontendHostname>.
This does not enable TLS or ACME by default. To enable this, set the
services.nginx.virtualHosts.<frontendHostname>.enableACME to
true and if appropriate do the same for
services.nginx.virtualHosts.<frontendHostname>.forceSSL.
Type: boolean
Default: config.services.nginx.enable
Declared by:
<nixpkgs/nixos/modules/services/web-apps/vikunja.nix>
|
services.vmagent.enableWhether to enable vmagent.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/vmagent.nix>
|
services.vmagent.packagevmagent package to use.
Type: package
Default: pkgs.vmagent
Declared by:
<nixpkgs/nixos/modules/services/monitoring/vmagent.nix>
|
services.vmagent.dataDirThe directory where vmagent stores its data files.
Type: string
Default: "/var/lib/vmagent"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/vmagent.nix>
|
services.vmagent.groupGroup under which vmagent runs.
Type: string
Default: "vmagent"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/vmagent.nix>
|
services.vmagent.openFirewallWhether to open the firewall for the default ports.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/vmagent.nix>
|
services.vmagent.prometheusConfigConfig for prometheus style metrics
Type: JSON value
Declared by:
<nixpkgs/nixos/modules/services/monitoring/vmagent.nix>
|
services.vmagent.remoteWriteUrlThe storage endpoint such as VictoriaMetrics
Type: string
Default: "http://localhost:8428/api/v1/write"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/vmagent.nix>
|
services.vmagent.userUser account under which vmagent runs.
Type: string
Default: "vmagent"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/vmagent.nix>
|
services.vnstat.enableWhether to enable update of network usage statistics via vnstatd.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/vnstat.nix>
|
services.vsftpd.enableWhether to enable vsftpd.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
|
services.vsftpd.enableVirtualUsersWhether to enable the pam_userdb-based
virtual user system
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
|
services.vsftpd.allowWriteableChrootAllow the use of writeable root inside chroot().
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
|
services.vsftpd.anonymousMkdirEnableWhether any uploads are permitted to anonymous users.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
|
services.vsftpd.anonymousUmaskAnonymous write umask.
Type: string
Default: "077"
Example: "002"
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
|
services.vsftpd.anonymousUploadEnableWhether any uploads are permitted to anonymous users.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
|
services.vsftpd.anonymousUserWhether to enable the anonymous FTP user.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
|
services.vsftpd.anonymousUserHomeDirectory to consider the HOME of the anonymous user.
Type: path
Default: "/home/ftp/"
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
|
services.vsftpd.anonymousUserNoPasswordWhether to disable the password for the anonymous FTP user.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
|
services.vsftpd.chrootlocalUserWhether local users are confined to their home directory.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
|
services.vsftpd.extraConfigExtra configuration to add at the bottom of the generated configuration file.
Type: strings concatenated with "\n"
Default: ""
Example: "ftpd_banner=Hello"
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
|
services.vsftpd.forceLocalDataSSLOnly applies if sslEnable is true. Non anonymous (local) users
must use a secure SSL connection for sending/receiving data on data connection.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
|
services.vsftpd.forceLocalLoginsSSLOnly applies if sslEnable is true. Non anonymous (local) users
must use a secure SSL connection to send a password.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
|
services.vsftpd.localRootThis option represents a directory which vsftpd will try to change into after a local (i.e. non- anonymous) login.
Failure is silently ignored.
Type: null or string
Default: null
Example: "/var/www/$USER"
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
|
services.vsftpd.localUsersWhether to enable FTP for local users.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
|
services.vsftpd.portPromiscuousSet to YES if you want to disable the PORT security check that ensures that outgoing data connections can only connect to the client. Only enable if you know what you are doing!
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
|
services.vsftpd.rsaCertFileRSA certificate file.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
|
services.vsftpd.rsaKeyFileRSA private key file.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
|
services.vsftpd.ssl_sslv2Only applies if ssl_enable is activated. If
enabled, this option will permit SSL v2 protocol connections.
TLS v1 connections are preferred.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
|
services.vsftpd.ssl_sslv3Only applies if ssl_enable is activated. If
enabled, this option will permit SSL v3 protocol connections.
TLS v1 connections are preferred.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
|
services.vsftpd.ssl_tlsv1Only applies if ssl_enable is activated. If
enabled, this option will permit TLS v1 protocol connections.
TLS v1 connections are preferred.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
|
services.vsftpd.userDbPathOnly applies if enableVirtualUsers is true.
Path pointing to the pam_userdb user
database used by vsftpd to authenticate the virtual users.
This user list should be stored in the Berkeley DB database format.
To generate a new user database, create a text file, add your users using the following format:
user1 password1 user2 password2
You can then install pkgs.db to generate
the Berkeley DB using
db_load -T -t hash -f logins.txt userDb.db
Caution: pam_userdb will automatically
append a .db suffix to the filename you
provide though this option. This option shouldn't include
this filetype suffix.
Type: null or string
Default: null
Example: "/etc/vsftpd/userDb"
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
|
services.vsftpd.userlistSee userlistFile.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
|
services.vsftpd.userlistDenySpecifies whether userlistFile is a list of user
names to allow or deny access.
The default false means whitelist/allow.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
|
services.vsftpd.userlistEnableWhether users are included.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
|
services.vsftpd.userlistFileNewline separated list of names to be allowed/denied if userlistEnable
is true. Meaning see userlistDeny.
The default is a file containing the users from userlist.
If explicitly set to null userlist_file will not be set in vsftpd's config file.
Type: path
Default: pkgs.writeText "userlist" (concatMapStrings (x: "${x}\n") cfg.userlist)
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
|
services.vsftpd.virtualUseLocalPrivsIf enabled, virtual users will use the same privileges as local users. By default, virtual users will use the same privileges as anonymous users, which tends to be more restrictive (especially in terms of write access).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
|
services.vsftpd.writeEnableWhether any write activity is permitted to users.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/vsftpd.nix>
|
services.wasabibackend.enableWhether to enable Wasabi backend service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/wasabibackend.nix>
|
services.wasabibackend.customConfigFileDefines the path to a custom configuration file that is copied to the user's directory. Overrides any config options.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/wasabibackend.nix>
|
services.wasabibackend.dataDirThe data directory for the Wasabi backend node.
Type: path
Default: "/var/lib/wasabibackend"
Declared by:
<nixpkgs/nixos/modules/services/networking/wasabibackend.nix>
|
services.wasabibackend.endpoint.ipIP address for P2P connection to bitcoind.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/wasabibackend.nix>
|
services.wasabibackend.endpoint.portPort for P2P connection to bitcoind.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8333
Declared by:
<nixpkgs/nixos/modules/services/networking/wasabibackend.nix>
|
services.wasabibackend.groupThe group as which to run the wasabibackend node.
Type: string
Default: config.services.wasabibackend.user
Declared by:
<nixpkgs/nixos/modules/services/networking/wasabibackend.nix>
|
services.wasabibackend.networkThe network to use for the Wasabi backend service.
Type: one of "mainnet", "testnet", "regtest"
Default: "mainnet"
Declared by:
<nixpkgs/nixos/modules/services/networking/wasabibackend.nix>
|
services.wasabibackend.rpc.ipIP address for RPC connection to bitcoind.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/wasabibackend.nix>
|
services.wasabibackend.rpc.passwordRPC password for the bitcoin endpoint. Warning: this is stored in cleartext in the Nix store! Use configFile or passwordFile if needed.
Type: string
Default: "password"
Declared by:
<nixpkgs/nixos/modules/services/networking/wasabibackend.nix>
|
services.wasabibackend.rpc.passwordFileFile that contains the password of the RPC user.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/networking/wasabibackend.nix>
|
services.wasabibackend.rpc.portPort for RPC connection to bitcoind.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8332
Declared by:
<nixpkgs/nixos/modules/services/networking/wasabibackend.nix>
|
services.wasabibackend.rpc.userRPC user for the bitcoin endpoint.
Type: string
Default: "bitcoin"
Declared by:
<nixpkgs/nixos/modules/services/networking/wasabibackend.nix>
|
services.wasabibackend.userThe user as which to run the wasabibackend node.
Type: string
Default: "wasabibackend"
Declared by:
<nixpkgs/nixos/modules/services/networking/wasabibackend.nix>
|
services.webdav.enableWhether to enable WebDAV server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/webdav.nix>
|
services.webdav.configFilePath to config file. If this option is set, it will override any configuration done in options.services.webdav.settings.
Type: path
Default: "Config file generated from services.webdav.settings"
Example: "/etc/webdav/config.yaml"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/webdav.nix>
|
services.webdav.environmentFileEnvironment file as defined in systemd.exec(5).
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/webdav.nix>
|
services.webdav.groupGroup under which WebDAV runs.
Type: string
Default: "webdav"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/webdav.nix>
|
services.webdav.settingsAttrset that is converted and passed as config file. Available options can be found at here.
This program supports reading username and password configuration from environment variables, so it's strongly recommended to store username and password in a separate EnvironmentFile. This prevents adding secrets to the world-readable Nix store.
Type: YAML value
Default: { }
Example:
{
address = "0.0.0.0";
port = 8080;
scope = "/srv/public";
modify = true;
auth = true;
users = [
{
username = "{env}ENV_USERNAME";
password = "{env}ENV_PASSWORD";
}
];
}
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/webdav.nix>
|
services.webdav.userUser account under which WebDAV runs.
Type: string
Default: "webdav"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/webdav.nix>
|
services.webdav-server-rs.enableWhether to enable WebDAV server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/webdav-server-rs.nix>
|
services.webdav-server-rs.configFilePath to config file. If this option is set, it will override any configuration done in services.webdav-server-rs.settings.
Type: path
Default: "Config file generated from services.webdav-server-rs.settings"
Example: "/etc/webdav-server.toml"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/webdav-server-rs.nix>
|
services.webdav-server-rs.groupGroup to run under when setuid is not enabled.
Type: string
Default: "webdav"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/webdav-server-rs.nix>
|
services.webdav-server-rs.settingsAttrset that is converted and passed as config file. Available options can be found at here.
Type: TOML value
Default: { }
Example:
{
server.listen = [ "0.0.0.0:4918" "[::]:4918" ];
accounts = {
auth-type = "htpasswd.default";
acct-type = "unix";
};
htpasswd.default = {
htpasswd = "/etc/htpasswd";
};
location = [
{
route = [ "/public/*path" ];
directory = "/srv/public";
handler = "filesystem";
methods = [ "webdav-ro" ];
autoindex = true;
auth = "false";
}
{
route = [ "/user/:user/*path" ];
directory = "~";
handler = "filesystem";
methods = [ "webdav-rw" ];
autoindex = true;
auth = "true";
setuid = true;
}
];
}
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/webdav-server-rs.nix>
|
services.webdav-server-rs.userUser to run under when setuid is not enabled.
Type: string
Default: "webdav"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/webdav-server-rs.nix>
|
services.weechat.enableWhether to enable weechat.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/weechat.nix>
|
services.weechat.binaryBinary to execute.
Type: path
Default: "${pkgs.weechat}/bin/weechat"
Example: "${pkgs.weechat}/bin/weechat-headless"
Declared by:
<nixpkgs/nixos/modules/services/misc/weechat.nix>
|
services.weechat.rootWeechat state directory.
Type: string
Default: "/var/lib/weechat"
Declared by:
<nixpkgs/nixos/modules/services/misc/weechat.nix>
|
services.weechat.sessionNameName of the `screen' session for weechat.
Type: string
Default: "weechat-screen"
Declared by:
<nixpkgs/nixos/modules/services/misc/weechat.nix>
|
services.wg-netmanager.enableWhether to enable Wireguard network manager.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/wg-netmanager.nix>
|
services.whitebophir.enableWhether to enable whitebophir, an online collaborative whiteboard server (persistent state will be maintained under /var/lib/whitebophir).
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/whitebophir.nix>
|
services.whitebophir.packageWhitebophir package to use.
Type: package
Default: pkgs.whitebophir
Declared by:
<nixpkgs/nixos/modules/services/web-apps/whitebophir.nix>
|
services.whitebophir.listenAddressAddress to listen on (use 0.0.0.0 to allow access from any address).
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/whitebophir.nix>
|
services.whitebophir.portPort to bind to.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 5001
Declared by:
<nixpkgs/nixos/modules/services/web-apps/whitebophir.nix>
|
services.wiki-js.enableWhether to enable wiki-js.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wiki-js.nix>
|
services.wiki-js.environmentFileEnvironment file to inject e.g. secrets into the configuration.
Type: null or path
Default: null
Example: "/root/wiki-js.env"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wiki-js.nix>
|
services.wiki-js.settingsSettings to configure wiki-js. This directly
corresponds to the upstream configuration options.
Secrets can be injected via the environment by
specifying services.wiki-js.environmentFile
to contain secrets
and setting sensitive values to $(ENVIRONMENT_VAR)
with this value defined in the environment-file.
Type: JSON value
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wiki-js.nix>
|
services.wiki-js.settings.bindIPIPs the service should listen to.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wiki-js.nix>
|
services.wiki-js.settings.db.dbName of the database to use.
Type: string
Default: "wiki"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wiki-js.nix>
|
services.wiki-js.settings.db.hostHostname or socket-path to connect to.
Type: string
Example: "/run/postgresql"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wiki-js.nix>
|
services.wiki-js.settings.db.typeDatabase driver to use for persistence. Please note that sqlite
is currently not supported as the build process for it is currently not implemented
in pkgs.wiki-js and it's not recommended by upstream for
production use.
Type: one of "postgres", "mysql", "mariadb", "mssql"
Default: "postgres"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wiki-js.nix>
|
services.wiki-js.settings.logLevelDefine how much detail is supposed to be logged at runtime.
Type: one of "error", "warn", "info", "verbose", "debug", "silly"
Default: "info"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wiki-js.nix>
|
services.wiki-js.settings.offlineDisable latest file updates and enable sideloading.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wiki-js.nix>
|
services.wiki-js.settings.portTCP port the process should listen to.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 3000
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wiki-js.nix>
|
services.wiki-js.stateDirectoryNameName of the directory in /var/lib.
Type: string
Default: "wiki-js"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wiki-js.nix>
|
services.wordpress.sitesSpecification of one or more WordPress sites to serve
Type: attribute set of (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
|
services.wordpress.sites.<name>.packageWhich WordPress package to use.
Type: package
Default: pkgs.wordpress
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
|
services.wordpress.sites.<name>.database.createLocallyCreate the database and database user locally.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
|
services.wordpress.sites.<name>.database.hostDatabase host address.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
|
services.wordpress.sites.<name>.database.nameDatabase name.
Type: string
Default: "wordpress"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
|
services.wordpress.sites.<name>.database.passwordFileA file containing the password corresponding to
database.user.
Type: null or path
Default: null
Example: "/run/keys/wordpress-dbpassword"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
|
services.wordpress.sites.<name>.database.portDatabase host port.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 3306
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
|
services.wordpress.sites.<name>.database.socketPath to the unix socket file to use for authentication.
Type: null or path
Default: /run/mysqld/mysqld.sock
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
|
services.wordpress.sites.<name>.database.tablePrefixThe $table_prefix is the value placed in the front of your database tables. Change the value if you want to use something other than wp_ for your database prefix. Typically this is changed if you are installing multiple WordPress blogs in the same database.
See https://codex.wordpress.org/Editing_wp-config.php#table_prefix.
Type: string
Default: "wp_"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
|
services.wordpress.sites.<name>.database.userDatabase user.
Type: string
Default: "wordpress"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
|
services.wordpress.sites.<name>.extraConfigAny additional text to be appended to the wp-config.php configuration file. This is a PHP script. For configuration settings, see https://codex.wordpress.org/Editing_wp-config.php.
Type: strings concatenated with "\n"
Default: ""
Example:
'' define( 'AUTOSAVE_INTERVAL', 60 ); // Seconds ''
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
|
services.wordpress.sites.<name>.fontsDirThis directory is used to download fonts from a remote location, e.g. to host google fonts locally.
Type: path
Default: "/var/lib/wordpress/‹name›/fonts"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
|
services.wordpress.sites.<name>.languagesList of path(s) to respective language(s) which are copied from the 'languages' directory.
Type: list of path
Default: [ ]
Example:
[(
# Let's package the German language.
# For other languages try to replace language and country code in the download URL with your desired one.
# Reference https://translate.wordpress.org for available translations and
# codes.
language-de = pkgs.stdenv.mkDerivation {
name = "language-de";
src = pkgs.fetchurl {
url = "https://de.wordpress.org/wordpress-${pkgs.wordpress.version}-de_DE.tar.gz";
# Name is required to invalidate the hash when wordpress is updated
name = "wordpress-${pkgs.wordpress.version}-language-de"
sha256 = "sha256-dlas0rXTSV4JAl8f/UyMbig57yURRYRhTMtJwF9g8h0=";
};
installPhase = "mkdir -p $out; cp -r ./wp-content/languages/* $out/";
};
)];
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
|
services.wordpress.sites.<name>.pluginsList of path(s) to respective plugin(s) which are copied from the 'plugins' directory.
These plugins need to be packaged before use, see example.
Type: list of path
Default: [ ]
Example:
let
# Wordpress plugin 'embed-pdf-viewer' installation example
embedPdfViewerPlugin = pkgs.stdenv.mkDerivation {
name = "embed-pdf-viewer-plugin";
# Download the theme from the wordpress site
src = pkgs.fetchurl {
url = "https://downloads.wordpress.org/plugin/embed-pdf-viewer.2.0.3.zip";
sha256 = "1rhba5h5fjlhy8p05zf0p14c9iagfh96y91r36ni0rmk6y891lyd";
};
# We need unzip to build this package
nativeBuildInputs = [ pkgs.unzip ];
# Installing simply means copying all files to the output directory
installPhase = "mkdir -p $out; cp -R * $out/";
};
# And then pass this theme to the themes list like this:
in [ embedPdfViewerPlugin ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
|
services.wordpress.sites.<name>.poolConfigOptions for the WordPress PHP pool. See the documentation on php-fpm.conf
for details on configuration directives.
Type: attribute set of (string or signed integer or boolean)
Default:
{
pm = "dynamic";
"pm.max_children" = 32;
"pm.max_requests" = 500;
"pm.max_spare_servers" = 4;
"pm.min_spare_servers" = 2;
"pm.start_servers" = 2;
}Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
|
services.wordpress.sites.<name>.themesList of path(s) to respective theme(s) which are copied from the 'theme' directory.
These themes need to be packaged before use, see example.
Type: list of path
Default: [ ]
Example:
let
# Let's package the responsive theme
responsiveTheme = pkgs.stdenv.mkDerivation {
name = "responsive-theme";
# Download the theme from the wordpress site
src = pkgs.fetchurl {
url = "https://downloads.wordpress.org/theme/responsive.3.14.zip";
sha256 = "0rjwm811f4aa4q43r77zxlpklyb85q08f9c8ns2akcarrvj5ydx3";
};
# We need unzip to build this package
nativeBuildInputs = [ pkgs.unzip ];
# Installing simply means copying all files to the output directory
installPhase = "mkdir -p $out; cp -R * $out/";
};
# And then pass this theme to the themes list like this:
in [ responsiveTheme ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
|
services.wordpress.sites.<name>.uploadsDirThis directory is used for uploads of pictures. The directory passed here is automatically created and permissions adjusted as required.
Type: path
Default: "/var/lib/wordpress/‹name›/uploads"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
|
services.wordpress.sites.<name>.virtualHostApache configuration can be done by adapting services.httpd.virtualHosts.
Type: submodule
Example:
{
adminAddr = "webmaster@example.org";
forceSSL = true;
enableACME = true;
}
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
|
services.wordpress.sites.<name>.virtualHost.enableACMEWhether to ask Let's Encrypt to sign a certificate for this vhost.
Alternately, you can use an existing certificate through useACMEHost.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
|
services.wordpress.sites.<name>.virtualHost.enableUserDirWhether to enable serving ~/public_html as
/~«username».
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
|
services.wordpress.sites.<name>.virtualHost.acmeRootDirectory for the acme challenge which is PUBLIC, don't put certs or keys in here. Set to null to inherit from config.security.acme.
Type: null or string
Default: "/var/lib/acme/acme-challenge"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
|
services.wordpress.sites.<name>.virtualHost.addSSLWhether to enable HTTPS in addition to plain HTTP. This will set defaults for
listen to listen on all interfaces on the respective default
ports (80, 443).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
|
services.wordpress.sites.<name>.virtualHost.adminAddrE-mail address of the server administrator.
Type: null or string
Default: null
Example: "admin@example.org"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
|
services.wordpress.sites.<name>.virtualHost.documentRootThe path of Apache's document root directory. If left undefined, an empty directory in the Nix store will be used as root.
Type: null or path
Default: null
Example: "/data/webserver/docs"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
|
services.wordpress.sites.<name>.virtualHost.extraConfigThese lines go to httpd.conf verbatim. They will go after directories and directory aliases defined by default.
Type: strings concatenated with "\n"
Default: ""
Example:
''
<Directory /home>
Options FollowSymlinks
AllowOverride All
</Directory>
''Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
|
services.wordpress.sites.<name>.virtualHost.forceSSLWhether to add a separate nginx server block that permanently redirects (301)
all plain HTTP traffic to HTTPS. This will set defaults for
listen to listen on all interfaces on the respective default
ports (80, 443), where the non-SSL listens are used for the redirect vhosts.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
|
services.wordpress.sites.<name>.virtualHost.globalRedirectIf set, all requests for this host are redirected permanently to the given URL.
Type: null or string
Default: null
Example: "http://newserver.example.org/"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
|
services.wordpress.sites.<name>.virtualHost.hostNameCanonical hostname for the server.
Type: string
Default: "‹name›"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
|
services.wordpress.sites.<name>.virtualHost.http2Whether to enable HTTP 2. HTTP/2 is supported in all multi-processing modules that come with httpd. However, if you use the prefork mpm, there will be severe restrictions. Refer to https://httpd.apache.org/docs/2.4/howto/http2.html#mpm-config for details.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
|
services.wordpress.sites.<name>.virtualHost.listenListen addresses and ports for this virtual host.
This option overrides addSSL, forceSSL and onlySSL.
If you only want to set the addresses manually and not the ports, take a look at listenAddresses.
Type: list of (submodule)
Default: [ ]
Example:
[
{
ip = "195.154.1.1";
port = 443;
ssl = true;
}
{
ip = "192.154.1.1";
port = 80;
}
{
ip = "*";
port = 8080;
}
]Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
|
services.wordpress.sites.<name>.virtualHost.listen.*.ipIP to listen on. 0.0.0.0 for IPv4 only, * for all.
Type: string
Default: "*"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
|
services.wordpress.sites.<name>.virtualHost.listen.*.portPort to listen on
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
|
services.wordpress.sites.<name>.virtualHost.listen.*.sslWhether to enable SSL (https) support.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
|
services.wordpress.sites.<name>.virtualHost.listenAddressesListen addresses for this virtual host.
Compared to listen this only sets the addresses
and the ports are chosen automatically.
Type: non-empty (list of string)
Default:
[ "*" ]
Example:
[ "127.0.0.1" ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
|
services.wordpress.sites.<name>.virtualHost.locationsDeclarative location config. See https://httpd.apache.org/docs/2.4/mod/core.html#location for details.
Type: attribute set of (submodule)
Default: { }
Example:
{
"/" = {
proxyPass = "http://localhost:3000";
};
"/foo/bar.png" = {
alias = "/home/eelco/some-file.png";
};
};
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
|
services.wordpress.sites.<name>.virtualHost.locations.<name>.aliasAlias directory for requests. See https://httpd.apache.org/docs/2.4/mod/mod_alias.html#alias.
Type: null or path
Default: null
Example: "/your/alias/directory"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
|
services.wordpress.sites.<name>.virtualHost.locations.<name>.extraConfigThese lines go to the end of the location verbatim.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
|
services.wordpress.sites.<name>.virtualHost.locations.<name>.indexAdds DirectoryIndex directive. See https://httpd.apache.org/docs/2.4/mod/mod_dir.html#directoryindex.
Type: null or string
Default: null
Example: "index.php index.html"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
|
services.wordpress.sites.<name>.virtualHost.locations.<name>.priorityOrder of this location block in relation to the others in the vhost.
The semantics are the same as with lib.mkOrder. Smaller values have
a greater priority.
Type: signed integer
Default: 1000
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
|
services.wordpress.sites.<name>.virtualHost.locations.<name>.proxyPassSets up a simple reverse proxy as described by https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html#simple.
Type: null or string
Default: null
Example: "http://www.example.org/"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
|
services.wordpress.sites.<name>.virtualHost.logFormatLog format for Apache's log files. Possible values are: combined, common, referer, agent.
Type: string
Default: "common"
Example: "combined"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
|
services.wordpress.sites.<name>.virtualHost.onlySSLWhether to enable HTTPS and reject plain HTTP connections. This will set
defaults for listen to listen on all interfaces on port 443.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
|
services.wordpress.sites.<name>.virtualHost.robotsEntriesSpecification of pages to be ignored by web crawlers. See http://www.robotstxt.org/ for details.
Type: strings concatenated with "\n"
Default: ""
Example: "Disallow: /foo/"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
|
services.wordpress.sites.<name>.virtualHost.servedDirsThis option provides a simple way to serve static directories.
Type: list of (attribute set)
Default: [ ]
Example:
[
{
dir = "/home/eelco/Dev/nix-homepage";
urlPath = "/nix";
}
]Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
|
services.wordpress.sites.<name>.virtualHost.servedFilesThis option provides a simple way to serve individual, static files.
This option has been deprecated and will be removed in a future
version of NixOS. You can achieve the same result by making use of
the locations.<name>.alias option.
Type: list of (attribute set)
Default: [ ]
Example:
[
{
file = "/home/eelco/some-file.png";
urlPath = "/foo/bar.png";
}
]Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
|
services.wordpress.sites.<name>.virtualHost.serverAliasesAdditional names of virtual hosts served by this virtual host configuration.
Type: list of string
Default: [ ]
Example:
[ "www.example.org" "www.example.org:8080" "example.org" ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
|
services.wordpress.sites.<name>.virtualHost.sslServerCertPath to server SSL certificate.
Type: path
Example: "/var/host.cert"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
|
services.wordpress.sites.<name>.virtualHost.sslServerChainPath to server SSL chain file.
Type: null or path
Default: null
Example: "/var/ca.pem"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
|
services.wordpress.sites.<name>.virtualHost.sslServerKeyPath to server SSL certificate key.
Type: path
Example: "/var/host.key"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
|
services.wordpress.sites.<name>.virtualHost.useACMEHostA host of an existing Let's Encrypt certificate to use.
This is useful if you have many subdomains and want to avoid hitting the
rate limit.
Alternately, you can generate a certificate through enableACME.
Note that this option does not create any certificates, nor it does add subdomains to existing ones – you will need to create them manually using security.acme.certs.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
|
services.wordpress.webserverWhether to use apache2 or nginx for virtual host management.
Further nginx configuration can be done by adapting services.nginx.virtualHosts.<name>.
See services.nginx.virtualHosts for further information.
Further apache2 configuration can be done by adapting services.httpd.virtualHosts.<name>.
See services.httpd.virtualHosts for further information.
Type: one of "httpd", "nginx", "caddy"
Default: "httpd"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/wordpress.nix>
|
services.writefreely.enableWhether to enable Writefreely, build a digital writing community.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/writefreely.nix>
|
services.writefreely.packageWritefreely package to use.
Type: package
Default: pkgs.writefreely
Declared by:
<nixpkgs/nixos/modules/services/web-apps/writefreely.nix>
|
services.writefreely.acme.enableWhether or not to automatically fetch and configure SSL certs.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/writefreely.nix>
|
services.writefreely.admin.initialPasswordFilePath to a file containing the initial password for the admin user.
If not provided, the default password will be set to nixos.
Type: path
Default: "/nix/store/xxx-default-admin-pass"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/writefreely.nix>
|
services.writefreely.admin.nameThe name of the first admin user.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/writefreely.nix>
|
services.writefreely.database.createLocallyWhen services.writefreely.database.type is set to
"mysql", this option will enable the MySQL service locally.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/writefreely.nix>
|
services.writefreely.database.hostThe database host to connect to.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/writefreely.nix>
|
services.writefreely.database.migrateWhether or not to automatically run migrations on startup.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/writefreely.nix>
|
services.writefreely.database.nameThe name of the database to store data in.
Type: string
Default: "writefreely"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/writefreely.nix>
|
services.writefreely.database.passwordFileThe file to load the database password from.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/writefreely.nix>
|
services.writefreely.database.portThe port used when connecting to the database host.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 3306
Declared by:
<nixpkgs/nixos/modules/services/web-apps/writefreely.nix>
|
services.writefreely.database.tlsWhether or not TLS should be used for the database connection.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/writefreely.nix>
|
services.writefreely.database.typeThe database provider to use.
Type: one of "sqlite3", "mysql"
Default: "sqlite3"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/writefreely.nix>
|
services.writefreely.database.userThe database user to connect as.
Type: null or string
Default: "writefreely"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/writefreely.nix>
|
services.writefreely.groupGroup under which Writefreely is ran.
Type: string
Default: "writefreely"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/writefreely.nix>
|
services.writefreely.hostThe public host name to serve.
Type: string
Default: ""
Example: "example.com"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/writefreely.nix>
|
services.writefreely.nginx.enableWhether or not to enable and configure nginx as a proxy for WriteFreely.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/writefreely.nix>
|
services.writefreely.nginx.forceSSLWhether or not to force the use of SSL.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/writefreely.nix>
|
services.writefreely.settingsWritefreely configuration (config.ini). Refer to
https://writefreely.org/docs/latest/admin/config
for details.
Type: attribute set of attribute set of (INI atom (null, bool, int, float or string))
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/web-apps/writefreely.nix>
|
services.writefreely.settings.app.themeThe theme to apply.
Type: string
Default: "write"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/writefreely.nix>
|
services.writefreely.settings.server.portThe port WriteFreely should listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: "80"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/writefreely.nix>
|
services.writefreely.stateDirThe state directory where keys and data are stored.
Type: path
Default: "/var/lib/writefreely"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/writefreely.nix>
|
services.writefreely.userUser under which Writefreely is ran.
Type: string
Default: "writefreely"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/writefreely.nix>
|
services.x2goserver.enableEnables the x2goserver module.
NOTE: This will create a good amount of symlinks in /usr/local/bin
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/x2goserver.nix>
|
services.x2goserver.nxagentDefaultOptionsList of default nx agent options.
Type: list of string
Default:
[ "-extension GLX" "-nolisten tcp" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/x2goserver.nix>
|
services.x2goserver.settingsx2goserver.conf ini configuration as nix attributes. See
x2goserver.conf(5) for details
Type: attribute set of (attribute set)
Default: { }
Example:
{
superenicer = {
"enable" = "yes";
"idle-nice-level" = 19;
};
telekinesis = { "enable" = "no"; };
}
Declared by:
<nixpkgs/nixos/modules/services/networking/x2goserver.nix>
|
services.x2goserver.superenicer.enableEnables the SupeReNicer code in x2gocleansessions, this will renice suspended sessions to nice level 19 and renice them to level 0 if the session becomes marked as running again
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/x2goserver.nix>
|
services.xandikos.enableWhether to enable Xandikos CalDAV and CardDAV server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/xandikos.nix>
|
services.xandikos.packageThe Xandikos package to use.
Type: package
Default: pkgs.xandikos
Declared by:
<nixpkgs/nixos/modules/services/networking/xandikos.nix>
|
services.xandikos.addressThe IP address on which Xandikos will listen. By default listens on localhost.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/networking/xandikos.nix>
|
services.xandikos.extraOptionsExtra command line arguments to pass to xandikos.
Type: list of string
Default: [ ]
Example:
[ "--autocreate" "--defaults" "--current-user-principal user" "--dump-dav-xml" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/xandikos.nix>
|
services.xandikos.nginxConfiguration for nginx reverse proxy.
Type: submodule
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/networking/xandikos.nix>
|
services.xandikos.nginx.enableConfigure the nginx reverse proxy settings.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/xandikos.nix>
|
services.xandikos.nginx.hostNameThe hostname use to setup the virtualhost configuration
Type: string
Declared by:
<nixpkgs/nixos/modules/services/networking/xandikos.nix>
|
services.xandikos.portThe port of the Xandikos web application
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8080
Declared by:
<nixpkgs/nixos/modules/services/networking/xandikos.nix>
|
services.xandikos.routePrefixPath to Xandikos. Useful when Xandikos is behind a reverse proxy.
Type: string
Default: "/"
Declared by:
<nixpkgs/nixos/modules/services/networking/xandikos.nix>
|
services.xbanish.enableWhether to enable xbanish.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/xbanish.nix>
|
services.xbanish.argumentsArguments to pass to xbanish command
Type: string
Default: ""
Example: "-d -i shift"
Declared by:
<nixpkgs/nixos/modules/services/x11/xbanish.nix>
|
services.xe-guest-utilities.enableWhether to enable the Xen guest utilities daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/virtualisation/xe-guest-utilities.nix>
|
services.xfs.enableWhether to enable the X Font Server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/xfs.nix>
|
services.xinetd.enableWhether to enable the xinetd super-server daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/xinetd.nix>
|
services.xinetd.extraDefaultsAdditional configuration lines added to the default section of xinetd's configuration.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/xinetd.nix>
|
services.xinetd.servicesA list of services provided by xinetd.
Type: list of (submodule)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/xinetd.nix>
|
services.xinetd.services.*.extraConfigExtra configuration-lines added to the section of the service.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/xinetd.nix>
|
services.xinetd.services.*.flags
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/xinetd.nix>
|
services.xinetd.services.*.nameName of the service.
Type: string
Example: "login"
Declared by:
<nixpkgs/nixos/modules/services/networking/xinetd.nix>
|
services.xinetd.services.*.portPort number of the service.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 0
Example: 123
Declared by:
<nixpkgs/nixos/modules/services/networking/xinetd.nix>
|
services.xinetd.services.*.protocolProtocol of the service. Usually tcp or udp.
Type: string
Default: "tcp"
Declared by:
<nixpkgs/nixos/modules/services/networking/xinetd.nix>
|
services.xinetd.services.*.serverPath of the program that implements the service.
Type: string
Example: "/foo/bin/ftpd"
Declared by:
<nixpkgs/nixos/modules/services/networking/xinetd.nix>
|
services.xinetd.services.*.serverArgsCommand-line arguments for the server program.
Type: strings concatenated with " "
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/xinetd.nix>
|
services.xinetd.services.*.unlistedWhether this server is listed in
/etc/services. If so, the port
number can be omitted.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/xinetd.nix>
|
services.xinetd.services.*.userUser account for the service
Type: string
Default: "nobody"
Declared by:
<nixpkgs/nixos/modules/services/networking/xinetd.nix>
|
services.xl2tpd.enableWhether to enable xl2tpd, the Layer 2 Tunnelling Protocol Daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/xl2tpd.nix>
|
services.xl2tpd.clientIpRangeThe range from which client IPs are drawn.
Type: string
Default: "10.125.125.2-11"
Declared by:
<nixpkgs/nixos/modules/services/networking/xl2tpd.nix>
|
services.xl2tpd.extraPppdOptionsAdds extra lines to the pppd options file.
Type: strings concatenated with "\n"
Default: ""
Example:
'' ms-dns 8.8.8.8 ms-dns 8.8.4.4 ''
Declared by:
<nixpkgs/nixos/modules/services/networking/xl2tpd.nix>
|
services.xl2tpd.extraXl2tpOptionsAdds extra lines to the xl2tpd configuration file.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/xl2tpd.nix>
|
services.xl2tpd.serverIpThe server-side IP address.
Type: string
Default: "10.125.125.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/xl2tpd.nix>
|
services.xmr-stak.enableWhether to enable xmr-stak miner.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/xmr-stak.nix>
|
services.xmr-stak.configFilesContent of config files like config.txt, pools.txt or cpu.txt.
Type: attribute set of string
Default: { }
Example:
{
"config.txt" = ''
"verbose_level" : 4,
"h_print_time" : 60,
"tls_secure_algo" : true,
'';
"pools.txt" = ''
"currency" : "monero7",
"pool_list" :
[ { "pool_address" : "pool.supportxmr.com:443",
"wallet_address" : "my-wallet-address",
"rig_id" : "",
"pool_password" : "nixos",
"use_nicehash" : false,
"use_tls" : true,
"tls_fingerprint" : "",
"pool_weight" : 23
},
],
'';
}
Declared by:
<nixpkgs/nixos/modules/services/misc/xmr-stak.nix>
|
services.xmr-stak.cudaSupportWhether to enable support for CUDA (NVidia graphics cards).
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/xmr-stak.nix>
|
services.xmr-stak.extraArgsList of parameters to pass to xmr-stak.
Type: list of string
Default: [ ]
Example:
[ "--noCPU" "--currency monero" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/xmr-stak.nix>
|
services.xmr-stak.openclSupportWhether to enable support for OpenCL (AMD/ATI graphics cards).
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/xmr-stak.nix>
|
services.xmrig.enableWhether to enable XMRig Mining Software.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/xmrig.nix>
|
services.xmrig.packageXMRig package to use.
Type: package
Default: pkgs.xmrig
Example: pkgs.xmrig-mo
Declared by:
<nixpkgs/nixos/modules/services/misc/xmrig.nix>
|
services.xmrig.settingsXMRig configuration. Refer to https://xmrig.com/docs/miner/config for details on supported values.
Type: JSON value
Default: { }
Example:
{
autosave = true;
cpu = true;
opencl = false;
cuda = false;
pools = [
{
url = "pool.supportxmr.com:443";
user = "your-wallet";
keepalive = true;
tls = true;
}
]
}
Declared by:
<nixpkgs/nixos/modules/services/misc/xmrig.nix>
|
services.xray.enableWhether to run xray server.
Either settingsFile or settings must be specified.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/xray.nix>
|
services.xray.packageWhich xray package to use.
Type: package
Default: pkgs.xray
Declared by:
<nixpkgs/nixos/modules/services/networking/xray.nix>
|
services.xray.settingsThe configuration object.
Either settingsFile or settings must be specified.
See https://www.v2fly.org/en_US/config/overview.html.
Type: null or (attribute set of unspecified value)
Default: null
Example:
{
inbounds = [
{
listen = "127.0.0.1";
port = 1080;
protocol = "http";
}
];
outbounds = [
{
protocol = "freedom";
}
];
}Declared by:
<nixpkgs/nixos/modules/services/networking/xray.nix>
|
services.xray.settingsFileThe absolute path to the configuration file.
Either settingsFile or settings must be specified.
See https://www.v2fly.org/en_US/config/overview.html.
Type: null or path
Default: null
Example: "/etc/xray/config.json"
Declared by:
<nixpkgs/nixos/modules/services/networking/xray.nix>
|
services.xrdp.enableWhether to enable xrdp, the Remote Desktop Protocol server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/xrdp.nix>
|
services.xrdp.packageThe package to use for the xrdp daemon's binary.
Type: package
Default: pkgs.xrdp
Declared by:
<nixpkgs/nixos/modules/services/networking/xrdp.nix>
|
services.xrdp.confDirThe location of the config files for xrdp.
Type: path
Default: generated from configuration
Declared by:
<nixpkgs/nixos/modules/services/networking/xrdp.nix>
|
services.xrdp.defaultWindowManagerThe script to run when user log in, usually a window manager, e.g. "icewm", "xfce4-session" This is per-user overridable, if file ~/startwm.sh exists it will be used instead.
Type: string
Default: "xterm"
Example: "xfce4-session"
Declared by:
<nixpkgs/nixos/modules/services/networking/xrdp.nix>
|
services.xrdp.openFirewallWhether to open the firewall for the specified RDP port.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/xrdp.nix>
|
services.xrdp.portSpecifies on which port the xrdp daemon listens.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 3389
Declared by:
<nixpkgs/nixos/modules/services/networking/xrdp.nix>
|
services.xrdp.sslCertssl certificate path A self-signed certificate will be generated if file not exists.
Type: string
Default: "/etc/xrdp/cert.pem"
Example: "/path/to/your/cert.pem"
Declared by:
<nixpkgs/nixos/modules/services/networking/xrdp.nix>
|
services.xrdp.sslKeyssl private key path A self-signed certificate will be generated if file not exists.
Type: string
Default: "/etc/xrdp/key.pem"
Example: "/path/to/your/key.pem"
Declared by:
<nixpkgs/nixos/modules/services/networking/xrdp.nix>
|
services.xserver.enableWhether to enable the X server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.enableCtrlAltBackspaceWhether to enable the DontZap option, which binds Ctrl+Alt+Backspace to forcefully kill X. This can lead to data loss and is disabled by default.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.enableTCPWhether to allow the X server to accept TCP connections.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.autoRepeatDelaySets the autorepeat delay (length of time in milliseconds that a key must be depressed before autorepeat starts).
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.autoRepeatIntervalSets the autorepeat interval (length of time in milliseconds that should elapse between autorepeat-generated keystrokes).
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.autorunWhether to start the X server automatically.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.cmt.enableEnable chrome multitouch input (cmt). Touchpad drivers that are configured for chromebooks.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/cmt.nix>
|
services.xserver.cmt.modelsWhich models to enable cmt for. Enter the Code Name for your Chromebook. Code Name can be found at https://www.chromium.org/chromium-os/developer-information-for-chrome-os-devices.
Type: one of "atlas", "banjo", "candy", "caroline", "cave", "celes", "clapper", "cyan", "daisy", "elan", "elm", "enguarde", "eve", "expresso", "falco", "gandof", "glimmer", "gnawty", "heli", "kevin", "kip", "leon", "lulu", "orco", "pbody", "peppy", "pi", "pit", "puppy", "quawks", "rambi", "samus", "snappy", "spring", "squawks", "swanky", "winky", "wolf", "auron_paine", "auron_yuna", "daisy_skate", "nyan_big", "nyan_blaze", "veyron_jaq", "veyron_jerry", "veyron_mighty", "veyron_minnie", "veyron_speedy"
Example: "banjo"
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/cmt.nix>
|
services.xserver.configThe contents of the configuration file of the X server
(xorg.conf).
This option is set by multiple modules, and the configs are concatenated together.
In Xorg configs the last config entries take precedence,
so you may want to use lib.mkAfter on this option
to override NixOS's defaults.
Type: strings concatenated with "\n"
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.defaultDepthDefault colour depth.
Type: signed integer
Default: 0
Example: 8
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.desktopManager.cde.enableWhether to enable Common Desktop Environment.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/cde.nix>
|
services.xserver.desktopManager.cde.extraPackagesExtra packages to be installed system wide.
Type: list of package
Default:
with pkgs.xorg; [ xclock bitmap xlsfonts xfd xrefresh xload xwininfo xdpyinfo xwd xwud ]
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/cde.nix>
|
services.xserver.desktopManager.cinnamon.enableWhether to enable the cinnamon desktop manager.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/cinnamon.nix>
|
services.xserver.desktopManager.cinnamon.extraGSettingsOverridePackagesList of packages for which gsettings are overridden.
Type: list of path
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/cinnamon.nix>
|
services.xserver.desktopManager.cinnamon.extraGSettingsOverridesAdditional gsettings overrides.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/cinnamon.nix>
|
services.xserver.desktopManager.cinnamon.sessionPathAdditional list of packages to be added to the session search path. Useful for GSettings-conditional autostart.
Note that this should be a last resort; patching the package is preferred (see GPaste).
Type: list of package
Default: [ ]
Example: [ pkgs.gnome.gpaste ]
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/cinnamon.nix>
|
services.xserver.desktopManager.defaultDeprecated, please use services.xserver.displayManager.defaultSession instead.
Default desktop manager loaded if none have been chosen.
Type: null or string
Default: null
Example: "none"
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/default.nix>
|
services.xserver.desktopManager.enlightenment.enableEnable the Enlightenment desktop environment.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/enlightenment.nix>
|
services.xserver.desktopManager.gnome.enableEnable GNOME desktop manager.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/gnome.nix>
|
services.xserver.desktopManager.gnome.debugWhether to enable gnome-session debug messages.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/gnome.nix>
|
services.xserver.desktopManager.gnome.extraGSettingsOverridePackagesList of packages for which gsettings are overridden.
Type: list of path
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/gnome.nix>
|
services.xserver.desktopManager.gnome.extraGSettingsOverridesAdditional gsettings overrides.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/gnome.nix>
|
services.xserver.desktopManager.gnome.flashback.enableMetacityWhether to enable the standard GNOME Flashback session with Metacity.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/gnome.nix>
|
services.xserver.desktopManager.gnome.flashback.customSessionsOther GNOME Flashback sessions to enable.
Type: list of (submodule)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/gnome.nix>
|
services.xserver.desktopManager.gnome.flashback.customSessions.*.enableGnomePanelWhether to enable the GNOME panel in this session.
Type: boolean
Default: true
Example: false
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/gnome.nix>
|
services.xserver.desktopManager.gnome.flashback.customSessions.*.wmCommandThe executable of the window manager to use.
Type: string
Example: "${pkgs.haskellPackages.xmonad}/bin/xmonad"
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/gnome.nix>
|
services.xserver.desktopManager.gnome.flashback.customSessions.*.wmLabelThe name of the window manager to show in the session chooser.
Type: string
Example: "XMonad"
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/gnome.nix>
|
services.xserver.desktopManager.gnome.flashback.customSessions.*.wmNameA unique identifier for the window manager.
Type: string matching the pattern [a-zA-Z0-9_-]+
Example: "xmonad"
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/gnome.nix>
|
services.xserver.desktopManager.gnome.flashback.panelModulePackagesPackages containing modules that should be made available to gnome-panel (usually for applets).
If you're packaging something to use here, please install the modules in $out/lib/gnome-panel/modules.
Type: list of path
Default: [ pkgs.gnome.gnome-applets ]
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/gnome.nix>
|
services.xserver.desktopManager.gnome.sessionPathAdditional list of packages to be added to the session search path. Useful for GNOME Shell extensions or GSettings-conditional autostart.
Note that this should be a last resort; patching the package is preferred (see GPaste).
Type: list of package
Default: [ ]
Example: [ pkgs.gnome.gpaste ]
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/gnome.nix>
|
services.xserver.desktopManager.kodi.enableEnable the kodi multimedia center.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/kodi.nix>
|
services.xserver.desktopManager.kodi.packagePackage that should be used for Kodi.
Type: package
Default: pkgs.kodi
Example: pkgs.kodi.withPackages (p: with p; [ jellyfin pvr-iptvsimple vfs-sftp ])
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/kodi.nix>
|
services.xserver.desktopManager.lumina.enableEnable the Lumina desktop manager
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/lumina.nix>
|
services.xserver.desktopManager.lxqt.enableEnable the LXQt desktop manager
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/lxqt.nix>
|
services.xserver.desktopManager.mate.enableEnable the MATE desktop environment
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/mate.nix>
|
services.xserver.desktopManager.mate.debugWhether to enable mate-session debug messages.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/mate.nix>
|
services.xserver.desktopManager.pantheon.enableEnable the pantheon desktop manager
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/pantheon.nix>
|
services.xserver.desktopManager.pantheon.debugWhether to enable gnome-session debug messages.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/pantheon.nix>
|
services.xserver.desktopManager.pantheon.extraGSettingsOverridePackagesList of packages for which gsettings are overridden.
Type: list of path
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/pantheon.nix>
|
services.xserver.desktopManager.pantheon.extraGSettingsOverridesAdditional gsettings overrides.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/pantheon.nix>
|
services.xserver.desktopManager.pantheon.extraSwitchboardPlugsPlugs to add to Switchboard.
Type: null or (list of package)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/pantheon.nix>
|
services.xserver.desktopManager.pantheon.extraWingpanelIndicatorsIndicators to add to Wingpanel.
Type: null or (list of package)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/pantheon.nix>
|
services.xserver.desktopManager.pantheon.sessionPathAdditional list of packages to be added to the session search path. Useful for GSettings-conditional autostart.
Note that this should be a last resort; patching the package is preferred (see GPaste).
Type: list of package
Default: [ ]
Example: [ pkgs.gnome.gpaste ]
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/pantheon.nix>
|
services.xserver.desktopManager.phosh.enableEnable the Phone Shell.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/phosh.nix>
|
services.xserver.desktopManager.phosh.packagePackage that should be used for Phosh.
Type: package
Default: pkgs.phosh
Example: pkgs.phosh
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/phosh.nix>
|
services.xserver.desktopManager.phosh.groupThe group to run the Phosh service.
Type: string
Example: "users"
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/phosh.nix>
|
services.xserver.desktopManager.phosh.phocConfigConfigurations for the Phoc compositor.
Type: strings concatenated with "\n" or path or (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/phosh.nix>
|
services.xserver.desktopManager.phosh.userThe user to run the Phosh service.
Type: string
Example: "alice"
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/phosh.nix>
|
services.xserver.desktopManager.plasma5.enableEnable the Plasma 5 (KDE 5) desktop environment.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/plasma5.nix>
|
services.xserver.desktopManager.plasma5.bigscreen.enableEnable support for running the Plasma Bigscreen session.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/plasma5.nix>
|
services.xserver.desktopManager.plasma5.excludePackagesList of default packages to exclude from the configuration
Type: list of package
Default: [ ]
Example: [ pkgs.plasma5Packages.oxygen ]
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/plasma5.nix>
|
services.xserver.desktopManager.plasma5.mobile.enableEnable support for running the Plasma Mobile shell.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/plasma5.nix>
|
services.xserver.desktopManager.plasma5.mobile.installRecommendedSoftwareInstalls software recommended for use with Plasma Mobile, but which is not strictly required for Plasma Mobile to run.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/plasma5.nix>
|
services.xserver.desktopManager.plasma5.phononBackendPhonon audio backend to install.
Type: one of "gstreamer", "vlc"
Default: "gstreamer"
Example: "vlc"
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/plasma5.nix>
|
services.xserver.desktopManager.plasma5.runUsingSystemdUse systemd to manage the Plasma session
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/plasma5.nix>
|
services.xserver.desktopManager.plasma5.supportDDCSupport setting monitor brightness via DDC.
This is not needed for controlling brightness of the internal monitor of a laptop and as it is considered experimental by upstream, it is disabled by default.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/plasma5.nix>
|
services.xserver.desktopManager.plasma5.useQtScalingEnable HiDPI scaling in Qt.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/plasma5.nix>
|
services.xserver.desktopManager.retroarch.enableWhether to enable RetroArch.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/retroarch.nix>
|
services.xserver.desktopManager.retroarch.packageRetroArch package to use.
Type: package
Default: pkgs.retroarch
Example: pkgs.retroarch-full
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/retroarch.nix>
|
services.xserver.desktopManager.retroarch.extraArgsExtra arguments to pass to RetroArch.
Type: list of string
Default: [ ]
Example:
[ "--verbose" "--host" ]
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/retroarch.nix>
|
services.xserver.desktopManager.runXdgAutostartIfNoneWhether to run XDG autostart files for sessions without a desktop manager (with only a window manager), these sessions usually don't handle XDG autostart files by default.
Some services like i18n.inputMethod and
service.earlyoom use XDG autostart files to start.
If this option is not set to true and you are using
a window manager without a desktop manager, you need to manually start
them or running dex somewhere.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/none.nix>
|
services.xserver.desktopManager.surf-display.enableWhether to enable surf-display as a kiosk browser session.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/surf-display.nix>
|
services.xserver.desktopManager.surf-display.defaultWwwUriDefault URI to display.
Type: string
Default: "${pkgs.surf-display}/share/surf-display/empty-page.html"
Example: "https://www.example.com/"
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/surf-display.nix>
|
services.xserver.desktopManager.surf-display.extraConfigExtra configuration options to append to /etc/default/surf-display.
Type: strings concatenated with "\n"
Default: ""
Example:
'' # Enforce fixed resolution for all displays (default: not set): DEFAULT_RESOLUTION="1920x1080" # HTTP proxy URL, if needed (default: not set). HTTP_PROXY_URL="http://webcache:3128" # Configure individual display screens with host specific parameters: DISPLAYS['display-host-0']="www_uri=https://www.displayserver.comany.net/display-1/index.html" DISPLAYS['display-host-1']="www_uri=https://www.displayserver.comany.net/display-2/index.html" DISPLAYS['display-host-2']="www_uri=https://www.displayserver.comany.net/display-3/index.html|res=1920x1280" DISPLAYS['display-host-3']="www_uri=https://www.displayserver.comany.net/display-4/index.html"|res=1280x1024" DISPLAYS['display-host-local-file']="www_uri=file:///usr/share/doc/surf-display/empty-page.html" ''
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/surf-display.nix>
|
services.xserver.desktopManager.surf-display.hideIdlePointerHide idle mouse pointer.
Type: string
Default: "yes"
Example: "no"
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/surf-display.nix>
|
services.xserver.desktopManager.surf-display.inactivityIntervalSetting for internal inactivity timer to restart surf-display if the user goes inactive/idle to get a fresh session for the next user of the kiosk.
If this value is set to zero, the whole feature of restarting due to inactivity is disabled.
Type: signed integer
Default: 300
Example: 0
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/surf-display.nix>
|
services.xserver.desktopManager.surf-display.pointerButtonMapDisable right and middle pointer device click in browser sessions
while keeping scrolling wheels' functionality intact. See pointer
subcommand on man xmodmap for details.
Type: string
Default: "1 0 0 4 5 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0"
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/surf-display.nix>
|
services.xserver.desktopManager.surf-display.screensaverSettingsScreensaver settings, see man 1 xset for possible options.
Type: strings concatenated with " "
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/surf-display.nix>
|
services.xserver.desktopManager.wallpaper.combineScreensWhen set to true the wallpaper will stretch across all screens.
When set to false the wallpaper is duplicated to all screens.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/default.nix>
|
services.xserver.desktopManager.wallpaper.modeThe file ~/.background-image is used as a background image.
This option specifies the placement of this image onto your desktop.
Possible values:
center: Center the image on the background. If it is too small, it will be surrounded by a black border.
fill: Like scale, but preserves aspect ratio by zooming the image until it fits. Either a horizontal or a vertical part of the image will be cut off.
max: Like fill, but scale the image to the maximum size that fits the screen with black borders on one side.
scale: Fit the file into the background without repeating it, cutting off stuff or using borders. But the aspect ratio is not preserved either.
tile: Tile (repeat) the image in case it is too small for the screen.
Type: one of "center", "fill", "max", "scale", "tile"
Default: "scale"
Example: "fill"
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/default.nix>
|
services.xserver.desktopManager.xfce.enableEnable the Xfce desktop environment.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/xfce.nix>
|
services.xserver.desktopManager.xfce.enableScreensaverEnable the XFCE screensaver.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/xfce.nix>
|
services.xserver.desktopManager.xfce.enableXfwmEnable the XFWM (default) window manager.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/xfce.nix>
|
services.xserver.desktopManager.xfce.noDesktopDon't install XFCE desktop components (xfdesktop and panel).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/xfce.nix>
|
services.xserver.desktopManager.xterm.enableEnable a xterm terminal as a desktop manager.
Type: boolean
Default: versionOlder config.system.stateVersion "19.09" && config.services.xserver.enable;
Declared by:
<nixpkgs/nixos/modules/services/x11/desktop-managers/xterm.nix>
|
services.xserver.deviceSectionContents of the first Device section of the X server configuration file.
Type: strings concatenated with "\n"
Default: ""
Example: "VideoRAM 131072"
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.digimend.enableWhether to enable the digimend drivers for Huion/XP-Pen/etc. tablets.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/digimend.nix>
|
services.xserver.displayDisplay number for the X server.
Type: null or signed integer
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.displayManager.autoLoginAuto login configuration attrset.
Type: submodule
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/default.nix>
|
services.xserver.displayManager.autoLogin.enableAutomatically log in as autoLogin.user.
Type: boolean
Default: config.services.xserver.displayManager.autoLogin.user != null
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/default.nix>
|
services.xserver.displayManager.autoLogin.userUser to be used for the automatic login.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/default.nix>
|
services.xserver.displayManager.defaultSessionGraphical session to pre-select in the session chooser (only effective for GDM, LightDM and SDDM).
On GDM, LightDM and SDDM, it will also be used as a session for auto-login.
Type: session name
Default: Taken from display manager settings or window manager settings, if either is set.
Example: "gnome"
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/default.nix>
|
services.xserver.displayManager.gdm.enableWhether to enable GDM, the GNOME Display Manager.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/gdm.nix>
|
services.xserver.displayManager.gdm.autoLogin.delaySeconds of inactivity after which the autologin will be performed.
Type: signed integer
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/gdm.nix>
|
services.xserver.displayManager.gdm.autoSuspendOn the GNOME Display Manager login screen, suspend the machine after inactivity. (Does not affect automatic suspend while logged in, or at lock screen.)
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/gdm.nix>
|
services.xserver.displayManager.gdm.debugWhether to enable debugging messages in GDM.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/gdm.nix>
|
services.xserver.displayManager.gdm.settingsOptions passed to the gdm daemon. See here for supported options.
Type: attribute set of attribute set of (INI atom (null, bool, int, float or string))
Default: { }
Example:
{
debug = {
enable = true;
};
}Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/gdm.nix>
|
services.xserver.displayManager.gdm.waylandAllow GDM to run on Wayland instead of Xserver.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/gdm.nix>
|
services.xserver.displayManager.hiddenUsersA list of users which will not be shown in the display manager.
Type: list of string
Default:
[ "nobody" ]
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/default.nix>
|
services.xserver.displayManager.job.environmentAdditional environment variables needed by the display manager.
Type: attribute set of unspecified value
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/default.nix>
|
services.xserver.displayManager.job.execCmdCommand to start the display manager.
Type: string
Example: "${pkgs.lightdm}/bin/lightdm"
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/default.nix>
|
services.xserver.displayManager.job.logToFileWhether the display manager redirects the output of the
session script to ~/.xsession-errors.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/default.nix>
|
services.xserver.displayManager.job.logToJournalWhether the display manager redirects the output of the session script to the systemd journal.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/default.nix>
|
services.xserver.displayManager.job.preStartScript executed before the display manager is started.
Type: strings concatenated with "\n"
Default: ""
Example: "rm -f /var/log/my-display-manager.log"
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/default.nix>
|
services.xserver.displayManager.lightdm.enableWhether to enable lightdm as the display manager.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm.nix>
|
services.xserver.displayManager.lightdm.autoLogin.timeoutShow the greeter for this many seconds before automatic login occurs.
Type: signed integer
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm.nix>
|
services.xserver.displayManager.lightdm.backgroundThe background image or color to use.
Type: path or string matching the pattern ^#[0-9]{6}$
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm.nix>
|
services.xserver.displayManager.lightdm.extraConfigExtra lines to append to LightDM section.
Type: strings concatenated with "\n"
Default: ""
Example:
'' user-authority-in-system-dir = true ''
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm.nix>
|
services.xserver.displayManager.lightdm.extraSeatDefaultsExtra lines to append to SeatDefaults section.
Type: strings concatenated with "\n"
Default: ""
Example:
'' greeter-show-manual-login=true ''
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm.nix>
|
services.xserver.displayManager.lightdm.greeter.enableIf set to false, run lightdm in greeterless mode. This only works if autologin is enabled and autoLogin.timeout is zero.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm.nix>
|
services.xserver.displayManager.lightdm.greeter.packageThe LightDM greeter to login via. The package should be a directory containing a .desktop file matching the name in the 'name' option.
Type: package
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm.nix>
|
services.xserver.displayManager.lightdm.greeter.nameThe name of a .desktop file in the directory specified in the 'package' option.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm.nix>
|
services.xserver.displayManager.lightdm.greeters.enso.enableWhether to enable enso-os-greeter as the lightdm greeter
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/enso-os.nix>
|
services.xserver.displayManager.lightdm.greeters.enso.blurWhether or not to enable blur
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/enso-os.nix>
|
services.xserver.displayManager.lightdm.greeters.enso.brightnessBrightness
Type: signed integer
Default: 7
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/enso-os.nix>
|
services.xserver.displayManager.lightdm.greeters.enso.cursorTheme.packageThe package path that contains the cursor theme given in the name option.
Type: package
Default: pkgs.capitaine-cursors
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/enso-os.nix>
|
services.xserver.displayManager.lightdm.greeters.enso.cursorTheme.nameName of the cursor theme to use for the lightdm-enso-os-greeter
Type: string
Default: "capitane-cursors"
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/enso-os.nix>
|
services.xserver.displayManager.lightdm.greeters.enso.extraConfigExtra configuration that should be put in the greeter.conf configuration file
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/enso-os.nix>
|
services.xserver.displayManager.lightdm.greeters.enso.iconTheme.packageThe package path that contains the icon theme given in the name option.
Type: package
Default: pkgs.papirus-icon-theme
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/enso-os.nix>
|
services.xserver.displayManager.lightdm.greeters.enso.iconTheme.nameName of the icon theme to use for the lightdm-enso-os-greeter
Type: string
Default: "ePapirus"
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/enso-os.nix>
|
services.xserver.displayManager.lightdm.greeters.enso.theme.packageThe package path that contains the theme given in the name option.
Type: package
Default: pkgs.gnome.gnome-themes-extra
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/enso-os.nix>
|
services.xserver.displayManager.lightdm.greeters.enso.theme.nameName of the theme to use for the lightdm-enso-os-greeter
Type: string
Default: "Adwaita"
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/enso-os.nix>
|
services.xserver.displayManager.lightdm.greeters.gtk.enableWhether to enable lightdm-gtk-greeter as the lightdm greeter.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/gtk.nix>
|
services.xserver.displayManager.lightdm.greeters.gtk.clock-formatClock format string (as expected by strftime, e.g. "%H:%M") to use with the lightdm gtk greeter panel.
If set to null the default clock format is used.
Type: null or string
Default: null
Example: "%F"
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/gtk.nix>
|
services.xserver.displayManager.lightdm.greeters.gtk.cursorTheme.packageThe package path that contains the cursor theme given in the name option.
Type: package
Default: pkgs.gnome.adwaita-icon-theme
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/gtk.nix>
|
services.xserver.displayManager.lightdm.greeters.gtk.cursorTheme.nameName of the cursor theme to use for the lightdm-gtk-greeter.
Type: string
Default: "Adwaita"
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/gtk.nix>
|
services.xserver.displayManager.lightdm.greeters.gtk.cursorTheme.sizeSize of the cursor theme to use for the lightdm-gtk-greeter.
Type: signed integer
Default: 16
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/gtk.nix>
|
services.xserver.displayManager.lightdm.greeters.gtk.extraConfigExtra configuration that should be put in the lightdm-gtk-greeter.conf configuration file.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/gtk.nix>
|
services.xserver.displayManager.lightdm.greeters.gtk.iconTheme.packageThe package path that contains the icon theme given in the name option.
Type: package
Default: pkgs.gnome.adwaita-icon-theme
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/gtk.nix>
|
services.xserver.displayManager.lightdm.greeters.gtk.iconTheme.nameName of the icon theme to use for the lightdm-gtk-greeter.
Type: string
Default: "Adwaita"
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/gtk.nix>
|
services.xserver.displayManager.lightdm.greeters.gtk.indicatorsList of allowed indicator modules to use for the lightdm gtk greeter panel.
Built-in indicators include "~a11y", "~language", "~session", "~power", "~clock", "~host", "~spacer". Unity indicators can be represented by short name (e.g. "sound", "power"), service file name, or absolute path.
If set to null the default indicators are used.
Type: null or (list of string)
Default: null
Example:
[ "~host" "~spacer" "~clock" "~spacer" "~session" "~language" "~a11y" "~power" ]
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/gtk.nix>
|
services.xserver.displayManager.lightdm.greeters.gtk.theme.packageThe package path that contains the theme given in the name option.
Type: package
Default: pkgs.gnome.gnome-themes-extra
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/gtk.nix>
|
services.xserver.displayManager.lightdm.greeters.gtk.theme.nameName of the theme to use for the lightdm-gtk-greeter.
Type: string
Default: "Adwaita"
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/gtk.nix>
|
services.xserver.displayManager.lightdm.greeters.mini.enableWhether to enable lightdm-mini-greeter as the lightdm greeter.
Note that this greeter starts only the default X session.
You can configure the default X session using
services.xserver.displayManager.defaultSession.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/mini.nix>
|
services.xserver.displayManager.lightdm.greeters.mini.extraConfigExtra configuration that should be put in the lightdm-mini-greeter.conf configuration file.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/mini.nix>
|
services.xserver.displayManager.lightdm.greeters.mini.userThe user to login as.
Type: string
Default: "root"
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/mini.nix>
|
services.xserver.displayManager.lightdm.greeters.mobile.enableWhether to enable lightdm-mobile-greeter as the lightdm greeter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/mobile.nix>
|
services.xserver.displayManager.lightdm.greeters.pantheon.enableWhether to enable elementary-greeter as the lightdm greeter.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/pantheon.nix>
|
services.xserver.displayManager.lightdm.greeters.slick.enableWhether to enable lightdm-slick-greeter as the lightdm greeter.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/slick.nix>
|
services.xserver.displayManager.lightdm.greeters.slick.cursorTheme.packageThe package path that contains the cursor theme given in the name option.
Type: package
Default: pkgs.gnome.adwaita-icon-theme
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/slick.nix>
|
services.xserver.displayManager.lightdm.greeters.slick.cursorTheme.nameName of the cursor theme to use for the lightdm-slick-greeter.
Type: string
Default: "Adwaita"
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/slick.nix>
|
services.xserver.displayManager.lightdm.greeters.slick.cursorTheme.sizeSize of the cursor theme to use for the lightdm-slick-greeter.
Type: signed integer
Default: 24
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/slick.nix>
|
services.xserver.displayManager.lightdm.greeters.slick.draw-user-backgroundsWhether to enable draw user backgrounds.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/slick.nix>
|
services.xserver.displayManager.lightdm.greeters.slick.extraConfigExtra configuration that should be put in the lightdm-slick-greeter.conf configuration file.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/slick.nix>
|
services.xserver.displayManager.lightdm.greeters.slick.font.packageThe package path that contains the font given in the name option.
Type: package
Default: pkgs.ubuntu_font_family
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/slick.nix>
|
services.xserver.displayManager.lightdm.greeters.slick.font.nameName of the font to use.
Type: string
Default: "Ubuntu 11"
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/slick.nix>
|
services.xserver.displayManager.lightdm.greeters.slick.iconTheme.packageThe package path that contains the icon theme given in the name option.
Type: package
Default: pkgs.gnome.adwaita-icon-theme
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/slick.nix>
|
services.xserver.displayManager.lightdm.greeters.slick.iconTheme.nameName of the icon theme to use for the lightdm-slick-greeter.
Type: string
Default: "Adwaita"
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/slick.nix>
|
services.xserver.displayManager.lightdm.greeters.slick.theme.packageThe package path that contains the theme given in the name option.
Type: package
Default: pkgs.gnome.gnome-themes-extra
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/slick.nix>
|
services.xserver.displayManager.lightdm.greeters.slick.theme.nameName of the theme to use for the lightdm-slick-greeter.
Type: string
Default: "Adwaita"
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/slick.nix>
|
services.xserver.displayManager.lightdm.greeters.tiny.enableWhether to enable lightdm-tiny-greeter as the lightdm greeter.
Note that this greeter starts only the default X session.
You can configure the default X session using
services.xserver.displayManager.defaultSession.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/tiny.nix>
|
services.xserver.displayManager.lightdm.greeters.tiny.extraConfigSection to describe style and ui.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/tiny.nix>
|
services.xserver.displayManager.lightdm.greeters.tiny.label.passThe string to represent the pass_text label.
Type: string
Default: "Password"
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/tiny.nix>
|
services.xserver.displayManager.lightdm.greeters.tiny.label.userThe string to represent the user_text label.
Type: string
Default: "Username"
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/lightdm-greeters/tiny.nix>
|
services.xserver.displayManager.sddm.enableWhether to enable sddm as the display manager.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/sddm.nix>
|
services.xserver.displayManager.sddm.enableHidpiWhether to enable automatic HiDPI mode.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/sddm.nix>
|
services.xserver.displayManager.sddm.autoLogin.minimumUidMinimum user ID for auto-login user.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 1000
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/sddm.nix>
|
services.xserver.displayManager.sddm.autoLogin.reloginIf true automatic login will kick in again on session exit (logout), otherwise it will only log in automatically when the display-manager is started.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/sddm.nix>
|
services.xserver.displayManager.sddm.autoNumlockEnable numlock at login.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/sddm.nix>
|
services.xserver.displayManager.sddm.settingsExtra settings merged in and overwriting defaults in sddm.conf.
Type: attribute set of attribute set of (INI atom (null, bool, int, float or string))
Default: { }
Example:
{
Autologin = {
Session = "plasma.desktop";
User = "john";
};
}Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/sddm.nix>
|
services.xserver.displayManager.sddm.setupScriptA script to execute when starting the display server. DEPRECATED, please
use services.xserver.displayManager.setupCommands.
Type: string
Default: ""
Example:
'' # workaround for using NVIDIA Optimus without Bumblebee xrandr --setprovideroutputsource modesetting NVIDIA-0 xrandr --auto ''
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/sddm.nix>
|
services.xserver.displayManager.sddm.stopScriptA script to execute when stopping the display server.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/sddm.nix>
|
services.xserver.displayManager.sddm.themeGreeter theme to use.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/sddm.nix>
|
services.xserver.displayManager.sessionList of sessions supported with the command used to start each
session. Each session script can set the
waitPID shell variable to make this script
wait until the end of the user session. Each script is used
to define either a window manager or a desktop manager. These
can be differentiated by setting the attribute
manage either to "window"
or "desktop".
The list of desktop manager and window manager should appear inside the display manager with the desktop manager name followed by the window manager name.
Type: list of (attribute set)
Default: [ ]
Example:
[ { manage = "desktop";
name = "xterm";
start = ''
${pkgs.xterm}/bin/xterm -ls &
waitPID=$!
'';
}
]
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/default.nix>
|
services.xserver.displayManager.sessionCommandsShell commands executed just before the window or desktop manager is started. These commands are not currently sourced for Wayland sessions.
Type: strings concatenated with "\n"
Default: ""
Example:
'' xmessage "Hello World!" & ''
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/default.nix>
|
services.xserver.displayManager.sessionPackagesA list of packages containing x11 or wayland session files to be passed to the display manager.
Type: list of package with provided sessions
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/default.nix>
|
services.xserver.displayManager.setupCommandsShell commands executed just after the X server has started.
This option is only effective for display managers for which this feature is supported; currently these are LightDM, GDM and SDDM.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/default.nix>
|
services.xserver.displayManager.startx.enableWhether to enable the dummy "startx" pseudo-display manager, which allows users to start X manually via the "startx" command from a vt shell. The X server runs under the user's id, not as root. The user must provide a ~/.xinitrc file containing session startup commands, see startx(1). This is not automatically generated from the desktopManager and windowManager settings.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/startx.nix>
|
services.xserver.displayManager.sx.enableWhether to enable the "sx" pseudo-display manager, which allows users to start manually via the "sx" command from a vt shell. The X server runs under the user's id, not as root. The user must provide a ~/.config/sx/sxrc file containing session startup commands, see sx(1). This is not automatically generated from the desktopManager and windowManager settings. sx doesn't have a way to directly set X server flags, but it can be done by overriding its xorgserver dependency.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/sx.nix>
|
services.xserver.displayManager.xpra.enableWhether to enable xpra as display manager.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/xpra.nix>
|
services.xserver.displayManager.xpra.authAuthentication to use when connecting to xpra
Type: string
Default: "pam"
Example: "password:value=mysecret"
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/xpra.nix>
|
services.xserver.displayManager.xpra.bindTcpBind xpra to TCP
Type: null or string
Default: "127.0.0.1:10000"
Example: "0.0.0.0:10000"
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/xpra.nix>
|
services.xserver.displayManager.xpra.desktopStart a desktop environment instead of seamless mode
Type: null or string
Default: null
Example: "gnome-shell"
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/xpra.nix>
|
services.xserver.displayManager.xpra.extraOptionsExtra xpra options
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/xpra.nix>
|
services.xserver.displayManager.xpra.pulseaudioWhether to enable pulseaudio audio streaming.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/xpra.nix>
|
services.xserver.displayManager.xserverArgsList of arguments for the X server.
Type: list of string
Default: [ ]
Example:
[ "-ac" "-logverbose" "-verbose" "-nolisten tcp" ]
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/default.nix>
|
services.xserver.displayManager.xserverBinPath to the X server used by display managers.
Type: path
Declared by:
<nixpkgs/nixos/modules/services/x11/display-managers/default.nix>
|
services.xserver.dpiForce global DPI resolution to use for X server. It's recommended to
use this only when DPI is detected incorrectly; also consider using
Monitor section in configuration file instead.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.excludePackagesWhich X11 packages to exclude from the default environment
Type: list of package
Default: [ ]
Example: [ pkgs.xterm ]
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.exportConfigurationWhether to symlink the X server configuration under
/etc/X11/xorg.conf.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.extraConfigAdditional contents (sections) included in the X server configuration file
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.extraDisplaySettingsLines to be added to every Display subsection of the Screen section.
Type: strings concatenated with "\n"
Default: ""
Example: "Virtual 2048 2048"
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.extraLayoutsExtra custom layouts that will be included in the xkb configuration. Information on how to create a new layout can be found here: https://www.x.org/releases/current/doc/xorg-docs/input/XKB-Enhancing.html#Defining_New_Layouts. For more examples see https://wiki.archlinux.org/index.php/X_KeyBoard_extension#Basic_examples
Type: attribute set of (submodule)
Default: { }
Example:
{
mine = {
description = "My custom xkb layout.";
languages = [ "eng" ];
symbolsFile = /path/to/my/layout;
};
}
Declared by:
<nixpkgs/nixos/modules/services/x11/extra-layouts.nix>
|
services.xserver.extraLayouts.<name>.compatFileThe path to the xkb compat file.
This file sets the compatibility state, used to preserve
compatibility with xkb-unaware programs.
It must contain a xkb_compat "name" { ... } block.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/x11/extra-layouts.nix>
|
services.xserver.extraLayouts.<name>.descriptionA short description of the layout.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/x11/extra-layouts.nix>
|
services.xserver.extraLayouts.<name>.geometryFileThe path to the xkb geometry file.
This (completely optional) file describes the physical layout of
keyboard, which maybe be used by programs to depict it.
It must contain a xkb_geometry "name" { ... } block.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/x11/extra-layouts.nix>
|
services.xserver.extraLayouts.<name>.keycodesFileThe path to the xkb keycodes file.
This file specifies the range and the interpretation of the raw
keycodes sent by the keyboard.
It must contain a xkb_keycodes "name" { ... } block.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/x11/extra-layouts.nix>
|
services.xserver.extraLayouts.<name>.languagesA list of languages provided by the layout. (Use ISO 639-2 codes, for example: "eng" for english)
Type: list of string
Declared by:
<nixpkgs/nixos/modules/services/x11/extra-layouts.nix>
|
services.xserver.extraLayouts.<name>.symbolsFileThe path to the xkb symbols file.
This is the most important file: it defines which symbol or action
maps to each key and must contain a
xkb_symbols "name" { ... } block.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/x11/extra-layouts.nix>
|
services.xserver.extraLayouts.<name>.typesFileThe path to the xkb types file.
This file specifies the key types that can be associated with
the various keyboard keys.
It must contain a xkb_types "name" { ... } block.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/x11/extra-layouts.nix>
|
services.xserver.filesSectionContents of the first Files section of the X server configuration file.
Type: strings concatenated with "\n"
Default: ""
Example: "FontPath \"/path/to/my/fonts\""
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.fontPathSet the X server FontPath. Defaults to null, which means the compiled in defaults will be used. See man xorg.conf for details.
Type: null or string
Default: null
Example: "unix/:7100"
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.gdk-pixbuf.modulePackagesPackages providing GDK-Pixbuf modules, for cache generation.
Type: list of package
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/x11/gdk-pixbuf.nix>
|
services.xserver.imwheel.enableWhether to enable IMWheel service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/imwheel.nix>
|
services.xserver.imwheel.extraOptionsAdditional command-line arguments to pass to imwheel.
Type: list of string
Default:
[ "--buttons=45" ]
Example:
[ "--debug" ]
Declared by:
<nixpkgs/nixos/modules/services/x11/imwheel.nix>
|
services.xserver.imwheel.rulesWindow class translation rules. /etc/X11/imwheelrc is generated based on this config which means this config is global for all users. See official man pages for more information.
Type: attribute set of string
Default: { }
Example:
{
".*" = ''
None, Up, Button4, 8
None, Down, Button5, 8
Shift_L, Up, Shift_L|Button4, 4
Shift_L, Down, Shift_L|Button5, 4
Control_L, Up, Control_L|Button4
Control_L, Down, Control_L|Button5
'';
}
Declared by:
<nixpkgs/nixos/modules/services/x11/imwheel.nix>
|
services.xserver.inputClassSectionsContent of additional InputClass sections of the X server configuration file.
Type: list of strings concatenated with "\n"
Default: [ ]
Example:
[ ''
Identifier "Trackpoint Wheel Emulation"
MatchProduct "ThinkPad USB Keyboard with TrackPoint"
Option "EmulateWheel" "true"
Option "EmulateWheelButton" "2"
Option "Emulate3Buttons" "false"
''
]
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.layoutKeyboard layout, or multiple keyboard layouts separated by commas.
Type: string
Default: "us"
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.libinput.enableWhether to enable libinput.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/libinput.nix>
|
services.xserver.libinput.mouse.accelProfileSets the pointer acceleration profile to the given profile.
Permitted values are adaptive, flat.
Not all devices support this option or all profiles.
If a profile is unsupported, the default profile for this is used.
flat: Pointer motion is accelerated by a constant
(device-specific) factor, depending on the current speed.
adaptive: Pointer acceleration depends on the input speed.
This is the default profile for most devices.
Type: one of "flat", "adaptive"
Default: "adaptive"
Example: "flat"
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/libinput.nix>
|
services.xserver.libinput.mouse.accelSpeedCursor acceleration (how fast speed increases from minSpeed to maxSpeed).
Type: null or string
Default: null
Example: "-0.5"
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/libinput.nix>
|
services.xserver.libinput.mouse.additionalOptionsAdditional options for libinput mouse driver. See libinput(4) for available options.";
Type: strings concatenated with "\n"
Default: ""
Example:
'' Option "DragLockButtons" "L1 B1 L2 B2" ''
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/libinput.nix>
|
services.xserver.libinput.mouse.buttonMappingSets the logical button mapping for this device, see XSetPointerMapping(3). The string must be a space-separated list of button mappings in the order of the logical buttons on the device, starting with button 1. The default mapping is "1 2 3 ... 32". A mapping of 0 deac‐ tivates the button. Multiple buttons can have the same mapping. Invalid mapping strings are discarded and the default mapping is used for all buttons. Buttons not specified in the user's mapping use the default mapping. See section BUTTON MAPPING for more details.
Type: null or string
Default: null
Example: "1 6 3 4 5 0 7"
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/libinput.nix>
|
services.xserver.libinput.mouse.calibrationMatrixA string of 9 space-separated floating point numbers. Sets the calibration matrix to the 3x3 matrix where the first row is (abc), the second row is (def) and the third row is (ghi).
Type: null or string
Default: null
Example: "0.5 0 0 0 0.8 0.1 0 0 1"
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/libinput.nix>
|
services.xserver.libinput.mouse.clickMethodEnables a click method. Permitted values are none,
buttonareas, clickfinger.
Not all devices support all methods, if an option is unsupported,
the default click method for this device is used.
Type: null or one of "none", "buttonareas", "clickfinger"
Default: null
Example: "buttonareas"
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/libinput.nix>
|
services.xserver.libinput.mouse.devPath for mouse device. Set to null to apply to any
auto-detected mouse.
Type: null or string
Default: null
Example: "/dev/input/event0"
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/libinput.nix>
|
services.xserver.libinput.mouse.disableWhileTypingDisable input method while typing.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/libinput.nix>
|
services.xserver.libinput.mouse.horizontalScrollingDisables horizontal scrolling. When disabled, this driver will discard any horizontal scroll events from libinput. Note that this does not disable horizontal scrolling, it merely discards the horizontal axis from any scroll events.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/libinput.nix>
|
services.xserver.libinput.mouse.leftHandedEnables left-handed button orientation, i.e. swapping left and right buttons.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/libinput.nix>
|
services.xserver.libinput.mouse.middleEmulationEnables middle button emulation. When enabled, pressing the left and right buttons simultaneously produces a middle mouse button click.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/libinput.nix>
|
services.xserver.libinput.mouse.naturalScrollingEnables or disables natural scrolling behavior.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/libinput.nix>
|
services.xserver.libinput.mouse.scrollButtonDesignates a button as scroll button. If the ScrollMethod is button and the button is logically held down, x/y axis movement is converted into scroll events.
Type: null or signed integer
Default: null
Example: 1
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/libinput.nix>
|
services.xserver.libinput.mouse.scrollMethodSpecify the scrolling method: twofinger, edge,
button, or none
Type: one of "twofinger", "edge", "button", "none"
Default: "twofinger"
Example: "edge"
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/libinput.nix>
|
services.xserver.libinput.mouse.sendEventsModeSets the send events mode to disabled, enabled,
or disabled-on-external-mouse
Type: one of "disabled", "enabled", "disabled-on-external-mouse"
Default: "enabled"
Example: "disabled"
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/libinput.nix>
|
services.xserver.libinput.mouse.tappingEnables or disables tap-to-click behavior.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/libinput.nix>
|
services.xserver.libinput.mouse.tappingButtonMapSet the button mapping for 1/2/3-finger taps to left/right/middle or left/middle/right, respectively.
Type: null or one of "lrm", "lmr"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/libinput.nix>
|
services.xserver.libinput.mouse.tappingDragLockEnables or disables drag lock during tapping behavior. When enabled, a finger up during tap- and-drag will not immediately release the button. If the finger is set down again within the timeout, the dragging process continues.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/libinput.nix>
|
services.xserver.libinput.mouse.transformationMatrixA string of 9 space-separated floating point numbers. Sets the transformation matrix to the 3x3 matrix where the first row is (abc), the second row is (def) and the third row is (ghi).
Type: null or string
Default: null
Example: "0.5 0 0 0 0.8 0.1 0 0 1"
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/libinput.nix>
|
services.xserver.libinput.touchpad.accelProfileSets the pointer acceleration profile to the given profile.
Permitted values are adaptive, flat.
Not all devices support this option or all profiles.
If a profile is unsupported, the default profile for this is used.
flat: Pointer motion is accelerated by a constant
(device-specific) factor, depending on the current speed.
adaptive: Pointer acceleration depends on the input speed.
This is the default profile for most devices.
Type: one of "flat", "adaptive"
Default: "adaptive"
Example: "flat"
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/libinput.nix>
|
services.xserver.libinput.touchpad.accelSpeedCursor acceleration (how fast speed increases from minSpeed to maxSpeed).
Type: null or string
Default: null
Example: "-0.5"
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/libinput.nix>
|
services.xserver.libinput.touchpad.additionalOptionsAdditional options for libinput touchpad driver. See libinput(4) for available options.";
Type: strings concatenated with "\n"
Default: ""
Example:
'' Option "DragLockButtons" "L1 B1 L2 B2" ''
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/libinput.nix>
|
services.xserver.libinput.touchpad.buttonMappingSets the logical button mapping for this device, see XSetPointerMapping(3). The string must be a space-separated list of button mappings in the order of the logical buttons on the device, starting with button 1. The default mapping is "1 2 3 ... 32". A mapping of 0 deac‐ tivates the button. Multiple buttons can have the same mapping. Invalid mapping strings are discarded and the default mapping is used for all buttons. Buttons not specified in the user's mapping use the default mapping. See section BUTTON MAPPING for more details.
Type: null or string
Default: null
Example: "1 6 3 4 5 0 7"
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/libinput.nix>
|
services.xserver.libinput.touchpad.calibrationMatrixA string of 9 space-separated floating point numbers. Sets the calibration matrix to the 3x3 matrix where the first row is (abc), the second row is (def) and the third row is (ghi).
Type: null or string
Default: null
Example: "0.5 0 0 0 0.8 0.1 0 0 1"
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/libinput.nix>
|
services.xserver.libinput.touchpad.clickMethodEnables a click method. Permitted values are none,
buttonareas, clickfinger.
Not all devices support all methods, if an option is unsupported,
the default click method for this device is used.
Type: null or one of "none", "buttonareas", "clickfinger"
Default: null
Example: "buttonareas"
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/libinput.nix>
|
services.xserver.libinput.touchpad.devPath for touchpad device. Set to null to apply to any
auto-detected touchpad.
Type: null or string
Default: null
Example: "/dev/input/event0"
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/libinput.nix>
|
services.xserver.libinput.touchpad.disableWhileTypingDisable input method while typing.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/libinput.nix>
|
services.xserver.libinput.touchpad.horizontalScrollingDisables horizontal scrolling. When disabled, this driver will discard any horizontal scroll events from libinput. Note that this does not disable horizontal scrolling, it merely discards the horizontal axis from any scroll events.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/libinput.nix>
|
services.xserver.libinput.touchpad.leftHandedEnables left-handed button orientation, i.e. swapping left and right buttons.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/libinput.nix>
|
services.xserver.libinput.touchpad.middleEmulationEnables middle button emulation. When enabled, pressing the left and right buttons simultaneously produces a middle mouse button click.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/libinput.nix>
|
services.xserver.libinput.touchpad.naturalScrollingEnables or disables natural scrolling behavior.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/libinput.nix>
|
services.xserver.libinput.touchpad.scrollButtonDesignates a button as scroll button. If the ScrollMethod is button and the button is logically held down, x/y axis movement is converted into scroll events.
Type: null or signed integer
Default: null
Example: 1
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/libinput.nix>
|
services.xserver.libinput.touchpad.scrollMethodSpecify the scrolling method: twofinger, edge,
button, or none
Type: one of "twofinger", "edge", "button", "none"
Default: "twofinger"
Example: "edge"
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/libinput.nix>
|
services.xserver.libinput.touchpad.sendEventsModeSets the send events mode to disabled, enabled,
or disabled-on-external-mouse
Type: one of "disabled", "enabled", "disabled-on-external-mouse"
Default: "enabled"
Example: "disabled"
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/libinput.nix>
|
services.xserver.libinput.touchpad.tappingEnables or disables tap-to-click behavior.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/libinput.nix>
|
services.xserver.libinput.touchpad.tappingButtonMapSet the button mapping for 1/2/3-finger taps to left/right/middle or left/middle/right, respectively.
Type: null or one of "lrm", "lmr"
Default: null
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/libinput.nix>
|
services.xserver.libinput.touchpad.tappingDragLockEnables or disables drag lock during tapping behavior. When enabled, a finger up during tap- and-drag will not immediately release the button. If the finger is set down again within the timeout, the dragging process continues.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/libinput.nix>
|
services.xserver.libinput.touchpad.transformationMatrixA string of 9 space-separated floating point numbers. Sets the transformation matrix to the 3x3 matrix where the first row is (abc), the second row is (def) and the third row is (ghi).
Type: null or string
Default: null
Example: "0.5 0 0 0 0.8 0.1 0 0 1"
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/libinput.nix>
|
services.xserver.logFileControls the file Xorg logs to.
The default of /dev/null is set so that systemd services (like displayManagers) only log to the journal and don't create their own log files.
Setting this to null will not pass the -logfile argument to Xorg which allows it to log to its default logfile locations instead (see man Xorg). You probably only want this behaviour when running Xorg manually (e.g. via startx).
Type: null or string
Default: "/dev/null"
Example: "/var/log/Xorg.0.log"
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.moduleSectionContents of the Module section of the X server configuration file.
Type: strings concatenated with "\n"
Default: ""
Example:
'' SubSection "extmod" EndSubsection ''
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.modulesPackages to be added to the module search path of the X server.
Type: list of path
Default: [ ]
Example: [ pkgs.xf86_input_wacom ]
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.monitorSectionContents of the first Monitor section of the X server configuration file.
Type: strings concatenated with "\n"
Default: ""
Example: "HorizSync 28-49"
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.resolutionsThe screen resolutions for the X server. The first element is the default resolution. If this list is empty, the X server will automatically configure the resolution.
Type: list of (attribute set)
Default: [ ]
Example:
[
{
x = 1600;
y = 1200;
}
{
x = 1024;
y = 786;
}
]Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.screenSectionContents of the first Screen section of the X server configuration file.
Type: strings concatenated with "\n"
Default: ""
Example:
'' Option "RandRRotation" "on" ''
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.serverFlagsSectionContents of the ServerFlags section of the X server configuration file.
Type: strings concatenated with "\n"
Default: ""
Example:
'' Option "BlankTime" "0" Option "StandbyTime" "0" Option "SuspendTime" "0" Option "OffTime" "0" ''
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.serverLayoutSectionContents of the ServerLayout section of the X server configuration file.
Type: strings concatenated with "\n"
Default: ""
Example:
'' Option "AIGLX" "true" ''
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.synaptics.enableWhether to enable touchpad support. Deprecated: Consider services.xserver.libinput.enable.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/synaptics.nix>
|
services.xserver.synaptics.accelFactorCursor acceleration (how fast speed increases from minSpeed to maxSpeed).
Type: null or string
Default: "0.001"
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/synaptics.nix>
|
services.xserver.synaptics.additionalOptionsAdditional options for synaptics touchpad driver.
Type: string
Default: ""
Example:
'' Option "RTCornerButton" "2" Option "RBCornerButton" "3" ''
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/synaptics.nix>
|
services.xserver.synaptics.buttonsMapRemap touchpad buttons.
Type: list of signed integer
Default:
[ 1 2 3 ]
Example:
[ 1 3 2 ]
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/synaptics.nix>
|
services.xserver.synaptics.devPath for touchpad device. Set to null to apply to any auto-detected touchpad.
Type: null or string
Default: null
Example: "/dev/input/event0"
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/synaptics.nix>
|
services.xserver.synaptics.fingersMapRemap several-fingers taps.
Type: list of signed integer
Default:
[ 1 2 3 ]
Example:
[ 1 3 2 ]
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/synaptics.nix>
|
services.xserver.synaptics.horizEdgeScrollWhether to enable horizontal edge drag-scrolling.
Type: boolean
Default: ! config.services.xserver.synaptics.horizTwoFingerScroll
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/synaptics.nix>
|
services.xserver.synaptics.horizTwoFingerScrollWhether to enable horizontal two-finger drag-scrolling.
Type: boolean
Default: config.services.xserver.synaptics.twoFingerScroll
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/synaptics.nix>
|
services.xserver.synaptics.horizontalScrollWhether to enable horizontal scrolling (on touchpad)
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/synaptics.nix>
|
services.xserver.synaptics.maxSpeedCursor speed factor for highest-speed finger motion.
Type: null or string
Default: "1.0"
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/synaptics.nix>
|
services.xserver.synaptics.minSpeedCursor speed factor for precision finger motion.
Type: null or string
Default: "0.6"
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/synaptics.nix>
|
services.xserver.synaptics.palmDetectWhether to enable palm detection (hardware support required)
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/synaptics.nix>
|
services.xserver.synaptics.palmMinWidthMinimum finger width at which touch is considered a palm
Type: null or signed integer
Default: null
Example: 5
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/synaptics.nix>
|
services.xserver.synaptics.palmMinZMinimum finger pressure at which touch is considered a palm
Type: null or signed integer
Default: null
Example: 20
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/synaptics.nix>
|
services.xserver.synaptics.scrollDeltaMove distance of the finger for a scroll event.
Type: null or signed integer
Default: null
Example: 75
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/synaptics.nix>
|
services.xserver.synaptics.tapButtonsWhether to enable tap buttons.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/synaptics.nix>
|
services.xserver.synaptics.twoFingerScrollWhether to enable two-finger drag-scrolling. Overridden by horizTwoFingerScroll and vertTwoFingerScroll.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/synaptics.nix>
|
services.xserver.synaptics.vertEdgeScrollWhether to enable vertical edge drag-scrolling.
Type: boolean
Default: ! config.services.xserver.synaptics.vertTwoFingerScroll
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/synaptics.nix>
|
services.xserver.synaptics.vertTwoFingerScrollWhether to enable vertical two-finger drag-scrolling.
Type: boolean
Default: config.services.xserver.synaptics.twoFingerScroll
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/synaptics.nix>
|
services.xserver.terminateOnResetWhether to terminate X upon server reset.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.ttyVirtual console for the X server.
Type: null or signed integer
Default: 7
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.updateDbusEnvironmentWhether to update the DBus activation environment after launching the desktop manager.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.verboseControls verbosity of X logging.
Type: null or signed integer
Default: 3
Example: 7
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.videoDriverThe name of the video driver for your graphics card. This
option is obsolete; please set the
services.xserver.videoDrivers instead.
Type: null or string
Default: null
Example: "i810"
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.videoDriversThe names of the video drivers the configuration supports. They will be tried in order until one that supports your card is found. Don't combine those with "incompatible" OpenGL implementations, e.g. free ones (mesa-based) with proprietary ones.
For unfree "nvidia*", the supported GPU lists are on https://www.nvidia.com/object/unix.html
Type: list of string
Default:
[ "amdgpu" "radeon" "nouveau" "modesetting" "fbdev" ]
Example:
[ "nvidia" "nvidiaLegacy390" "nvidiaLegacy340" "nvidiaLegacy304" "amdgpu-pro" ]
Related packages:
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.virtualScreenVirtual screen size for Xrandr.
Type: null or (attribute set)
Default: null
Example:
{
x = 2048;
y = 2048;
}Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.wacom.enableWhether to enable the Wacom touchscreen/digitizer/tablet. If you ever have any issues such as, try switching to terminal (ctrl-alt-F1) and back which will make Xorg reconfigure the device ?
If you're not satisfied by the default behaviour you can override
environment.etc."X11/xorg.conf.d/70-wacom.conf" in
configuration.nix easily.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/hardware/wacom.nix>
|
services.xserver.windowManager."2bwm".enableWhether to enable 2bwm.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/2bwm.nix>
|
services.xserver.windowManager.afterstep.enableWhether to enable afterstep.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/afterstep.nix>
|
services.xserver.windowManager.awesome.enableWhether to enable Awesome window manager.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/awesome.nix>
|
services.xserver.windowManager.awesome.packagePackage to use for running the Awesome WM.
Type: null or package
Default: null
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/awesome.nix>
|
services.xserver.windowManager.awesome.luaModulesList of lua packages available for being used in the Awesome configuration.
Type: list of package
Default: [ ]
Example: [ pkgs.luaPackages.vicious ]
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/awesome.nix>
|
services.xserver.windowManager.awesome.noArgbDisable client transparency support, which can be greatly detrimental to performance in some setups
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/awesome.nix>
|
services.xserver.windowManager.berry.enableWhether to enable berry.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/berry.nix>
|
services.xserver.windowManager.bspwm.enableWhether to enable bspwm.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/bspwm.nix>
|
services.xserver.windowManager.bspwm.packagebspwm package to use.
Type: package
Default: pkgs.bspwm
Example: pkgs.bspwm-unstable
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/bspwm.nix>
|
services.xserver.windowManager.bspwm.configFilePath to the bspwm configuration file. If null, $HOME/.config/bspwm/bspwmrc will be used.
Type: null or path
Default: null
Example: "${pkgs.bspwm}/share/doc/bspwm/examples/bspwmrc"
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/bspwm.nix>
|
services.xserver.windowManager.bspwm.sxhkd.packagesxhkd package to use.
Type: package
Default: pkgs.sxhkd
Example: pkgs.sxhkd-unstable
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/bspwm.nix>
|
services.xserver.windowManager.bspwm.sxhkd.configFilePath to the sxhkd configuration file. If null, $HOME/.config/sxhkd/sxhkdrc will be used.
Type: null or path
Default: null
Example: "${pkgs.bspwm}/share/doc/bspwm/examples/sxhkdrc"
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/bspwm.nix>
|
services.xserver.windowManager.clfswm.enableWhether to enable clfswm.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/clfswm.nix>
|
services.xserver.windowManager.clfswm.packageclfswm package to use.
Type: package
Default: pkgs.lispPackages.clfswm
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/clfswm.nix>
|
services.xserver.windowManager.cwm.enableWhether to enable cwm.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/cwm.nix>
|
services.xserver.windowManager.defaultDeprecated, please use services.xserver.displayManager.defaultSession instead.
Default window manager loaded if none have been chosen.
Type: null or string
Default: null
Example: "wmii"
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/default.nix>
|
services.xserver.windowManager.dwm.enableWhether to enable dwm.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/dwm.nix>
|
services.xserver.windowManager.dwm.packagedwm package to use.
Type: package
Default: pkgs.dwm
Example:
pkgs.dwm.overrideAttrs (oldAttrs: rec {
patches = [
(super.fetchpatch {
url = "https://dwm.suckless.org/patches/steam/dwm-steam-6.2.diff";
sha256 = "1ld1z3fh6p5f8gr62zknx3axsinraayzxw3rz1qwg73mx2zk5y1f";
})
];
})
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/dwm.nix>
|
services.xserver.windowManager.e16.enableWhether to enable e16.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/e16.nix>
|
services.xserver.windowManager.evilwm.enableWhether to enable evilwm.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/evilwm.nix>
|
services.xserver.windowManager.exwm.enableWhether to enable exwm.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/exwm.nix>
|
services.xserver.windowManager.exwm.enableDefaultConfigEnable an uncustomised exwm configuration.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/exwm.nix>
|
services.xserver.windowManager.exwm.extraPackagesExtra packages available to Emacs. The value must be a
function which receives the attrset defined in
emacs.pkgs as the sole argument.
Type: function that evaluates to a(n) list of package
Default: epkgs: []
Example:
epkgs: [ epkgs.emms epkgs.magit epkgs.proofgeneral ]
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/exwm.nix>
|
services.xserver.windowManager.exwm.loadScriptEmacs lisp code to be run after loading the user's init file. If enableDefaultConfig is true, this will be run before loading the default config.
Type: strings concatenated with "\n"
Default: "(require 'exwm)"
Example:
'' (require 'exwm) (exwm-enable) ''
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/exwm.nix>
|
services.xserver.windowManager.fluxbox.enableWhether to enable fluxbox.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/fluxbox.nix>
|
services.xserver.windowManager.fvwm2.enableWhether to enable Fvwm2 window manager.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/fvwm2.nix>
|
services.xserver.windowManager.fvwm2.gesturesWhether or not to enable libstroke for gesture support
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/fvwm2.nix>
|
services.xserver.windowManager.fvwm3.enableWhether to enable Fvwm3 window manager.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/fvwm3.nix>
|
services.xserver.windowManager.hackedbox.enableWhether to enable hackedbox.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/hackedbox.nix>
|
services.xserver.windowManager.herbstluftwm.enableWhether to enable herbstluftwm.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/herbstluftwm.nix>
|
services.xserver.windowManager.herbstluftwm.packageHerbstluftwm package to use.
Type: package
Default: pkgs.herbstluftwm
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/herbstluftwm.nix>
|
services.xserver.windowManager.herbstluftwm.configFilePath to the herbstluftwm configuration file. If left at the default value, $XDG_CONFIG_HOME/herbstluftwm/autostart will be used.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/herbstluftwm.nix>
|
services.xserver.windowManager.hypr.enableWhether to enable hypr.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/hypr.nix>
|
services.xserver.windowManager.i3.enableWhether to enable i3 window manager.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/i3.nix>
|
services.xserver.windowManager.i3.packagei3 package to use.
Type: package
Default: pkgs.i3
Example: pkgs.i3-gaps
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/i3.nix>
|
services.xserver.windowManager.i3.configFilePath to the i3 configuration file. If left at the default value, $HOME/.i3/config will be used.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/i3.nix>
|
services.xserver.windowManager.i3.extraPackagesExtra packages to be installed system wide.
Type: list of package
Default:
with pkgs; [ dmenu i3status i3lock ]
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/i3.nix>
|
services.xserver.windowManager.i3.extraSessionCommandsShell commands executed just before i3 is started.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/i3.nix>
|
services.xserver.windowManager.icewm.enableWhether to enable icewm.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/icewm.nix>
|
services.xserver.windowManager.jwm.enableWhether to enable jwm.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/jwm.nix>
|
services.xserver.windowManager.katriawm.enableWhether to enable katriawm.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/katriawm.nix>
|
services.xserver.windowManager.katriawm.packageThe katriawm package to use.
Type: package
Default: pkgs.katriawm
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/katriawm.nix>
|
services.xserver.windowManager.leftwm.enableWhether to enable leftwm.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/leftwm.nix>
|
services.xserver.windowManager.lwm.enableWhether to enable lwm.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/lwm.nix>
|
services.xserver.windowManager.metacity.enableWhether to enable metacity.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/metacity.nix>
|
services.xserver.windowManager.mlvwm.enableWhether to enable Macintosh-like Virtual Window Manager.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/mlvwm.nix>
|
services.xserver.windowManager.mlvwm.configFilePath to the mlvwm configuration file. If left at the default value, $HOME/.mlvwmrc will be used.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/mlvwm.nix>
|
services.xserver.windowManager.mwm.enableWhether to enable mwm.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/mwm.nix>
|
services.xserver.windowManager.notion.enableWhether to enable notion.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/notion.nix>
|
services.xserver.windowManager.openbox.enableWhether to enable openbox.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/openbox.nix>
|
services.xserver.windowManager.pekwm.enableWhether to enable pekwm.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/pekwm.nix>
|
services.xserver.windowManager.qtile.enableWhether to enable qtile.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/qtile.nix>
|
services.xserver.windowManager.qtile.packageThe qtile package to use.
Type: package
Default: pkgs.qtile
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/qtile.nix>
|
services.xserver.windowManager.ratpoison.enableWhether to enable ratpoison.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/ratpoison.nix>
|
services.xserver.windowManager.sawfish.enableWhether to enable sawfish.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/sawfish.nix>
|
services.xserver.windowManager.smallwm.enableWhether to enable smallwm.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/smallwm.nix>
|
services.xserver.windowManager.spectrwm.enableWhether to enable spectrwm.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/spectrwm.nix>
|
services.xserver.windowManager.stumpwm.enableWhether to enable stumpwm.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/stumpwm.nix>
|
services.xserver.windowManager.tinywm.enableWhether to enable tinywm.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/tinywm.nix>
|
services.xserver.windowManager.twm.enableWhether to enable twm.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/twm.nix>
|
services.xserver.windowManager.windowlab.enableWhether to enable windowlab.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/windowlab.nix>
|
services.xserver.windowManager.windowmaker.enableWhether to enable windowmaker.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/windowmaker.nix>
|
services.xserver.windowManager.wmderland.enableWhether to enable wmderland.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/wmderland.nix>
|
services.xserver.windowManager.wmderland.extraPackagesExtra packages to be installed system wide.
Type: list of package
Default:
with pkgs; [ rofi dunst light hsetroot feh rxvt-unicode ]
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/wmderland.nix>
|
services.xserver.windowManager.wmderland.extraSessionCommandsShell commands executed just before wmderland is started.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/wmderland.nix>
|
services.xserver.windowManager.wmii.enableWhether to enable wmii.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/wmii.nix>
|
services.xserver.windowManager.xmonad.enableWhether to enable xmonad.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/xmonad.nix>
|
services.xserver.windowManager.xmonad.enableConfiguredRecompileEnable recompilation even if config is set to a
non-null value. This adds the necessary Haskell dependencies (GHC with
packages) to the xmonad binary's environment.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/xmonad.nix>
|
services.xserver.windowManager.xmonad.enableContribAndExtrasEnable xmonad-{contrib,extras} in Xmonad.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/xmonad.nix>
|
services.xserver.windowManager.xmonad.configConfiguration from which XMonad gets compiled. If no value is specified, a vanilla xmonad binary is put in PATH, which will attempt to recompile and exec your xmonad config from $HOME/.xmonad. This setup is then analogous to other (non-NixOS) linux distributions.
If you do set this option, you likely want to use "launch" as your
entry point for xmonad (as in the example), to avoid xmonad's
recompilation logic on startup. Doing so will render the default
"mod+q" restart key binding dysfunctional though, because that attempts
to call your binary with the "--restart" command line option, unless
you implement that yourself. You way mant to bind "mod+q" to
(restart "xmonad" True) instead, which will just restart
xmonad from PATH. This allows e.g. switching to the new xmonad binary
after rebuilding your system with nixos-rebuild.
For the same reason, ghc is not added to the environment when this
option is set, unless enableConfiguredRecompile is
set to true.
If you actually want to run xmonad with a config specified here, but
also be able to recompile and restart it from a copy of that source in
$HOME/.xmonad on the fly, set enableConfiguredRecompile
to true and implement something like "compileRestart"
from the example.
This should allow you to switch at will between the local xmonad and
the one NixOS puts in your PATH.
Type: null or path or string
Default: null
Example:
''
import XMonad
import XMonad.Util.EZConfig (additionalKeys)
import Control.Monad (when)
import Text.Printf (printf)
import System.Posix.Process (executeFile)
import System.Info (arch,os)
import System.Environment (getArgs)
import System.FilePath ((</>))
compiledConfig = printf "xmonad-%s-%s" arch os
myConfig = defaultConfig
{ modMask = mod4Mask -- Use Super instead of Alt
, terminal = "urxvt" }
`additionalKeys`
[ ( (mod4Mask,xK_r), compileRestart True)
, ( (mod4Mask,xK_q), restart "xmonad" True ) ]
compileRestart resume = do
dirs <- asks directories
whenX (recompile dirs True) $ do
when resume writeStateToFile
catchIO
( do
args <- getArgs
executeFile (cacheDir dirs </> compiledConfig) False args Nothing
)
main = getDirectories >>= launch myConfig
--------------------------------------------
{- For versions before 0.17.0 use this instead -}
--------------------------------------------
-- compileRestart resume =
-- whenX (recompile True) $
-- when resume writeStateToFile
-- *> catchIO
-- ( do
-- dir <- getXMonadDataDir
-- args <- getArgs
-- executeFile (dir </> compiledConfig) False args Nothing
-- )
--
-- main = launch myConfig
--------------------------------------------
''Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/xmonad.nix>
|
services.xserver.windowManager.xmonad.extraPackagesExtra packages available to ghc when rebuilding Xmonad. The
value must be a function which receives the attrset defined
in haskellPackages as the sole argument.
Type: function that evaluates to a(n) list of package
Default: self: []
Example:
haskellPackages: [ haskellPackages.xmonad-contrib haskellPackages.monad-logger ]
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/xmonad.nix>
|
services.xserver.windowManager.xmonad.ghcArgsCommand line arguments passed to the compiler (ghc) invocation when xmonad.config is set.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/xmonad.nix>
|
services.xserver.windowManager.xmonad.haskellPackageshaskellPackages used to build Xmonad and other packages.
This can be used to change the GHC version used to build
Xmonad and the packages listed in
extraPackages.
Type: attribute set
Default: pkgs.haskellPackages
Example: pkgs.haskell.packages.ghc810
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/xmonad.nix>
|
services.xserver.windowManager.xmonad.xmonadCliArgsCommand line arguments passed to the xmonad binary.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/xmonad.nix>
|
services.xserver.windowManager.yeahwm.enableWhether to enable yeahwm.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/window-managers/yeahwm.nix>
|
services.xserver.xautolock.enableWhether to enable xautolock.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/xautolock.nix>
|
services.xserver.xautolock.enableNotifierWhether to enable the notifier feature of xautolock. This publishes a notification before the autolock.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/x11/xautolock.nix>
|
services.xserver.xautolock.extraOptionsAdditional command-line arguments to pass to xautolock.
Type: list of string
Default: [ ]
Example:
[ "-detectsleep" ]
Declared by:
<nixpkgs/nixos/modules/services/x11/xautolock.nix>
|
services.xserver.xautolock.killerThe script to use when nothing has happened for as long as killtime
Type: null or string
Default: null
Example: "/run/current-system/systemd/bin/systemctl suspend"
Declared by:
<nixpkgs/nixos/modules/services/x11/xautolock.nix>
|
services.xserver.xautolock.killtimeMinutes xautolock waits until it executes the script specified in killer
(Has to be at least 10 minutes)
Type: signed integer
Default: 20
Declared by:
<nixpkgs/nixos/modules/services/x11/xautolock.nix>
|
services.xserver.xautolock.lockerThe script to use when automatically locking the computer.
Type: string
Default: "${pkgs.xlockmore}/bin/xlock"
Example: "${pkgs.i3lock}/bin/i3lock -i /path/to/img"
Declared by:
<nixpkgs/nixos/modules/services/x11/xautolock.nix>
|
services.xserver.xautolock.notifierNotification script to be used to warn about the pending autolock.
Type: null or string
Default: null
Example: "${pkgs.libnotify}/bin/notify-send 'Locking in 10 seconds'"
Declared by:
<nixpkgs/nixos/modules/services/x11/xautolock.nix>
|
services.xserver.xautolock.notifyTime (in seconds) before the actual lock when the notification about the pending lock should be published.
Type: signed integer
Default: 10
Declared by:
<nixpkgs/nixos/modules/services/x11/xautolock.nix>
|
services.xserver.xautolock.nowlockerThe script to use when manually locking the computer with xautolock -locknow.
Type: null or string
Default: null
Example: "${pkgs.i3lock}/bin/i3lock -i /path/to/img"
Declared by:
<nixpkgs/nixos/modules/services/x11/xautolock.nix>
|
services.xserver.xautolock.timeIdle time (in minutes) to wait until xautolock locks the computer.
Type: signed integer
Default: 15
Declared by:
<nixpkgs/nixos/modules/services/x11/xautolock.nix>
|
services.xserver.xkbDirPath used for -xkbdir xserver parameter.
Type: path
Default: "${pkgs.xkeyboard_config}/etc/X11/xkb"
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.xkbModelKeyboard model.
Type: string
Default: "pc104"
Example: "presario"
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.xkbOptionsX keyboard options; layout switching goes here.
Type: strings concatenated with ","
Default: "terminate:ctrl_alt_bksp"
Example: "grp:caps_toggle,grp_led:scroll"
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.xkbVariantX keyboard variant.
Type: string
Default: ""
Example: "colemak"
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.xrandrHeadsMultiple monitor configuration, just specify a list of XRandR outputs. The individual elements should be either simple strings or an attribute set of output options.
If the element is a string, it is denoting the physical output for a
monitor, if it's an attribute set, you must at least provide the
output option.
The monitors will be mapped from left to right in the order of the list.
By default, the first monitor will be set as the primary monitor if
none of the elements contain an option that has set
primary to true.
Only one monitor is allowed to be primary.
Be careful using this option with multiple graphic adapters or with drivers that have poor support for XRandR, unexpected things might happen with those.
Type: list of ((submodule) or string convertible to it)
Default: [ ]
Example:
[
"HDMI-0"
{
output = "DVI-0";
primary = true;
}
{
monitorConfig = "Option \"Rotate\" \"left\"";
output = "DVI-1";
}
]Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.xrandrHeads.*.monitorConfigExtra lines to append to the Monitor section
verbatim. Available options are documented in the MONITOR section in
xorg.conf(5).
Type: strings concatenated with "\n"
Default: ""
Example:
'' DisplaySize 408 306 Option "DPMS" "false" ''
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.xrandrHeads.*.outputThe output name of the monitor, as shown by xrandr(1) invoked without arguments.
Type: string
Example: "DVI-0"
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xserver.xrandrHeads.*.primaryWhether this head is treated as the primary monitor,
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/x11/xserver.nix>
|
services.xtreemfs.enableWhether to enable XtreemFS.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/xtreemfs.nix>
|
services.xtreemfs.dir.enableWhether to enable XtreemFS DIR service.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/xtreemfs.nix>
|
services.xtreemfs.dir.addressIf specified, it defines the interface to listen on. If not specified, the service will listen on all interfaces (any).
Type: string
Default: ""
Example: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/xtreemfs.nix>
|
services.xtreemfs.dir.extraConfigConfiguration of XtreemFS DIR service. WARNING: configuration is saved as plaintext inside nix store. For more options: http://www.xtreemfs.org/xtfs-guide-1.5.1/index.html
Type: strings concatenated with "\n"
Default: ""
Example:
'' # specify whether SSL is required ssl.enabled = true ssl.service_creds.pw = passphrase ssl.service_creds.container = pkcs12 ssl.service_creds = /etc/xos/xtreemfs/truststore/certs/dir.p12 ssl.trusted_certs = /etc/xos/xtreemfs/truststore/certs/trusted.jks ssl.trusted_certs.pw = jks_passphrase ssl.trusted_certs.container = jks ''
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/xtreemfs.nix>
|
services.xtreemfs.dir.httpPortSpecifies the listen port for the HTTP service that returns the status page.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 30638
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/xtreemfs.nix>
|
services.xtreemfs.dir.portThe port to listen on for incoming connections (TCP).
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 32638
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/xtreemfs.nix>
|
services.xtreemfs.dir.replication.enableWhether to enable XtreemFS DIR replication plugin.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/xtreemfs.nix>
|
services.xtreemfs.dir.replication.extraConfigConfiguration of XtreemFS DIR replication plugin. WARNING: configuration is saved as plaintext inside nix store. For more options: http://www.xtreemfs.org/xtfs-guide-1.5.1/index.html
Type: strings concatenated with "\n"
Example:
'' # participants of the replication including this replica babudb.repl.participant.0 = 192.168.0.10 babudb.repl.participant.0.port = 35676 babudb.repl.participant.1 = 192.168.0.11 babudb.repl.participant.1.port = 35676 babudb.repl.participant.2 = 192.168.0.12 babudb.repl.participant.2.port = 35676 # number of servers that at least have to be up to date # To have a fault-tolerant system, this value has to be set to the # majority of nodes i.e., if you have three replicas, set this to 2 # Please note that a setup with two nodes provides no fault-tolerance. babudb.repl.sync.n = 2 # specify whether SSL is required babudb.ssl.enabled = true babudb.ssl.protocol = tlsv12 # server credentials for SSL handshakes babudb.ssl.service_creds = /etc/xos/xtreemfs/truststore/certs/osd.p12 babudb.ssl.service_creds.pw = passphrase babudb.ssl.service_creds.container = pkcs12 # trusted certificates for SSL handshakes babudb.ssl.trusted_certs = /etc/xos/xtreemfs/truststore/certs/trusted.jks babudb.ssl.trusted_certs.pw = jks_passphrase babudb.ssl.trusted_certs.container = jks babudb.ssl.authenticationWithoutEncryption = false ''
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/xtreemfs.nix>
|
services.xtreemfs.dir.syncModeThe sync mode influences how operations are committed to the disk log before the operation is acknowledged to the caller.
-ASYNC mode the writes to the disk log are buffered in memory by the operating system. This is the fastest mode but will lead to data loss in case of a crash, kernel panic or power failure. -SYNC_WRITE_METADATA opens the file with O_SYNC, the system will not buffer any writes. The operation will be acknowledged when data has been safely written to disk. This mode is slow but offers maximum data safety. However, BabuDB cannot influence the disk drive caches, this depends on the OS and hard disk model. -SYNC_WRITE similar to SYNC_WRITE_METADATA but opens file with O_DSYNC which means that only the data is commit to disk. This can lead to some data loss depending on the implementation of the underlying file system. Linux does not implement this mode. -FDATASYNC is similar to SYNC_WRITE but opens the file in asynchronous mode and calls fdatasync() after writing the data to disk. -FSYNC is similar to SYNC_WRITE_METADATA but opens the file in asynchronous mode and calls fsync() after writing the data to disk.
For best throughput use ASYNC, for maximum data safety use FSYNC.
(If xtreemfs.dir.replication.enable is true then FDATASYNC is forced)
Type: one of "ASYNC", "SYNC_WRITE_METADATA", "SYNC_WRITE", "FDATASYNC", "FSYNC"
Default: "FSYNC"
Example: "FDATASYNC"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/xtreemfs.nix>
|
services.xtreemfs.dir.uuidMust be set to a unique identifier, preferably a UUID according to
RFC 4122. UUIDs can be generated with uuidgen command, found in
the util-linux package.
Type: string
Example: "eacb6bab-f444-4ebf-a06a-3f72d7465e40"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/xtreemfs.nix>
|
services.xtreemfs.homeDirXtreemFS home dir for the xtreemfs user.
Type: path
Default: "/var/lib/xtreemfs"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/xtreemfs.nix>
|
services.xtreemfs.mrc.enableWhether to enable XtreemFS MRC service.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/xtreemfs.nix>
|
services.xtreemfs.mrc.addressIf specified, it defines the interface to listen on. If not specified, the service will listen on all interfaces (any).
Type: string
Default: ""
Example: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/xtreemfs.nix>
|
services.xtreemfs.mrc.extraConfigConfiguration of XtreemFS MRC service. WARNING: configuration is saved as plaintext inside nix store. For more options: http://www.xtreemfs.org/xtfs-guide-1.5.1/index.html
Type: strings concatenated with "\n"
Example:
'' osd_check_interval = 300 no_atime = true local_clock_renewal = 0 remote_time_sync = 30000 authentication_provider = org.xtreemfs.common.auth.NullAuthProvider # shared secret between the MRC and all OSDs capability_secret = iNG8UuQJrJ6XVDTe dir_service.host = 192.168.0.10 dir_service.port = 32638 # if replication is enabled dir_service.1.host = 192.168.0.11 dir_service.1.port = 32638 dir_service.2.host = 192.168.0.12 dir_service.2.port = 32638 # specify whether SSL is required ssl.enabled = true ssl.protocol = tlsv12 ssl.service_creds.pw = passphrase ssl.service_creds.container = pkcs12 ssl.service_creds = /etc/xos/xtreemfs/truststore/certs/mrc.p12 ssl.trusted_certs = /etc/xos/xtreemfs/truststore/certs/trusted.jks ssl.trusted_certs.pw = jks_passphrase ssl.trusted_certs.container = jks ''
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/xtreemfs.nix>
|
services.xtreemfs.mrc.httpPortSpecifies the listen port for the HTTP service that returns the status page.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 30636
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/xtreemfs.nix>
|
services.xtreemfs.mrc.portThe port to listen on for incoming connections (TCP).
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 32636
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/xtreemfs.nix>
|
services.xtreemfs.mrc.replication.enableWhether to enable XtreemFS MRC replication plugin.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/xtreemfs.nix>
|
services.xtreemfs.mrc.replication.extraConfigConfiguration of XtreemFS MRC replication plugin. WARNING: configuration is saved as plaintext inside nix store. For more options: http://www.xtreemfs.org/xtfs-guide-1.5.1/index.html
Type: strings concatenated with "\n"
Example:
'' # participants of the replication including this replica babudb.repl.participant.0 = 192.168.0.10 babudb.repl.participant.0.port = 35678 babudb.repl.participant.1 = 192.168.0.11 babudb.repl.participant.1.port = 35678 babudb.repl.participant.2 = 192.168.0.12 babudb.repl.participant.2.port = 35678 # number of servers that at least have to be up to date # To have a fault-tolerant system, this value has to be set to the # majority of nodes i.e., if you have three replicas, set this to 2 # Please note that a setup with two nodes provides no fault-tolerance. babudb.repl.sync.n = 2 # specify whether SSL is required babudb.ssl.enabled = true babudb.ssl.protocol = tlsv12 # server credentials for SSL handshakes babudb.ssl.service_creds = /etc/xos/xtreemfs/truststore/certs/osd.p12 babudb.ssl.service_creds.pw = passphrase babudb.ssl.service_creds.container = pkcs12 # trusted certificates for SSL handshakes babudb.ssl.trusted_certs = /etc/xos/xtreemfs/truststore/certs/trusted.jks babudb.ssl.trusted_certs.pw = jks_passphrase babudb.ssl.trusted_certs.container = jks babudb.ssl.authenticationWithoutEncryption = false ''
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/xtreemfs.nix>
|
services.xtreemfs.mrc.syncModeThe sync mode influences how operations are committed to the disk log before the operation is acknowledged to the caller.
-ASYNC mode the writes to the disk log are buffered in memory by the operating system. This is the fastest mode but will lead to data loss in case of a crash, kernel panic or power failure. -SYNC_WRITE_METADATA opens the file with O_SYNC, the system will not buffer any writes. The operation will be acknowledged when data has been safely written to disk. This mode is slow but offers maximum data safety. However, BabuDB cannot influence the disk drive caches, this depends on the OS and hard disk model. -SYNC_WRITE similar to SYNC_WRITE_METADATA but opens file with O_DSYNC which means that only the data is commit to disk. This can lead to some data loss depending on the implementation of the underlying file system. Linux does not implement this mode. -FDATASYNC is similar to SYNC_WRITE but opens the file in asynchronous mode and calls fdatasync() after writing the data to disk. -FSYNC is similar to SYNC_WRITE_METADATA but opens the file in asynchronous mode and calls fsync() after writing the data to disk.
For best throughput use ASYNC, for maximum data safety use FSYNC.
(If xtreemfs.mrc.replication.enable is true then FDATASYNC is forced)
Type: one of "ASYNC", "SYNC_WRITE_METADATA", "SYNC_WRITE", "FDATASYNC", "FSYNC"
Default: "FSYNC"
Example: "FDATASYNC"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/xtreemfs.nix>
|
services.xtreemfs.mrc.uuidMust be set to a unique identifier, preferably a UUID according to
RFC 4122. UUIDs can be generated with uuidgen command, found in
the util-linux package.
Type: string
Example: "eacb6bab-f444-4ebf-a06a-3f72d7465e41"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/xtreemfs.nix>
|
services.xtreemfs.osd.enableWhether to enable XtreemFS OSD service.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/xtreemfs.nix>
|
services.xtreemfs.osd.addressIf specified, it defines the interface to listen on. If not specified, the service will listen on all interfaces (any).
Type: string
Default: ""
Example: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/xtreemfs.nix>
|
services.xtreemfs.osd.extraConfigConfiguration of XtreemFS OSD service. WARNING: configuration is saved as plaintext inside nix store. For more options: http://www.xtreemfs.org/xtfs-guide-1.5.1/index.html
Type: strings concatenated with "\n"
Example:
'' local_clock_renewal = 0 remote_time_sync = 30000 report_free_space = true capability_secret = iNG8UuQJrJ6XVDTe dir_service.host = 192.168.0.10 dir_service.port = 32638 # if replication is used dir_service.1.host = 192.168.0.11 dir_service.1.port = 32638 dir_service.2.host = 192.168.0.12 dir_service.2.port = 32638 # specify whether SSL is required ssl.enabled = true ssl.service_creds.pw = passphrase ssl.service_creds.container = pkcs12 ssl.service_creds = /etc/xos/xtreemfs/truststore/certs/osd.p12 ssl.trusted_certs = /etc/xos/xtreemfs/truststore/certs/trusted.jks ssl.trusted_certs.pw = jks_passphrase ssl.trusted_certs.container = jks ''
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/xtreemfs.nix>
|
services.xtreemfs.osd.httpPortSpecifies the listen port for the HTTP service that returns the status page.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 30640
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/xtreemfs.nix>
|
services.xtreemfs.osd.portThe port to listen on for incoming connections (TCP and UDP).
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 32640
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/xtreemfs.nix>
|
services.xtreemfs.osd.uuidMust be set to a unique identifier, preferably a UUID according to
RFC 4122. UUIDs can be generated with uuidgen command, found in
the util-linux package.
Type: string
Example: "eacb6bab-f444-4ebf-a06a-3f72d7465e42"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/xtreemfs.nix>
|
services.yandex-disk.enableWhether to enable Yandex-disk client. See https://disk.yandex.ru/
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/yandex-disk.nix>
|
services.yandex-disk.directoryThe directory to use for Yandex.Disk storage
Type: path
Default: "/home/Yandex.Disk"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/yandex-disk.nix>
|
services.yandex-disk.excludesComma-separated list of directories which are excluded from synchronization.
Type: strings concatenated with ","
Default: ""
Example: "data,backup"
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/yandex-disk.nix>
|
services.yandex-disk.passwordYour yandex.com password. Warning: it will be world-readable in /nix/store.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/yandex-disk.nix>
|
services.yandex-disk.userThe user the yandex-disk daemon should run as.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/yandex-disk.nix>
|
services.yandex-disk.usernameYour yandex.com login name.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/network-filesystems/yandex-disk.nix>
|
services.yggdrasil.enableWhether to enable the yggdrasil system service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/yggdrasil.nix>
|
services.yggdrasil.packageYggdrasil package to use.
Type: package
Default: pkgs.yggdrasil
Declared by:
<nixpkgs/nixos/modules/services/networking/yggdrasil.nix>
|
services.yggdrasil.configFileA file which contains JSON configuration for yggdrasil.
See the settings option for more information.
Type: null or path
Default: null
Example: "/run/keys/yggdrasil.conf"
Declared by:
<nixpkgs/nixos/modules/services/networking/yggdrasil.nix>
|
services.yggdrasil.denyDhcpcdInterfacesDisable the DHCP client for any interface whose name matches any of the shell glob patterns in this list. Use this option to prevent the DHCP client from broadcasting requests on the yggdrasil network. It is only necessary to do so when yggdrasil is running in TAP mode, because TUN interfaces do not support broadcasting.
Type: list of string
Default: [ ]
Example:
[ "tap*" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/yggdrasil.nix>
|
services.yggdrasil.groupGroup to grant access to the Yggdrasil control socket. If null, only root can access the socket.
Type: null or string
Default: null
Example: "wheel"
Declared by:
<nixpkgs/nixos/modules/services/networking/yggdrasil.nix>
|
services.yggdrasil.openMulticastPortWhether to open the UDP port used for multicast peer
discovery. The NixOS firewall blocks link-local
communication, so in order to make local peering work you
will also need to set LinkLocalTCPPort in your
yggdrasil configuration (settings or
configFile) to a port number other than 0,
and then add that port to
networking.firewall.allowedTCPPorts.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/yggdrasil.nix>
|
services.yggdrasil.persistentKeysWhether to enable If enabled then keys will be generated once and Yggdrasil will retain the same IPv6 address when the service is restarted. Keys are stored at /var/lib/yggdrasil/keys.json. .
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/yggdrasil.nix>
|
services.yggdrasil.settingsConfiguration for yggdrasil, as a Nix attribute set.
Warning: this is stored in the WORLD-READABLE Nix store!
Therefore, it is not appropriate for private keys. If you
wish to specify the keys, use configFile.
If the persistentKeys is enabled then the
keys that are generated during activation will override
those in settings or
configFile.
If no keys are specified then ephemeral keys are generated and the Yggdrasil interface will have a random IPv6 address each time the service is started, this is the default.
If both configFile and settings
are supplied, they will be combined, with values from
configFile taking precedence.
You can use the command nix-shell -p yggdrasil --run "yggdrasil -genconf"
to generate default configuration values with documentation.
Type: JSON value
Default: { }
Example:
{
Listen = [
"tcp://0.0.0.0:xxxxx"
];
Peers = [
"tcp://aa.bb.cc.dd:eeeee"
"tcp://[aaaa:bbbb:cccc:dddd::eeee]:fffff"
];
}Declared by:
<nixpkgs/nixos/modules/services/networking/yggdrasil.nix>
|
services.ympd.enableWhether to enable ympd, the MPD Web GUI.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/audio/ympd.nix>
|
services.ympd.mpd.hostThe host where MPD is listening.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/audio/ympd.nix>
|
services.ympd.mpd.portThe port where MPD is listening.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: config.services.mpd.network.port
Example: 6600
Declared by:
<nixpkgs/nixos/modules/services/audio/ympd.nix>
|
services.ympd.webPortThe port where ympd's web interface will be available.
Type: string or 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: "8080"
Example: "ssl://8080:/path/to/ssl-private-key.pem"
Declared by:
<nixpkgs/nixos/modules/services/audio/ympd.nix>
|
services.youtrack.enableWhether to enable YouTrack service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/youtrack.nix>
|
services.youtrack.packagePackage to use.
Type: package
Default: pkgs.youtrack
Declared by:
<nixpkgs/nixos/modules/services/web-apps/youtrack.nix>
|
services.youtrack.addressThe interface youtrack will listen on.
Type: string
Default: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/youtrack.nix>
|
services.youtrack.baseUrlBase URL for youtrack. Will be auto-detected and stored in database.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/youtrack.nix>
|
services.youtrack.extraParamsExtra parameters to pass to youtrack. See https://www.jetbrains.com/help/youtrack/standalone/YouTrack-Java-Start-Parameters.html for more information.
Type: attribute set of string
Default: { }
Example:
{
"jetbrains.youtrack.overrideRootPassword" = "tortuga";
}
Declared by:
<nixpkgs/nixos/modules/services/web-apps/youtrack.nix>
|
services.youtrack.jvmOptsExtra options to pass to the JVM. See https://www.jetbrains.com/help/youtrack/standalone/Configure-JVM-Options.html for more information.
Type: strings concatenated with " "
Default: ""
Example: "-XX:MetaspaceSize=250m"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/youtrack.nix>
|
services.youtrack.maxMemoryMaximum Java heap size
Type: string
Default: "1g"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/youtrack.nix>
|
services.youtrack.maxMetaspaceSizeMaximum java Metaspace memory.
Type: string
Default: "350m"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/youtrack.nix>
|
services.youtrack.portThe port youtrack will listen on.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8080
Declared by:
<nixpkgs/nixos/modules/services/web-apps/youtrack.nix>
|
services.youtrack.statePathWhere to keep the youtrack database.
Type: path
Default: "/var/lib/youtrack"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/youtrack.nix>
|
services.youtrack.virtualHostName of the nginx virtual host to use and setup. If null, do not setup anything.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/youtrack.nix>
|
services.yubikey-agent.enableWhether to start yubikey-agent when you log in. Also sets SSH_AUTH_SOCK to point at yubikey-agent.
Note that yubikey-agent will use whatever pinentry is specified in programs.gnupg.agent.pinentryFlavor.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/security/yubikey-agent.nix>
|
services.yubikey-agent.packageThe package used for the yubikey-agent daemon.
Type: package
Default: pkgs.yubikey-agent
Declared by:
<nixpkgs/nixos/modules/services/security/yubikey-agent.nix>
|
services.zabbixAgent.enableWhether to enable the Zabbix Agent.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-agent.nix>
|
services.zabbixAgent.packageThe Zabbix package to use.
Type: package
Default: pkgs.zabbix.agent
Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-agent.nix>
|
services.zabbixAgent.extraPackagesPackages to be added to the Zabbix PATH.
Typically used to add executables for scripts, but can be anything.
Type: list of package
Default: with pkgs; [ nettools ]
Example: with pkgs; [ nettools mysql ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-agent.nix>
|
services.zabbixAgent.listen.ipList of comma delimited IP addresses that the agent should listen on.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-agent.nix>
|
services.zabbixAgent.listen.portAgent will listen on this port for connections from the server.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 10050
Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-agent.nix>
|
services.zabbixAgent.modulesA set of modules to load.
Type: attribute set of package
Default: { }
Example:
{
"dummy.so" = pkgs.stdenv.mkDerivation {
name = "zabbix-dummy-module-${cfg.package.version}";
src = cfg.package.src;
buildInputs = [ cfg.package ];
sourceRoot = "zabbix-${cfg.package.version}/src/modules/dummy";
installPhase = ''
mkdir -p $out/lib
cp dummy.so $out/lib/
'';
};
}
Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-agent.nix>
|
services.zabbixAgent.openFirewallOpen ports in the firewall for the Zabbix Agent.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-agent.nix>
|
services.zabbixAgent.serverThe IP address or hostname of the Zabbix server to connect to.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-agent.nix>
|
services.zabbixAgent.settingsZabbix Agent configuration. Refer to https://www.zabbix.com/documentation/current/manual/appendix/config/zabbix_agentd for details on supported values.
Type: attribute set of (signed integer or string or list of string)
Default: { }
Example:
{
DebugLevel = 4;
Hostname = "example.org";
}Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-agent.nix>
|
services.zabbixProxy.enableWhether to enable the Zabbix Proxy.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-proxy.nix>
|
services.zabbixProxy.packageThe Zabbix package to use.
Type: package
Default: pkgs.zabbix.proxy-pgsql
Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-proxy.nix>
|
services.zabbixProxy.database.createLocallyWhether to create a local database automatically.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-proxy.nix>
|
services.zabbixProxy.database.hostDatabase host address.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-proxy.nix>
|
services.zabbixProxy.database.nameDatabase name.
Type: string
Default: zabbix
Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-proxy.nix>
|
services.zabbixProxy.database.passwordFileA file containing the password corresponding to
database.user.
Type: null or path
Default: null
Example: "/run/keys/zabbix-dbpassword"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-proxy.nix>
|
services.zabbixProxy.database.portDatabase host port.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
if config.services.zabbixProxy.database.type == "mysql" then config.services.mysql.port else config.services.postgresql.port
Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-proxy.nix>
|
services.zabbixProxy.database.socketPath to the unix socket file to use for authentication.
Type: null or path
Default: null
Example: "/run/postgresql"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-proxy.nix>
|
services.zabbixProxy.database.typeDatabase engine to use.
Type: one of "mysql", "pgsql", "sqlite"
Default: "pgsql"
Example: "mysql"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-proxy.nix>
|
services.zabbixProxy.database.userDatabase user.
Type: string
Default: "zabbix"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-proxy.nix>
|
services.zabbixProxy.extraPackagesPackages to be added to the Zabbix PATH.
Typically used to add executables for scripts, but can be anything.
Type: list of package
Default: [ nettools nmap traceroute ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-proxy.nix>
|
services.zabbixProxy.listen.ipList of comma delimited IP addresses that the trapper should listen on. Trapper will listen on all network interfaces if this parameter is missing.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-proxy.nix>
|
services.zabbixProxy.listen.portListen port for trapper.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 10051
Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-proxy.nix>
|
services.zabbixProxy.modulesA set of modules to load.
Type: attribute set of package
Default: { }
Example:
{
"dummy.so" = pkgs.stdenv.mkDerivation {
name = "zabbix-dummy-module-${cfg.package.version}";
src = cfg.package.src;
buildInputs = [ cfg.package ];
sourceRoot = "zabbix-${cfg.package.version}/src/modules/dummy";
installPhase = ''
mkdir -p $out/lib
cp dummy.so $out/lib/
'';
};
}
Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-proxy.nix>
|
services.zabbixProxy.openFirewallOpen ports in the firewall for the Zabbix Proxy.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-proxy.nix>
|
services.zabbixProxy.serverThe IP address or hostname of the Zabbix server to connect to.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-proxy.nix>
|
services.zabbixProxy.settingsZabbix Proxy configuration. Refer to https://www.zabbix.com/documentation/current/manual/appendix/config/zabbix_proxy for details on supported values.
Type: attribute set of (signed integer or string or list of string)
Default: { }
Example:
{
CacheSize = "1G";
SSHKeyLocation = "/var/lib/zabbix/.ssh";
StartPingers = 32;
}Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-proxy.nix>
|
services.zabbixServer.enableWhether to enable the Zabbix Server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-server.nix>
|
services.zabbixServer.packageThe Zabbix package to use.
Type: package
Default: pkgs.zabbix.server-pgsql
Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-server.nix>
|
services.zabbixServer.database.createLocallyWhether to create a local database automatically.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-server.nix>
|
services.zabbixServer.database.hostDatabase host address.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-server.nix>
|
services.zabbixServer.database.nameDatabase name.
Type: string
Default: "zabbix"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-server.nix>
|
services.zabbixServer.database.passwordFileA file containing the password corresponding to
database.user.
Type: null or path
Default: null
Example: "/run/keys/zabbix-dbpassword"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-server.nix>
|
services.zabbixServer.database.portDatabase host port.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
if config.services.zabbixServer.database.type == "mysql" then config.services.mysql.port else config.services.postgresql.port
Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-server.nix>
|
services.zabbixServer.database.socketPath to the unix socket file to use for authentication.
Type: null or path
Default: null
Example: "/run/postgresql"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-server.nix>
|
services.zabbixServer.database.typeDatabase engine to use.
Type: one of "mysql", "pgsql"
Default: "pgsql"
Example: "mysql"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-server.nix>
|
services.zabbixServer.database.userDatabase user.
Type: string
Default: "zabbix"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-server.nix>
|
services.zabbixServer.extraPackagesPackages to be added to the Zabbix PATH.
Typically used to add executables for scripts, but can be anything.
Type: list of package
Default: [ nettools nmap traceroute ]
Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-server.nix>
|
services.zabbixServer.listen.ipList of comma delimited IP addresses that the trapper should listen on. Trapper will listen on all network interfaces if this parameter is missing.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-server.nix>
|
services.zabbixServer.listen.portListen port for trapper.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 10051
Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-server.nix>
|
services.zabbixServer.modulesA set of modules to load.
Type: attribute set of package
Default: { }
Example:
{
"dummy.so" = pkgs.stdenv.mkDerivation {
name = "zabbix-dummy-module-${cfg.package.version}";
src = cfg.package.src;
buildInputs = [ cfg.package ];
sourceRoot = "zabbix-${cfg.package.version}/src/modules/dummy";
installPhase = ''
mkdir -p $out/lib
cp dummy.so $out/lib/
'';
};
}
Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-server.nix>
|
services.zabbixServer.openFirewallOpen ports in the firewall for the Zabbix Server.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-server.nix>
|
services.zabbixServer.settingsZabbix Server configuration. Refer to https://www.zabbix.com/documentation/current/manual/appendix/config/zabbix_server for details on supported values.
Type: attribute set of (signed integer or string or list of string)
Default: { }
Example:
{
CacheSize = "1G";
SSHKeyLocation = "/var/lib/zabbix/.ssh";
StartPingers = 32;
}Declared by:
<nixpkgs/nixos/modules/services/monitoring/zabbix-server.nix>
|
services.zabbixWeb.enableWhether to enable the Zabbix web interface.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/zabbix.nix>
|
services.zabbixWeb.packageWhich Zabbix package to use.
Type: package
Default: zabbix.web
Declared by:
<nixpkgs/nixos/modules/services/web-apps/zabbix.nix>
|
services.zabbixWeb.database.hostDatabase host address.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/zabbix.nix>
|
services.zabbixWeb.database.nameDatabase name.
Type: string
Default: "zabbix"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/zabbix.nix>
|
services.zabbixWeb.database.passwordFileA file containing the password corresponding to
database.user.
Type: null or path
Default: null
Example: "/run/keys/zabbix-dbpassword"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/zabbix.nix>
|
services.zabbixWeb.database.portDatabase host port.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default:
if config.services.zabbixWeb.database.type == "mysql" then config.services.mysql.port else if config.services.zabbixWeb.database.type == "pgsql" then config.services.postgresql.port else 1521
Declared by:
<nixpkgs/nixos/modules/services/web-apps/zabbix.nix>
|
services.zabbixWeb.database.socketPath to the unix socket file to use for authentication.
Type: null or path
Default: null
Example: "/run/postgresql"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/zabbix.nix>
|
services.zabbixWeb.database.typeDatabase engine to use.
Type: one of "mysql", "pgsql", "oracle"
Default: "pgsql"
Example: "mysql"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/zabbix.nix>
|
services.zabbixWeb.database.userDatabase user.
Type: string
Default: "zabbix"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/zabbix.nix>
|
services.zabbixWeb.extraConfigAdditional configuration to be copied verbatim into zabbix.conf.php.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/zabbix.nix>
|
services.zabbixWeb.poolConfigOptions for the Zabbix PHP pool. See the documentation on php-fpm.conf for details on configuration directives.
Type: attribute set of (string or signed integer or boolean)
Default:
{
pm = "dynamic";
"pm.max_children" = 32;
"pm.max_requests" = 500;
"pm.max_spare_servers" = 4;
"pm.min_spare_servers" = 2;
"pm.start_servers" = 2;
}Declared by:
<nixpkgs/nixos/modules/services/web-apps/zabbix.nix>
|
services.zabbixWeb.server.addressThe IP address or hostname of the Zabbix server to connect to.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/zabbix.nix>
|
services.zabbixWeb.server.portThe port of the Zabbix server to connect to.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 10051
Declared by:
<nixpkgs/nixos/modules/services/web-apps/zabbix.nix>
|
services.zabbixWeb.virtualHostApache configuration can be done by adapting services.httpd.virtualHosts.<name>.
See services.httpd.virtualHosts for further information.
Type: submodule
Example:
{
hostName = "zabbix.example.org";
adminAddr = "webmaster@example.org";
forceSSL = true;
enableACME = true;
}
Declared by:
<nixpkgs/nixos/modules/services/web-apps/zabbix.nix>
|
services.zabbixWeb.virtualHost.enableACMEWhether to ask Let's Encrypt to sign a certificate for this vhost.
Alternately, you can use an existing certificate through useACMEHost.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/zabbix.nix>
|
services.zabbixWeb.virtualHost.enableUserDirWhether to enable serving ~/public_html as
/~«username».
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/zabbix.nix>
|
services.zabbixWeb.virtualHost.acmeRootDirectory for the acme challenge which is PUBLIC, don't put certs or keys in here. Set to null to inherit from config.security.acme.
Type: null or string
Default: "/var/lib/acme/acme-challenge"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/zabbix.nix>
|
services.zabbixWeb.virtualHost.addSSLWhether to enable HTTPS in addition to plain HTTP. This will set defaults for
listen to listen on all interfaces on the respective default
ports (80, 443).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/zabbix.nix>
|
services.zabbixWeb.virtualHost.adminAddrE-mail address of the server administrator.
Type: null or string
Default: null
Example: "admin@example.org"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/zabbix.nix>
|
services.zabbixWeb.virtualHost.documentRootThe path of Apache's document root directory. If left undefined, an empty directory in the Nix store will be used as root.
Type: null or path
Default: null
Example: "/data/webserver/docs"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/zabbix.nix>
|
services.zabbixWeb.virtualHost.extraConfigThese lines go to httpd.conf verbatim. They will go after directories and directory aliases defined by default.
Type: strings concatenated with "\n"
Default: ""
Example:
''
<Directory /home>
Options FollowSymlinks
AllowOverride All
</Directory>
''Declared by:
<nixpkgs/nixos/modules/services/web-apps/zabbix.nix>
|
services.zabbixWeb.virtualHost.forceSSLWhether to add a separate nginx server block that permanently redirects (301)
all plain HTTP traffic to HTTPS. This will set defaults for
listen to listen on all interfaces on the respective default
ports (80, 443), where the non-SSL listens are used for the redirect vhosts.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/zabbix.nix>
|
services.zabbixWeb.virtualHost.globalRedirectIf set, all requests for this host are redirected permanently to the given URL.
Type: null or string
Default: null
Example: "http://newserver.example.org/"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/zabbix.nix>
|
services.zabbixWeb.virtualHost.hostNameCanonical hostname for the server.
Type: string
Default: "‹name›"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/zabbix.nix>
|
services.zabbixWeb.virtualHost.http2Whether to enable HTTP 2. HTTP/2 is supported in all multi-processing modules that come with httpd. However, if you use the prefork mpm, there will be severe restrictions. Refer to https://httpd.apache.org/docs/2.4/howto/http2.html#mpm-config for details.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/web-apps/zabbix.nix>
|
services.zabbixWeb.virtualHost.listenListen addresses and ports for this virtual host.
This option overrides addSSL, forceSSL and onlySSL.
If you only want to set the addresses manually and not the ports, take a look at listenAddresses.
Type: list of (submodule)
Default: [ ]
Example:
[
{
ip = "195.154.1.1";
port = 443;
ssl = true;
}
{
ip = "192.154.1.1";
port = 80;
}
{
ip = "*";
port = 8080;
}
]Declared by:
<nixpkgs/nixos/modules/services/web-apps/zabbix.nix>
|
services.zabbixWeb.virtualHost.listen.*.ipIP to listen on. 0.0.0.0 for IPv4 only, * for all.
Type: string
Default: "*"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/zabbix.nix>
|
services.zabbixWeb.virtualHost.listen.*.portPort to listen on
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Declared by:
<nixpkgs/nixos/modules/services/web-apps/zabbix.nix>
|
services.zabbixWeb.virtualHost.listen.*.sslWhether to enable SSL (https) support.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/zabbix.nix>
|
services.zabbixWeb.virtualHost.listenAddressesListen addresses for this virtual host.
Compared to listen this only sets the addresses
and the ports are chosen automatically.
Type: non-empty (list of string)
Default:
[ "*" ]
Example:
[ "127.0.0.1" ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/zabbix.nix>
|
services.zabbixWeb.virtualHost.locationsDeclarative location config. See https://httpd.apache.org/docs/2.4/mod/core.html#location for details.
Type: attribute set of (submodule)
Default: { }
Example:
{
"/" = {
proxyPass = "http://localhost:3000";
};
"/foo/bar.png" = {
alias = "/home/eelco/some-file.png";
};
};
Declared by:
<nixpkgs/nixos/modules/services/web-apps/zabbix.nix>
|
services.zabbixWeb.virtualHost.locations.<name>.aliasAlias directory for requests. See https://httpd.apache.org/docs/2.4/mod/mod_alias.html#alias.
Type: null or path
Default: null
Example: "/your/alias/directory"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/zabbix.nix>
|
services.zabbixWeb.virtualHost.locations.<name>.extraConfigThese lines go to the end of the location verbatim.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/web-apps/zabbix.nix>
|
services.zabbixWeb.virtualHost.locations.<name>.indexAdds DirectoryIndex directive. See https://httpd.apache.org/docs/2.4/mod/mod_dir.html#directoryindex.
Type: null or string
Default: null
Example: "index.php index.html"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/zabbix.nix>
|
services.zabbixWeb.virtualHost.locations.<name>.priorityOrder of this location block in relation to the others in the vhost.
The semantics are the same as with lib.mkOrder. Smaller values have
a greater priority.
Type: signed integer
Default: 1000
Declared by:
<nixpkgs/nixos/modules/services/web-apps/zabbix.nix>
|
services.zabbixWeb.virtualHost.locations.<name>.proxyPassSets up a simple reverse proxy as described by https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html#simple.
Type: null or string
Default: null
Example: "http://www.example.org/"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/zabbix.nix>
|
services.zabbixWeb.virtualHost.logFormatLog format for Apache's log files. Possible values are: combined, common, referer, agent.
Type: string
Default: "common"
Example: "combined"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/zabbix.nix>
|
services.zabbixWeb.virtualHost.onlySSLWhether to enable HTTPS and reject plain HTTP connections. This will set
defaults for listen to listen on all interfaces on port 443.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/web-apps/zabbix.nix>
|
services.zabbixWeb.virtualHost.robotsEntriesSpecification of pages to be ignored by web crawlers. See http://www.robotstxt.org/ for details.
Type: strings concatenated with "\n"
Default: ""
Example: "Disallow: /foo/"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/zabbix.nix>
|
services.zabbixWeb.virtualHost.servedDirsThis option provides a simple way to serve static directories.
Type: list of (attribute set)
Default: [ ]
Example:
[
{
dir = "/home/eelco/Dev/nix-homepage";
urlPath = "/nix";
}
]Declared by:
<nixpkgs/nixos/modules/services/web-apps/zabbix.nix>
|
services.zabbixWeb.virtualHost.servedFilesThis option provides a simple way to serve individual, static files.
This option has been deprecated and will be removed in a future
version of NixOS. You can achieve the same result by making use of
the locations.<name>.alias option.
Type: list of (attribute set)
Default: [ ]
Example:
[
{
file = "/home/eelco/some-file.png";
urlPath = "/foo/bar.png";
}
]Declared by:
<nixpkgs/nixos/modules/services/web-apps/zabbix.nix>
|
services.zabbixWeb.virtualHost.serverAliasesAdditional names of virtual hosts served by this virtual host configuration.
Type: list of string
Default: [ ]
Example:
[ "www.example.org" "www.example.org:8080" "example.org" ]
Declared by:
<nixpkgs/nixos/modules/services/web-apps/zabbix.nix>
|
services.zabbixWeb.virtualHost.sslServerCertPath to server SSL certificate.
Type: path
Example: "/var/host.cert"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/zabbix.nix>
|
services.zabbixWeb.virtualHost.sslServerChainPath to server SSL chain file.
Type: null or path
Default: null
Example: "/var/ca.pem"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/zabbix.nix>
|
services.zabbixWeb.virtualHost.sslServerKeyPath to server SSL certificate key.
Type: path
Example: "/var/host.key"
Declared by:
<nixpkgs/nixos/modules/services/web-apps/zabbix.nix>
|
services.zabbixWeb.virtualHost.useACMEHostA host of an existing Let's Encrypt certificate to use.
This is useful if you have many subdomains and want to avoid hitting the
rate limit.
Alternately, you can generate a certificate through enableACME.
Note that this option does not create any certificates, nor it does add subdomains to existing ones – you will need to create them manually using security.acme.certs.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/services/web-apps/zabbix.nix>
|
services.zammad.enableWhether to enable Zammad, a web-based, open source user support/ticketing solution..
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/development/zammad.nix>
|
services.zammad.packageZammad package to use.
Type: package
Default: pkgs.zammad
Declared by:
<nixpkgs/nixos/modules/services/development/zammad.nix>
|
services.zammad.dataDirPath to a folder that will contain Zammad working directory.
Type: path
Default: "/var/lib/zammad"
Declared by:
<nixpkgs/nixos/modules/services/development/zammad.nix>
|
services.zammad.database.createLocallyWhether to create a local database automatically.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/development/zammad.nix>
|
services.zammad.database.hostDatabase host address.
Type: null or string
Default:
{
PostgreSQL = "/run/postgresql";
MySQL = "localhost";
}.${config.services.zammad.database.type};
Declared by:
<nixpkgs/nixos/modules/services/development/zammad.nix>
|
services.zammad.database.nameDatabase name.
Type: string
Default: "zammad"
Declared by:
<nixpkgs/nixos/modules/services/development/zammad.nix>
|
services.zammad.database.passwordFileA file containing the password for services.zammad.database.user.
Type: null or path
Default: null
Example: "/run/keys/zammad-dbpassword"
Declared by:
<nixpkgs/nixos/modules/services/development/zammad.nix>
|
services.zammad.database.portDatabase port. Use null for default port.
Type: null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/development/zammad.nix>
|
services.zammad.database.settingsThe database.yml configuration file as key value set.
See <TODO>
for list of configuration parameters.
Type: YAML value
Default: { }
Example:
{
}
Declared by:
<nixpkgs/nixos/modules/services/development/zammad.nix>
|
services.zammad.database.typeDatabase engine to use.
Type: one of "PostgreSQL", "MySQL"
Default: "PostgreSQL"
Example: "MySQL"
Declared by:
<nixpkgs/nixos/modules/services/development/zammad.nix>
|
services.zammad.database.userDatabase user.
Type: null or string
Default: "zammad"
Declared by:
<nixpkgs/nixos/modules/services/development/zammad.nix>
|
services.zammad.hostHost address.
Type: string
Default: "127.0.0.1"
Example: "192.168.23.42"
Declared by:
<nixpkgs/nixos/modules/services/development/zammad.nix>
|
services.zammad.openPortsWhether to open firewall ports for Zammad
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/development/zammad.nix>
|
services.zammad.portWeb service port.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 3000
Declared by:
<nixpkgs/nixos/modules/services/development/zammad.nix>
|
services.zammad.secretKeyBaseFileThe path to a file containing the
secret_key_base secret.
Zammad uses secret_key_base to encrypt
the cookie store, which contains session data, and to digest
user auth tokens.
Needs to be a 64 byte long string of hexadecimal characters. You can generate one by running
openssl rand -hex 64 >/path/to/secret_key_base_file
This should be a string, not a nix path, since nix paths are copied into the world-readable nix store.
Type: null or path
Default: null
Example: "/run/keys/secret_key_base"
Declared by:
<nixpkgs/nixos/modules/services/development/zammad.nix>
|
services.zammad.websocketPortWebsocket service port.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 6042
Declared by:
<nixpkgs/nixos/modules/services/development/zammad.nix>
|
services.zeitgeist.enableWhether to enable zeitgeist.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/desktops/zeitgeist.nix>
|
services.zerobin.enableWhether to enable 0bin.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/zerobin.nix>
|
services.zerobin.dataDirPath to the 0bin data directory
Type: string
Default: "/var/lib/zerobin"
Declared by:
<nixpkgs/nixos/modules/services/networking/zerobin.nix>
|
services.zerobin.extraConfigExtra configuration to be appended to the 0bin config file (see https://0bin.readthedocs.org/en/latest/en/options.html)
Type: strings concatenated with "\n"
Default: ""
Example:
''
MENU = (
('Home', '/'),
)
COMPRESSED_STATIC_FILE = True
''Declared by:
<nixpkgs/nixos/modules/services/networking/zerobin.nix>
|
services.zerobin.groupThe group 0bin should run as
Type: string
Default: "zerobin"
Declared by:
<nixpkgs/nixos/modules/services/networking/zerobin.nix>
|
services.zerobin.listenAddressThe address zerobin should listen to
Type: string
Default: "localhost"
Example: "127.0.0.1"
Declared by:
<nixpkgs/nixos/modules/services/networking/zerobin.nix>
|
services.zerobin.listenPortThe port zerobin should listen on
Type: signed integer
Default: 8000
Example: 1357
Declared by:
<nixpkgs/nixos/modules/services/networking/zerobin.nix>
|
services.zerobin.userThe user 0bin should run as
Type: string
Default: "zerobin"
Declared by:
<nixpkgs/nixos/modules/services/networking/zerobin.nix>
|
services.zeronet.enableWhether to enable zeronet.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/zeronet.nix>
|
services.zeronet.packageZeroNet package to use
Type: package
Default: pkgs.zeronet
Declared by:
<nixpkgs/nixos/modules/services/networking/zeronet.nix>
|
services.zeronet.fileserverPortZeronet fileserver port.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 12261
Declared by:
<nixpkgs/nixos/modules/services/networking/zeronet.nix>
|
services.zeronet.portOptional zeronet web UI port.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 43110
Declared by:
<nixpkgs/nixos/modules/services/networking/zeronet.nix>
|
services.zeronet.settingszeronet.conf configuration. Refer to
https://zeronet.readthedocs.io/en/latest/faq/#is-it-possible-to-use-a-configuration-file
for details on supported values;
Type: attribute set of (string or signed integer or boolean or list of string)
Default: { }
Example: { global.tor = enable; }
Declared by:
<nixpkgs/nixos/modules/services/networking/zeronet.nix>
|
services.zeronet.torUse TOR for zeronet traffic where possible.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/zeronet.nix>
|
services.zeronet.torAlwaysUse TOR for all zeronet traffic.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/zeronet.nix>
|
services.zerotierone.enableWhether to enable ZeroTierOne.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/zerotierone.nix>
|
services.zerotierone.packageZeroTier One package to use.
Type: package
Default: pkgs.zerotierone
Declared by:
<nixpkgs/nixos/modules/services/networking/zerotierone.nix>
|
services.zerotierone.joinNetworksList of ZeroTier Network IDs to join on startup
Type: list of string
Default: [ ]
Example:
[ "a8a2c3c10c1a68de" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/zerotierone.nix>
|
services.zerotierone.portNetwork port used by ZeroTier.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 9993
Declared by:
<nixpkgs/nixos/modules/services/networking/zerotierone.nix>
|
services.zfs.autoReplication.enableWhether to enable ZFS snapshot replication..
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/backup/zfs-replication.nix>
|
services.zfs.autoReplication.followDeleteRemove remote snapshots that don't have a local correspondent.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/backup/zfs-replication.nix>
|
services.zfs.autoReplication.hostRemote host where snapshots should be sent. lz4 is expected to be installed on this host.
Type: string
Example: "example.com"
Declared by:
<nixpkgs/nixos/modules/services/backup/zfs-replication.nix>
|
services.zfs.autoReplication.identityFilePathPath to SSH key used to login to host.
Type: path
Example: "/home/username/.ssh/id_rsa"
Declared by:
<nixpkgs/nixos/modules/services/backup/zfs-replication.nix>
|
services.zfs.autoReplication.localFilesystemLocal ZFS filesystem from which snapshots should be sent. Defaults to the attribute name.
Type: string
Example: "pool/file/path"
Declared by:
<nixpkgs/nixos/modules/services/backup/zfs-replication.nix>
|
services.zfs.autoReplication.recursiveRecursively discover snapshots to send.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/backup/zfs-replication.nix>
|
services.zfs.autoReplication.remoteFilesystemRemote ZFS filesystem where snapshots should be sent.
Type: string
Example: "pool/file/path"
Declared by:
<nixpkgs/nixos/modules/services/backup/zfs-replication.nix>
|
services.zfs.autoReplication.usernameUsername used by SSH to login to remote host.
Type: string
Example: "username"
Declared by:
<nixpkgs/nixos/modules/services/backup/zfs-replication.nix>
|
services.zfs.autoScrub.enableWhether to enable periodic scrubbing of ZFS pools.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
|
services.zfs.autoScrub.intervalSystemd calendar expression when to scrub ZFS pools. See systemd.time(7).
Type: string
Default: "Sun, 02:00"
Example: "daily"
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
|
services.zfs.autoScrub.poolsList of ZFS pools to periodically scrub. If empty, all pools will be scrubbed.
Type: list of string
Default: [ ]
Example:
[ "tank" ]
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
|
services.zfs.autoSnapshot.enableEnable the (OpenSolaris-compatible) ZFS auto-snapshotting service.
Note that you must set the com.sun:auto-snapshot
property to true on all datasets which you wish
to auto-snapshot.
You can override a child dataset to use, or not use auto-snapshotting
by setting its flag with the given interval:
zfs set com.sun:auto-snapshot:weekly=false DATASET
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
|
services.zfs.autoSnapshot.dailyNumber of daily auto-snapshots that you wish to keep.
Type: signed integer
Default: 7
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
|
services.zfs.autoSnapshot.flagsFlags to pass to the zfs-auto-snapshot command.
Run zfs-auto-snapshot (without any arguments) to
see available flags.
If it's not too inconvenient for snapshots to have timestamps in UTC,
it is suggested that you append --utc to the list
of default options (see example).
Otherwise, snapshot names can cause name conflicts or apparent time reversals due to daylight savings, timezone or other date/time changes.
Type: string
Default: "-k -p"
Example: "-k -p --utc"
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
|
services.zfs.autoSnapshot.frequentNumber of frequent (15-minute) auto-snapshots that you wish to keep.
Type: signed integer
Default: 4
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
|
services.zfs.autoSnapshot.hourlyNumber of hourly auto-snapshots that you wish to keep.
Type: signed integer
Default: 24
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
|
services.zfs.autoSnapshot.monthlyNumber of monthly auto-snapshots that you wish to keep.
Type: signed integer
Default: 12
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
|
services.zfs.autoSnapshot.weeklyNumber of weekly auto-snapshots that you wish to keep.
Type: signed integer
Default: 4
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
|
services.zfs.expandOnBootAfter importing, expand each device in the specified pools.
Set the value to the plain string "all" to expand all pools on boot:
services.zfs.expandOnBoot = "all";
or set the value to a list of pools to expand the disks of specific pools:
services.zfs.expandOnBoot = [ "tank" "dozer" ];
Type: one of "disabled", "all" or list of string
Default: "disabled"
Example:
[ "tank" "dozer" ]
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
|
services.zfs.trim.enableWhether to enable periodic TRIM on all ZFS pools.
Type: boolean
Default: true
Example: false
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
|
services.zfs.trim.intervalHow often we run trim. For most desktop and server systems a sufficient trimming frequency is once a week.
The format is described in systemd.time(7).
Type: string
Default: "weekly"
Example: "daily"
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
|
services.zfs.zed.enableMailWhether to enable ZED's ability to send emails.
Type: boolean
Default: config.boot.zfs.package.enableMail
Example: true
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
|
services.zfs.zed.settingsZFS Event Daemon /etc/zfs/zed.d/zed.rc content
See zed(8) for details on ZED and the scripts in /etc/zfs/zed.d to find the possible variables
Type: attribute set of (string or signed integer or boolean or list of string)
Example:
{
ZED_DEBUG_LOG = "/tmp/zed.debug.log";
ZED_EMAIL_ADDR = [ "root" ];
ZED_EMAIL_PROG = "mail";
ZED_EMAIL_OPTS = "-s '@SUBJECT@' @ADDRESS@";
ZED_NOTIFY_INTERVAL_SECS = 3600;
ZED_NOTIFY_VERBOSE = false;
ZED_USE_ENCLOSURE_LEDS = true;
ZED_SCRUB_AFTER_RESILVER = false;
}
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems/zfs.nix>
|
services.zigbee2mqtt.enableWhether to enable zigbee2mqtt service.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/home-automation/zigbee2mqtt.nix>
|
services.zigbee2mqtt.packageZigbee2mqtt package to use
Type: package
Default:
pkgs.zigbee2mqtt
Declared by:
<nixpkgs/nixos/modules/services/home-automation/zigbee2mqtt.nix>
|
services.zigbee2mqtt.dataDirZigbee2mqtt data directory
Type: path
Default: "/var/lib/zigbee2mqtt"
Declared by:
<nixpkgs/nixos/modules/services/home-automation/zigbee2mqtt.nix>
|
services.zigbee2mqtt.settingsYour configuration.yaml as a Nix attribute set.
Check the documentation
for possible options.
Type: YAML value
Default: { }
Example:
{
homeassistant = config.services.home-assistant.enable;
permit_join = true;
serial = {
port = "/dev/ttyACM1";
};
}
Declared by:
<nixpkgs/nixos/modules/services/home-automation/zigbee2mqtt.nix>
|
services.znapzend.enableWhether to enable ZnapZend ZFS backup daemon.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/backup/znapzend.nix>
|
services.znapzend.autoCreationAutomatically create the destination dataset if it does not exist.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/backup/znapzend.nix>
|
services.znapzend.features.compressedWhether to enable compressed feature which adds the options -Lce to
the zfs send command. When this is enabled, make
sure that both the sending and receiving pool have the same relevant
features enabled. Using -c will skip unnecessary
decompress-compress stages, -L is for large block
support and -e is for embedded data support. see
znapzend(1)
and zfs(8)
for more info.
.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/backup/znapzend.nix>
|
services.znapzend.features.lowmemRecurseWhether to enable use lowmemRecurse on systems where you have too many datasets, so a recursive listing of attributes to find backup plans exhausts the memory available to znapzend: instead, go the slower way to first list all impacted dataset names, and then query their configs one by one. .
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/backup/znapzend.nix>
|
services.znapzend.features.oracleModeWhether to enable Destroy snapshots one by one instead of using one long argument list. If source and destination are out of sync for a long time, you may have so many snapshots to destroy that the argument gets is too long and the command fails. .
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/backup/znapzend.nix>
|
services.znapzend.features.recvuWhether to enable recvu feature which uses -u on the receiving end to keep the destination
filesystem unmounted.
.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/backup/znapzend.nix>
|
services.znapzend.features.sendRawWhether to enable sendRaw feature which adds the options -w to the
zfs send command. For encrypted source datasets this
instructs zfs not to decrypt before sending which results in a remote
backup that can't be read without the encryption key/passphrase, useful
when the remote isn't fully trusted or not physically secure. This
option must be used consistently, raw incrementals cannot be based on
non-raw snapshots and vice versa.
.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/backup/znapzend.nix>
|
services.znapzend.features.skipIntermediatesWhether to enable Enable the skipIntermediates feature to send a single increment between latest common snapshot and the newly made one. It may skip several source snaps if the destination was offline for some time, and it should skip snapshots not managed by znapzend. Normally for online destinations, the new snapshot is sent as soon as it is created on the source, so there are no automatic increments to skip. .
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/backup/znapzend.nix>
|
services.znapzend.features.zfsGetTypeWhether to enable use zfsGetType if your zfs get supports a
-t argument for filtering by dataset type at all AND
lists properties for snapshots by default when recursing, so that there
is too much data to process while searching for backup plans.
If these two conditions apply to your system, the time needed for a
--recursive search for backup plans can literally
differ by hundreds of times (depending on the amount of snapshots in
that dataset tree... and a decent backup plan will ensure you have a lot
of those), so you would benefit from requesting this feature.
.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/backup/znapzend.nix>
|
services.znapzend.logLevelThe log level when logging to file. Any of debug, info, warning, err, alert. Default in daemonized form is debug.
Type: one of "debug", "info", "warning", "err", "alert"
Default: "debug"
Example: "warning"
Declared by:
<nixpkgs/nixos/modules/services/backup/znapzend.nix>
|
services.znapzend.logToWhere to log to (syslog::<facility> or <filepath>).
Type: string
Default: "syslog::daemon"
Example: "/var/log/znapzend.log"
Declared by:
<nixpkgs/nixos/modules/services/backup/znapzend.nix>
|
services.znapzend.noDestroyDoes all changes to the filesystem except destroy.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/backup/znapzend.nix>
|
services.znapzend.pureDo not persist any stateful znapzend setups. If this option is enabled, your previously set znapzend setups will be cleared and only the ones defined with this module will be applied.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/backup/znapzend.nix>
|
services.znapzend.zetupZnapzend configuration.
Type: attribute set of (submodule)
Default: { }
Example:
{
"tank/home" = {
# Make snapshots of tank/home every hour, keep those for 1 day,
# keep every days snapshot for 1 month, etc.
plan = "1d=>1h,1m=>1d,1y=>1m";
recursive = true;
# Send all those snapshots to john@example.com:rtank/john as well
destinations.remote = {
host = "john@example.com";
dataset = "rtank/john";
};
};
};
Declared by:
<nixpkgs/nixos/modules/services/backup/znapzend.nix>
|
services.znapzend.zetup.<name>.enableWhether to enable this source.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/backup/znapzend.nix>
|
services.znapzend.zetup.<name>.datasetThe dataset to use for this source.
Type: string
Example: "tank/home"
Declared by:
<nixpkgs/nixos/modules/services/backup/znapzend.nix>
|
services.znapzend.zetup.<name>.destinationsAdditional destinations.
Type: attribute set of (submodule)
Default: { }
Example:
{
local = {
dataset = "btank/backup";
presend = "zpool import -N btank";
postsend = "zpool export btank";
};
remote = {
host = "john@example.com";
dataset = "tank/john";
};
};
Declared by:
<nixpkgs/nixos/modules/services/backup/znapzend.nix>
|
services.znapzend.zetup.<name>.destinations.<name>.datasetDataset name to send snapshots to.
Type: string
Example: "tank/main"
Declared by:
<nixpkgs/nixos/modules/services/backup/znapzend.nix>
|
services.znapzend.zetup.<name>.destinations.<name>.hostHost to use for the destination dataset. Can be prefixed with
user@ to specify the ssh user.
Type: null or string
Default: null
Example: "john@example.com"
Declared by:
<nixpkgs/nixos/modules/services/backup/znapzend.nix>
|
services.znapzend.zetup.<name>.destinations.<name>.labelLabel for this destination. Defaults to the attribute name.
Type: string
Declared by:
<nixpkgs/nixos/modules/services/backup/znapzend.nix>
|
services.znapzend.zetup.<name>.destinations.<name>.planThe znapzend backup plan to use for the source.
The plan specifies how often to backup and for how long to keep the backups. It consists of a series of retention periods to interval associations:
retA=>intA,retB=>intB,...
Both intervals and retention periods are expressed in standard units of time or multiples of them. You can use both the full name or a shortcut according to the following listing:
second|sec|s, minute|min, hour|h, day|d, week|w, month|mon|m, year|y
See znapzendzetup(1) for more info.
Type: string
Example: "1h=>10min,1d=>1h,1w=>1d,1m=>1w,1y=>1m"
Declared by:
<nixpkgs/nixos/modules/services/backup/znapzend.nix>
|
services.znapzend.zetup.<name>.destinations.<name>.postsendCommand to run after sending the snapshot to the destination.
Intended to run a remote script via ssh on the
destination, e.g. to bring up a backup disk or server or to put a
zpool online/offline. See also presend.
Type: null or string
Default: null
Example: "ssh root@bserv zpool export tank"
Declared by:
<nixpkgs/nixos/modules/services/backup/znapzend.nix>
|
services.znapzend.zetup.<name>.destinations.<name>.presendCommand to run before sending the snapshot to the destination.
Intended to run a remote script via ssh on the
destination, e.g. to bring up a backup disk or server or to put a
zpool online/offline. See also postsend.
Type: null or string
Default: null
Example: "ssh root@bserv zpool import -Nf tank"
Declared by:
<nixpkgs/nixos/modules/services/backup/znapzend.nix>
|
services.znapzend.zetup.<name>.mbuffer.enableWhether to use mbuffer.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/backup/znapzend.nix>
|
services.znapzend.zetup.<name>.mbuffer.portPort to use for mbuffer.
If this is null, it will run mbuffer through ssh.
If this is not null, it will run mbuffer directly through TCP, which is not encrypted but faster. In that case the given port needs to be open on the destination host.
Type: null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: null
Declared by:
<nixpkgs/nixos/modules/services/backup/znapzend.nix>
|
services.znapzend.zetup.<name>.mbuffer.sizeThe size for mbuffer. Supports the units b, k, M, G.
Type: string of the form number{b|k|M|G}
Default: "1G"
Example: "128M"
Declared by:
<nixpkgs/nixos/modules/services/backup/znapzend.nix>
|
services.znapzend.zetup.<name>.planThe znapzend backup plan to use for the source.
The plan specifies how often to backup and for how long to keep the backups. It consists of a series of retention periods to interval associations:
retA=>intA,retB=>intB,...
Both intervals and retention periods are expressed in standard units of time or multiples of them. You can use both the full name or a shortcut according to the following listing:
second|sec|s, minute|min, hour|h, day|d, week|w, month|mon|m, year|y
See znapzendzetup(1) for more info.
Type: string
Example: "1h=>10min,1d=>1h,1w=>1d,1m=>1w,1y=>1m"
Declared by:
<nixpkgs/nixos/modules/services/backup/znapzend.nix>
|
services.znapzend.zetup.<name>.postsnapCommand to run after snapshots are taken on the source dataset,
e.g. for database unlocking. See also presnap.
Type: null or string
Default: null
Example:
"${pkgs.coreutils}/bin/kill `${pkgs.coreutils}/bin/cat /tmp/mariadblock.pid`;${pkgs.coreutils}/bin/rm /tmp/mariadblock.pid"
Declared by:
<nixpkgs/nixos/modules/services/backup/znapzend.nix>
|
services.znapzend.zetup.<name>.presnapCommand to run before snapshots are taken on the source dataset,
e.g. for database locking/flushing. See also
postsnap.
Type: null or string
Default: null
Example:
''${pkgs.mariadb}/bin/mysql -e "set autocommit=0;flush tables with read lock;\\! ${pkgs.coreutils}/bin/sleep 600" & ${pkgs.coreutils}/bin/echo $! > /tmp/mariadblock.pid ; sleep 10''
Declared by:
<nixpkgs/nixos/modules/services/backup/znapzend.nix>
|
services.znapzend.zetup.<name>.recursiveWhether to do recursive snapshots.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/backup/znapzend.nix>
|
services.znapzend.zetup.<name>.sendDelaySpecify delay (in seconds) before sending snaps to the destination. May be useful if you want to control sending time.
Type: signed integer
Default: 0
Example: 60
Declared by:
<nixpkgs/nixos/modules/services/backup/znapzend.nix>
|
services.znapzend.zetup.<name>.timestampFormatThe timestamp format to use for constructing snapshot names.
The syntax is strftime-like. The string must
consist of the mandatory %Y %m %d %H %M %S.
Optionally - _ . : characters as well as any
alphanumeric character are allowed. If suffixed by a
Z, times will be in UTC.
Type: string containing all of the characters %Y, %m, %d, %H, %M, %S
Default: "%Y-%m-%d-%H%M%S"
Example: "znapzend-%m.%d.%Y-%H%M%SZ"
Declared by:
<nixpkgs/nixos/modules/services/backup/znapzend.nix>
|
services.znc.enableWhether to enable ZNC.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/networking/znc/default.nix>
|
services.znc.confOptions.extraZncConfExtra config to znc.conf file.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/znc/options.nix>
|
services.znc.confOptions.modulesA list of modules to include in the znc.conf file.
Type: list of string
Default:
[ "webadmin" "adminlog" ]
Example:
[ "partyline" "webadmin" "adminlog" "log" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/znc/options.nix>
|
services.znc.confOptions.networksIRC networks to connect the user to.
Type: attribute set of (submodule)
Default: { }
Example:
{
"libera" = {
server = "irc.libera.chat";
port = 6697;
useSSL = true;
modules = [ "simple_away" ];
};
};
Declared by:
<nixpkgs/nixos/modules/services/networking/znc/options.nix>
|
services.znc.confOptions.networks.<name>.channelsIRC channels to join.
Type: list of string
Default: [ ]
Example:
[ "nixos" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/znc/options.nix>
|
services.znc.confOptions.networks.<name>.extraConfExtra config for the network. Consider using
services.znc.config instead.
Type: strings concatenated with "\n"
Default: ""
Example:
'' Encoding = ^UTF-8 FloodBurst = 4 FloodRate = 1.00 IRCConnectEnabled = true Ident = johntron JoinDelay = 0 Nick = johntron ''
Declared by:
<nixpkgs/nixos/modules/services/networking/znc/options.nix>
|
services.znc.confOptions.networks.<name>.hasBitlbeeControlChannelWhether to add the special Bitlbee operations channel.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/znc/options.nix>
|
services.znc.confOptions.networks.<name>.modulesZNC network modules to load.
Type: list of string
Default:
[ "simple_away" ]
Example: [ "simple_away" "sasl" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/znc/options.nix>
|
services.znc.confOptions.networks.<name>.passwordIRC server password, such as for a Slack gateway.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/networking/znc/options.nix>
|
services.znc.confOptions.networks.<name>.portIRC server port.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 6697
Declared by:
<nixpkgs/nixos/modules/services/networking/znc/options.nix>
|
services.znc.confOptions.networks.<name>.serverIRC server address.
Type: string
Example: "irc.libera.chat"
Declared by:
<nixpkgs/nixos/modules/services/networking/znc/options.nix>
|
services.znc.confOptions.networks.<name>.useSSLWhether to use SSL to connect to the IRC server.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/znc/options.nix>
|
services.znc.confOptions.nickThe IRC nick.
Type: string
Default: "znc-user"
Example: "john"
Declared by:
<nixpkgs/nixos/modules/services/networking/znc/options.nix>
|
services.znc.confOptions.passBlockGenerate with nix-shell -p znc --command "znc --makepass".
This is the password used to log in to the ZNC web admin interface.
You can also set this through
services.znc.config.User.<username>.Pass.Method
and co.
Type: string
Example:
''
<Pass password>
Method = sha256
Hash = e2ce303c7ea75c571d80d8540a8699b46535be6a085be3414947d638e48d9e93
Salt = l5Xryew4g*!oa(ECfX2o
</Pass>
''Declared by:
<nixpkgs/nixos/modules/services/networking/znc/options.nix>
|
services.znc.confOptions.portSpecifies the port on which to listen.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 5000
Declared by:
<nixpkgs/nixos/modules/services/networking/znc/options.nix>
|
services.znc.confOptions.uriPrefixAn optional URI prefix for the ZNC web interface. Can be used to make ZNC available behind a reverse proxy.
Type: null or string
Default: null
Example: "/znc/"
Declared by:
<nixpkgs/nixos/modules/services/networking/znc/options.nix>
|
services.znc.confOptions.useSSLIndicates whether the ZNC server should use SSL when listening on the specified port. A self-signed certificate will be generated.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/znc/options.nix>
|
services.znc.confOptions.userModulesA list of user modules to include in the znc.conf file.
Type: list of string
Default:
[ "chansaver" "controlpanel" ]
Example:
[ "chansaver" "controlpanel" "fish" "push" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/znc/options.nix>
|
services.znc.confOptions.userNameThe user name used to log in to the ZNC web admin interface.
Type: string
Default: "znc"
Example: "johntron"
Declared by:
<nixpkgs/nixos/modules/services/networking/znc/options.nix>
|
services.znc.configConfiguration for ZNC, see
https://wiki.znc.in/Configuration for details. The
Nix value declared here will be translated directly to the xml-like
format ZNC expects. This is much more flexible than the legacy options
under services.znc.confOptions.*, but also can't do
any type checking.
You can use nix-instantiate --eval --strict '<nixpkgs/nixos>' -A config.services.znc.config to view the current value. By default it contains a listener for port 5000 with SSL enabled.
Nix attributes called extraConfig will be inserted
verbatim into the resulting config file.
If services.znc.useLegacyConfig is turned on, the
option values in services.znc.confOptions.* will be
gracefully be applied to this option.
If you intend to update the configuration through this option, be sure
to enable services.znc.mutable, otherwise none of the
changes here will be applied after the initial deploy.
Type: attribute set of (znc values (null, atoms (str, int, bool), list of atoms, or attrsets of znc values))
Default: { }
Example:
{
LoadModule = [ "webadmin" "adminlog" ];
User.paul = {
Admin = true;
Nick = "paul";
AltNick = "paul1";
LoadModule = [ "chansaver" "controlpanel" ];
Network.libera = {
Server = "irc.libera.chat +6697";
LoadModule = [ "simple_away" ];
Chan = {
"#nixos" = { Detached = false; };
"##linux" = { Disabled = true; };
};
};
Pass.password = {
Method = "sha256";
Hash = "e2ce303c7ea75c571d80d8540a8699b46535be6a085be3414947d638e48d9e93";
Salt = "l5Xryew4g*!oa(ECfX2o";
};
};
}
Declared by:
<nixpkgs/nixos/modules/services/networking/znc/default.nix>
|
services.znc.configFileConfiguration file for ZNC. It is recommended to use the
config option instead.
Setting this option will override any auto-generated config file
through the confOptions or config
options.
Type: path
Example: ~/.znc/configs/znc.conf
Declared by:
<nixpkgs/nixos/modules/services/networking/znc/default.nix>
|
services.znc.dataDirThe state directory for ZNC. The config and the modules will be linked to from this directory as well.
Type: path
Default: "/var/lib/znc"
Example: "/home/john/.znc"
Declared by:
<nixpkgs/nixos/modules/services/networking/znc/default.nix>
|
services.znc.extraFlagsExtra arguments to use for executing znc.
Type: list of string
Default: [ ]
Example:
[ "--debug" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/znc/default.nix>
|
services.znc.groupGroup to own the ZNC process.
Type: string
Default: "znc"
Example: "users"
Declared by:
<nixpkgs/nixos/modules/services/networking/znc/default.nix>
|
services.znc.modulePackagesA list of global znc module packages to add to znc.
Type: list of package
Default: [ ]
Example: [ pkgs.zncModules.fish pkgs.zncModules.push ]
Declared by:
<nixpkgs/nixos/modules/services/networking/znc/default.nix>
|
services.znc.mutableIndicates whether to allow the contents of the
dataDir directory to be changed by the user at
run-time.
If enabled, modifications to the ZNC configuration after its initial creation are not overwritten by a NixOS rebuild. If disabled, the ZNC configuration is rebuilt on every NixOS rebuild.
If the user wants to manage the ZNC service using the web admin interface, this option should be enabled.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/znc/default.nix>
|
services.znc.openFirewallWhether to open ports in the firewall for ZNC. Does work with
ports for listeners specified in
services.znc.config.Listener.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/networking/znc/default.nix>
|
services.znc.useLegacyConfigWhether to propagate the legacy options under
services.znc.confOptions.* to the znc config. If this
is turned on, the znc config will contain a user with the default name
"znc", global modules "webadmin" and "adminlog" will be enabled by
default, and more, all controlled through the
services.znc.confOptions.* options.
You can use nix-instantiate --eval --strict '<nixpkgs/nixos>' -A config.services.znc.config
to view the current value of the config.
In any case, if you need more flexibility,
services.znc.config can be used to override/add to
all of the legacy options.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/networking/znc/options.nix>
|
services.znc.userThe name of an existing user account to use to own the ZNC server process. If not specified, a default user will be created.
Type: string
Default: "znc"
Example: "john"
Declared by:
<nixpkgs/nixos/modules/services/networking/znc/default.nix>
|
services.zoneminder.enableWhether to enable ZoneMinder
If you intend to run the database locally, you should set
config.services.zoneminder.database.createLocally to true. Otherwise,
when set to false (the default), you will have to create the database
and database user as well as populate the database yourself.
Additionally, you will need to run zmupdate.pl yourself when
upgrading to a newer version.
.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/zoneminder.nix>
|
services.zoneminder.camerasSet this to the number of cameras you expect to support.
Type: signed integer
Default: 1
Declared by:
<nixpkgs/nixos/modules/services/misc/zoneminder.nix>
|
services.zoneminder.database.createLocallyCreate the database and database user locally.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/zoneminder.nix>
|
services.zoneminder.database.hostHostname hosting the database.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/misc/zoneminder.nix>
|
services.zoneminder.database.nameName of database.
Type: string
Default: "zm"
Declared by:
<nixpkgs/nixos/modules/services/misc/zoneminder.nix>
|
services.zoneminder.database.passwordUsername for accessing the database.
Not used if createLocally is set.
Type: string
Default: "zmpass"
Declared by:
<nixpkgs/nixos/modules/services/misc/zoneminder.nix>
|
services.zoneminder.database.usernameUsername for accessing the database.
Type: string
Default: "zmuser"
Declared by:
<nixpkgs/nixos/modules/services/misc/zoneminder.nix>
|
services.zoneminder.extraConfigAdditional configuration added verbatim to the configuration file.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/services/misc/zoneminder.nix>
|
services.zoneminder.hostnameThe hostname on which to listen.
Type: string
Default: "localhost"
Declared by:
<nixpkgs/nixos/modules/services/misc/zoneminder.nix>
|
services.zoneminder.openFirewallOpen the firewall port(s).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/misc/zoneminder.nix>
|
services.zoneminder.portThe port on which to listen.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 8095
Declared by:
<nixpkgs/nixos/modules/services/misc/zoneminder.nix>
|
services.zoneminder.storageDirZoneMinder can generate quite a lot of data, so in case you don't want to use the default /var/lib/zoneminder, you can override the path here.
Type: null or string
Default: null
Example: "/storage/tank"
Declared by:
<nixpkgs/nixos/modules/services/misc/zoneminder.nix>
|
services.zoneminder.webserverThe webserver to configure for the PHP frontend.
Set it to none if you want to configure it yourself. PRs are welcome
for support for other web servers.
Type: one of "nginx", "none"
Default: "nginx"
Declared by:
<nixpkgs/nixos/modules/services/misc/zoneminder.nix>
|
services.zookeeper.enableWhether to enable Zookeeper.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/misc/zookeeper.nix>
|
services.zookeeper.packageThe zookeeper package to use
Type: package
Default: pkgs.zookeeper
Declared by:
<nixpkgs/nixos/modules/services/misc/zookeeper.nix>
|
services.zookeeper.dataDirData directory for Zookeeper
Type: path
Default: "/var/lib/zookeeper"
Declared by:
<nixpkgs/nixos/modules/services/misc/zookeeper.nix>
|
services.zookeeper.extraCmdLineOptionsExtra command line options for the Zookeeper launcher.
Type: list of string
Default:
[ "-Dcom.sun.management.jmxremote" "-Dcom.sun.management.jmxremote.local.only=true" ]
Example:
[ "-Djava.net.preferIPv4Stack=true" "-Dcom.sun.management.jmxremote" "-Dcom.sun.management.jmxremote.local.only=true" ]
Declared by:
<nixpkgs/nixos/modules/services/misc/zookeeper.nix>
|
services.zookeeper.extraConfExtra configuration for Zookeeper.
Type: strings concatenated with "\n"
Default:
'' initLimit=5 syncLimit=2 tickTime=2000 ''
Declared by:
<nixpkgs/nixos/modules/services/misc/zookeeper.nix>
|
services.zookeeper.idZookeeper ID.
Type: signed integer
Default: 0
Declared by:
<nixpkgs/nixos/modules/services/misc/zookeeper.nix>
|
services.zookeeper.jreThe JRE with which to run Zookeeper
Type: package
Default: pkgs.zookeeper.jre
Example: pkgs.jre
Declared by:
<nixpkgs/nixos/modules/services/misc/zookeeper.nix>
|
services.zookeeper.loggingZookeeper logging configuration.
Type: strings concatenated with "\n"
Default:
''
zookeeper.root.logger=INFO, CONSOLE
log4j.rootLogger=INFO, CONSOLE
log4j.logger.org.apache.zookeeper.audit.Log4jAuditLogger=INFO, CONSOLE
log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender
log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout
log4j.appender.CONSOLE.layout.ConversionPattern=[myid:%X{myid}] - %-5p [%t:%C{1}@%L] - %m%n
''Declared by:
<nixpkgs/nixos/modules/services/misc/zookeeper.nix>
|
services.zookeeper.portZookeeper Client port.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 2181
Declared by:
<nixpkgs/nixos/modules/services/misc/zookeeper.nix>
|
services.zookeeper.preferIPv4Add the -Djava.net.preferIPv4Stack=true flag to the Zookeeper server.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/services/misc/zookeeper.nix>
|
services.zookeeper.purgeIntervalThe time interval in hours for which the purge task has to be triggered. Set to a positive integer (1 and above) to enable the auto purging.
Type: signed integer
Default: 1
Declared by:
<nixpkgs/nixos/modules/services/misc/zookeeper.nix>
|
services.zookeeper.serversAll Zookeeper Servers.
Type: strings concatenated with "\n"
Default: ""
Example:
'' server.0=host0:2888:3888 server.1=host1:2888:3888 server.2=host2:2888:3888 ''
Declared by:
<nixpkgs/nixos/modules/services/misc/zookeeper.nix>
|
services.zope2.instanceszope2 instances to be created automatically by the system.
Type: attribute set of (submodule)
Default: { }
Example:
{
plone01 = {
http_address = "127.0.0.1:8080";
extra =
''
<zodb_db main>
mount-point /
cache-size 30000
<blobstorage>
blob-dir /var/lib/zope2/plone01/blobstorage
<filestorage>
path /var/lib/zope2/plone01/filestorage/Data.fs
</filestorage>
</blobstorage>
</zodb_db>
'';
};
}
Declared by:
<nixpkgs/nixos/modules/services/web-servers/zope2.nix>
|
services.zope2.instances.<name>.packagesThe list of packages you want to make available to the zope2 instance.
Type: list of package
Declared by:
<nixpkgs/nixos/modules/services/web-servers/zope2.nix>
|
services.zope2.instances.<name>.clientHomeHome directory of zope2 instance.
Type: path
Default: "/var/lib/zope2/‹name›"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/zope2.nix>
|
services.zope2.instances.<name>.extraExtra zope.conf
Type: strings concatenated with "\n"
Default:
''
<zodb_db main>
mount-point /
cache-size 30000
<blobstorage>
blob-dir /var/lib/zope2/‹name›/blobstorage
<filestorage>
path /var/lib/zope2/‹name›/filestorage/Data.fs
</filestorage>
</blobstorage>
</zodb_db>
''Declared by:
<nixpkgs/nixos/modules/services/web-servers/zope2.nix>
|
services.zope2.instances.<name>.http_addressGive a port and address for the HTTP server.
Type: string
Default: "localhost:8080"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/zope2.nix>
|
services.zope2.instances.<name>.nameThe name of the zope2 instance. If undefined, the name of the attribute set will be used.
Type: string
Default: "‹name›"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/zope2.nix>
|
services.zope2.instances.<name>.threadsSpecify the number of threads that Zope's ZServer web server will use to service requests.
Type: signed integer
Default: 2
Declared by:
<nixpkgs/nixos/modules/services/web-servers/zope2.nix>
|
services.zope2.instances.<name>.userThe name of the effective user for the Zope process.
Type: string
Default: "zope2"
Declared by:
<nixpkgs/nixos/modules/services/web-servers/zope2.nix>
|
services.zrepl.enableWhether to enable zrepl.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/services/backup/zrepl.nix>
|
services.zrepl.packageWhich package to use for zrepl
Type: package
Default: pkgs.zrepl
Declared by:
<nixpkgs/nixos/modules/services/backup/zrepl.nix>
|
services.zrepl.settingsConfiguration for zrepl. See https://zrepl.github.io/configuration.html for more information.
Type: YAML value
Default: { }
Declared by:
<nixpkgs/nixos/modules/services/backup/zrepl.nix>
|
snapraid.enableWhether to enable SnapRAID.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/tasks/snapraid.nix>
|
snapraid.contentFilesSnapRAID content list files.
Type: list of string
Default: [ ]
Example:
[ "/var/snapraid.content" "/mnt/disk1/snapraid.content" "/mnt/disk2/snapraid.content" ]
Declared by:
<nixpkgs/nixos/modules/tasks/snapraid.nix>
|
snapraid.dataDisksSnapRAID data disks.
Type: attribute set of string
Default: { }
Example:
{
d1 = "/mnt/disk1/";
d2 = "/mnt/disk2/";
d3 = "/mnt/disk3/";
}Declared by:
<nixpkgs/nixos/modules/tasks/snapraid.nix>
|
snapraid.excludeSnapRAID exclude directives.
Type: list of string
Default: [ ]
Example:
[ "*.unrecoverable" "/tmp/" "/lost+found/" ]
Declared by:
<nixpkgs/nixos/modules/tasks/snapraid.nix>
|
snapraid.extraConfigExtra config options for SnapRAID.
Type: strings concatenated with "\n"
Default: ""
Example:
'' nohidden blocksize 256 hashsize 16 autosave 500 pool /pool ''
Declared by:
<nixpkgs/nixos/modules/tasks/snapraid.nix>
|
snapraid.parityFilesSnapRAID parity files.
Type: list of string
Default: [ ]
Example:
[ "/mnt/diskp/snapraid.parity" "/mnt/diskq/snapraid.2-parity" "/mnt/diskr/snapraid.3-parity" "/mnt/disks/snapraid.4-parity" "/mnt/diskt/snapraid.5-parity" "/mnt/disku/snapraid.6-parity" ]
Declared by:
<nixpkgs/nixos/modules/tasks/snapraid.nix>
|
snapraid.scrub.intervalHow often to run snapraid scrub.
Type: string
Default: "Mon *-*-* 02:00:00"
Example: "weekly"
Declared by:
<nixpkgs/nixos/modules/tasks/snapraid.nix>
|
snapraid.scrub.olderThanNumber of days since data was last scrubbed before it can be scrubbed again.
Type: signed integer
Default: 10
Example: 20
Declared by:
<nixpkgs/nixos/modules/tasks/snapraid.nix>
|
snapraid.scrub.planPercent of the array that should be checked by snapraid scrub.
Type: signed integer
Default: 8
Example: 5
Declared by:
<nixpkgs/nixos/modules/tasks/snapraid.nix>
|
snapraid.sync.intervalHow often to run snapraid sync.
Type: string
Default: "01:00"
Example: "daily"
Declared by:
<nixpkgs/nixos/modules/tasks/snapraid.nix>
|
snapraid.touchBeforeSyncWhether snapraid touch should be run before snapraid sync.
Type: boolean
Default: true
Example: false
Declared by:
<nixpkgs/nixos/modules/tasks/snapraid.nix>
|
sound.enableWhether to enable ALSA sound.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/audio/alsa.nix>
|
sound.enableOSSEmulationWhether to enable ALSA OSS emulation (with certain cards sound mixing may not work!).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/audio/alsa.nix>
|
sound.extraConfigSet addition configuration for system-wide alsa.
Type: strings concatenated with "\n"
Default: ""
Example:
'' defaults.pcm.!card 3 ''
Declared by:
<nixpkgs/nixos/modules/services/audio/alsa.nix>
|
sound.mediaKeys.enableWhether to enable volume and capture control with keyboard media keys.
You want to leave this disabled if you run a desktop environment like KDE, Gnome, Xfce, etc, as those handle such things themselves. You might want to enable this if you run a minimalistic desktop environment or work from bare linux ttys/framebuffers.
Enabling this will turn on services.actkbd.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/services/audio/alsa.nix>
|
sound.mediaKeys.volumeStepThe value by which to increment/decrement volume on media keys.
See amixer(1) for allowed values.
Type: string
Default: "1"
Example: "1%"
Declared by:
<nixpkgs/nixos/modules/services/audio/alsa.nix>
|
specialisationAdditional configurations to build. If
inheritParentConfig is true, the system
will be based on the overall system configuration.
To switch to a specialised configuration
(e.g. fewJobsManyCores) at runtime, run:
sudo /run/current-system/specialisation/fewJobsManyCores/bin/switch-to-configuration test
Type: attribute set of (submodule)
Default: { }
Example: { fewJobsManyCores.configuration = { nix.settings = { core = 0; max-jobs = 1; }; }; }
Declared by:
<nixpkgs/nixos/modules/system/activation/specialisation.nix>
|
specialisation.<name>.configurationArbitrary NixOS configuration.
Anything you can add to a normal NixOS configuration, you can add here, including imports and config values, although nested specialisations will be ignored.
Type: submodule
Default: { }
Declared by:
<nixpkgs/nixos/modules/system/activation/specialisation.nix>
|
specialisation.<name>.inheritParentConfigInclude the entire system's configuration. Set to false to make a completely differently configured system.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/system/activation/specialisation.nix>
|
swapDevicesThe swap devices and swap files. These must have been
initialised using mkswap. Each element
should be an attribute set specifying either the path of the
swap device or file (device) or the label
of the swap device (label, see
mkswap -L). Using a label is
recommended.
Type: list of (submodule)
Default: [ ]
Example:
[
{
device = "/dev/hda7";
}
{
device = "/var/swapfile";
}
{
label = "bigswap";
}
]Declared by:
<nixpkgs/nixos/modules/tasks/encrypted-devices.nix>
|
<nixpkgs/nixos/modules/config/swap.nix>
|
swapDevices.*.devicePath of the device or swap file.
Type: string
Example: "/dev/sda3"
Declared by:
<nixpkgs/nixos/modules/config/swap.nix>
|
swapDevices.*.discardPolicySpecify the discard policy for the swap device. If "once", then the whole swap space is discarded at swapon invocation. If "pages", asynchronous discard on freed pages is performed, before returning to the available pages pool. With "both", both policies are activated. See swapon(8) for more information.
Type: null or one of "once", "pages", "both"
Default: null
Example: "once"
Declared by:
<nixpkgs/nixos/modules/config/swap.nix>
|
swapDevices.*.encrypted.enableThe block device is backed by an encrypted one, adds this device as a initrd luks entry.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/tasks/encrypted-devices.nix>
|
swapDevices.*.encrypted.blkDevLocation of the backing encrypted device.
Type: null or string
Default: null
Example: "/dev/sda1"
Declared by:
<nixpkgs/nixos/modules/tasks/encrypted-devices.nix>
|
swapDevices.*.encrypted.keyFilePath to a keyfile used to unlock the backing encrypted
device. At the time this keyfile is accessed, the
neededForBoot filesystems (see
fileSystems.<name?>.neededForBoot)
will have been mounted under /mnt-root,
so the keyfile path should usually start with "/mnt-root/".
Type: null or string
Default: null
Example: "/mnt-root/root/.swapkey"
Declared by:
<nixpkgs/nixos/modules/tasks/encrypted-devices.nix>
|
swapDevices.*.encrypted.labelLabel of the unlocked encrypted device. Set fileSystems.<name?>.device to /dev/mapper/<label> to mount the unlocked device.
Type: null or string
Default: null
Example: "rootfs"
Declared by:
<nixpkgs/nixos/modules/tasks/encrypted-devices.nix>
|
swapDevices.*.labelLabel of the device. Can be used instead of device.
Type: string
Example: "swap"
Declared by:
<nixpkgs/nixos/modules/config/swap.nix>
|
swapDevices.*.optionsOptions used to mount the swap.
Type: list of non-empty string
Default:
[ "defaults" ]
Example:
[ "nofail" ]
Declared by:
<nixpkgs/nixos/modules/config/swap.nix>
|
swapDevices.*.prioritySpecify the priority of the swap device. Priority is a value between 0 and 32767. Higher numbers indicate higher priority. null lets the kernel choose a priority, which will show up as a negative value.
Type: null or signed integer
Default: null
Example: 2048
Declared by:
<nixpkgs/nixos/modules/config/swap.nix>
|
swapDevices.*.randomEncryptionEncrypt swap device with a random key. This way you won't have a persistent swap device.
HINT: run "cryptsetup benchmark" to test cipher performance on your machine.
WARNING: Don't try to hibernate when you have at least one swap partition with this option enabled! We have no way to set the partition into which hibernation image is saved, so if your image ends up on an encrypted one you would lose it!
WARNING #2: Do not use /dev/disk/by-uuid/… or /dev/disk/by-label/… as your swap device when using randomEncryption as the UUIDs and labels will get erased on every boot when the partition is encrypted. Best to use /dev/disk/by-partuuid/…
Type: (submodule) or boolean convertible to it
Default: false
Example:
{
cipher = "serpent-xts-plain64";
enable = true;
source = "/dev/random";
}Declared by:
<nixpkgs/nixos/modules/config/swap.nix>
|
swapDevices.*.randomEncryption.enableEncrypt swap device with a random key. This way you won't have a persistent swap device.
WARNING: Don't try to hibernate when you have at least one swap partition with this option enabled! We have no way to set the partition into which hibernation image is saved, so if your image ends up on an encrypted one you would lose it!
WARNING #2: Do not use /dev/disk/by-uuid/… or /dev/disk/by-label/… as your swap device when using randomEncryption as the UUIDs and labels will get erased on every boot when the partition is encrypted. Best to use /dev/disk/by-partuuid/…
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/config/swap.nix>
|
swapDevices.*.randomEncryption.allowDiscardsWhether to allow TRIM requests to the underlying device. This option has security implications; please read the LUKS documentation before activating it.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/config/swap.nix>
|
swapDevices.*.randomEncryption.cipherUse specified cipher for randomEncryption.
Hint: Run "cryptsetup benchmark" to see which one is fastest on your machine.
Type: string
Default: "aes-xts-plain64"
Example: "serpent-xts-plain64"
Declared by:
<nixpkgs/nixos/modules/config/swap.nix>
|
swapDevices.*.randomEncryption.sourceDefine the source of randomness to obtain a random key for encryption.
Type: string
Default: "/dev/urandom"
Example: "/dev/random"
Declared by:
<nixpkgs/nixos/modules/config/swap.nix>
|
swapDevices.*.sizeIf this option is set, ‘device’ is interpreted as the path of a swapfile that will be created automatically with the indicated size (in megabytes).
Type: null or signed integer
Default: null
Example: 2048
Declared by:
<nixpkgs/nixos/modules/config/swap.nix>
|
system.activationScriptsA set of shell script fragments that are executed when a NixOS system configuration is activated. Examples are updating /etc, creating accounts, and so on. Since these are executed every time you boot the system or run nixos-rebuild, it's important that they are idempotent and fast.
Type: attribute set of (string or (submodule))
Default: { }
Example:
{ stdio.text =
''
# Needed by some programs.
ln -sfn /proc/self/fd /dev/fd
ln -sfn /proc/self/fd/0 /dev/stdin
ln -sfn /proc/self/fd/1 /dev/stdout
ln -sfn /proc/self/fd/2 /dev/stderr
'';
}
Declared by:
<nixpkgs/nixos/modules/system/activation/activation-script.nix>
|
system.autoUpgrade.enableWhether to periodically upgrade NixOS to the latest
version. If enabled, a systemd timer will run
nixos-rebuild switch --upgrade once a
day.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/tasks/auto-upgrade.nix>
|
system.autoUpgrade.allowRebootReboot the system into the new generation instead of a switch
if the new generation uses a different kernel, kernel modules
or initrd than the booted system.
See rebootWindow for configuring the times at which a reboot is allowed.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/tasks/auto-upgrade.nix>
|
system.autoUpgrade.channelThe URI of the NixOS channel to use for automatic
upgrades. By default, this is the channel set using
nix-channel (run nix-channel --list
to see the current value).
Type: null or string
Default: null
Example: "https://nixos.org/channels/nixos-14.12-small"
Declared by:
<nixpkgs/nixos/modules/tasks/auto-upgrade.nix>
|
system.autoUpgrade.datesHow often or when upgrade occurs. For most desktop and server systems a sufficient upgrade frequency is once a day.
The format is described in systemd.time(7).
Type: string
Default: "04:40"
Example: "daily"
Declared by:
<nixpkgs/nixos/modules/tasks/auto-upgrade.nix>
|
system.autoUpgrade.flagsAny additional flags passed to nixos-rebuild.
If you are using flakes and use a local repo you can add [ "--update-input" "nixpkgs" "--commit-lock-file" ] to update nixpkgs.
Type: list of string
Default: [ ]
Example:
[ "-I" "stuff=/home/alice/nixos-stuff" "--option" "extra-binary-caches" "http://my-cache.example.org/" ]
Declared by:
<nixpkgs/nixos/modules/tasks/auto-upgrade.nix>
|
system.autoUpgrade.flakeThe Flake URI of the NixOS configuration to build.
Disables the option system.autoUpgrade.channel.
Type: null or string
Default: null
Example: "github:kloenk/nix"
Declared by:
<nixpkgs/nixos/modules/tasks/auto-upgrade.nix>
|
system.autoUpgrade.operationWhether to run
nixos-rebuild switch --upgrade or run
nixos-rebuild boot --upgrade
Type: one of "switch", "boot"
Default: "switch"
Example: "boot"
Declared by:
<nixpkgs/nixos/modules/tasks/auto-upgrade.nix>
|
system.autoUpgrade.persistentTakes a boolean argument. If true, the time when the service unit was last triggered is stored on disk. When the timer is activated, the service unit is triggered immediately if it would have been triggered at least once during the time when the timer was inactive. Such triggering is nonetheless subject to the delay imposed by RandomizedDelaySec=. This is useful to catch up on missed runs of the service when the system was powered down.
Type: boolean
Default: true
Example: false
Declared by:
<nixpkgs/nixos/modules/tasks/auto-upgrade.nix>
|
system.autoUpgrade.randomizedDelaySecAdd a randomized delay before each automatic upgrade. The delay will be chosen between zero and this value. This value must be a time span in the format specified by systemd.time(7)
Type: string
Default: "0"
Example: "45min"
Declared by:
<nixpkgs/nixos/modules/tasks/auto-upgrade.nix>
|
system.autoUpgrade.rebootWindowDefine a lower and upper time value (in HH:MM format) which
constitute a time window during which reboots are allowed after an upgrade.
This option only has an effect when allowReboot is enabled.
The default value of null means that reboots are allowed at any time.
Type: null or (submodule)
Default: null
Example:
{
lower = "01:00";
upper = "05:00";
}Declared by:
<nixpkgs/nixos/modules/tasks/auto-upgrade.nix>
|
system.autoUpgrade.rebootWindow.lowerLower limit of the reboot window
Type: string matching the pattern [[:digit:]]{2}:[[:digit:]]{2}
Example: "01:00"
Declared by:
<nixpkgs/nixos/modules/tasks/auto-upgrade.nix>
|
system.autoUpgrade.rebootWindow.upperUpper limit of the reboot window
Type: string matching the pattern [[:digit:]]{2}:[[:digit:]]{2}
Example: "05:00"
Declared by:
<nixpkgs/nixos/modules/tasks/auto-upgrade.nix>
|
system.buildAttribute set of derivations used to set up the system.
Type: lazy attribute set of unspecified value
Default: { }
Declared by:
<nixpkgs/nixos/modules/system/build.nix>
|
<nixpkgs/nixos/modules/system/activation/top-level.nix>
|
system.build.toplevelThis option contains the store path that typically represents a NixOS system.
You can read this path in a custom deployment tool for example.
Type: package (read only)
Declared by:
<nixpkgs/nixos/modules/system/activation/top-level.nix>
|
system.configurationRevisionThe Git revision of the top-level flake from which this configuration was built.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/misc/version.nix>
|
system.copySystemConfigurationIf enabled, copies the NixOS configuration file
(usually /etc/nixos/configuration.nix)
and links it from the resulting system
(getting to /run/current-system/configuration.nix).
Note that only this single file is copied, even if it imports others.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/activation/top-level.nix>
|
system.extraDependenciesA list of packages that should be included in the system closure but not otherwise made available to users. This is primarily used by the installation tests.
Type: list of package
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/activation/top-level.nix>
|
system.forbiddenDependenciesRegexA POSIX Extended Regular Expression that matches store paths that
should not appear in the system closure, with the exception of system.extraDependencies, which is not checked.
Type: string
Default: ""
Example: "-dev$"
Declared by:
<nixpkgs/nixos/modules/system/activation/top-level.nix>
|
system.nameThe name of the system used in the system.build.toplevel derivation.
That derivation has the following name:
"nixos-system-${config.system.name}-${config.system.nixos.label}"
Type: string
Default:
if config.networking.hostName == "" then "unnamed" else config.networking.hostName;
Declared by:
<nixpkgs/nixos/modules/system/activation/top-level.nix>
|
system.nixos.codeNameThe NixOS release code name (e.g. Emu).
Type: string (read only)
Default: "Stoat"
Declared by:
<nixpkgs/nixos/modules/misc/version.nix>
|
system.nixos.labelNixOS version name to be used in the names of generated outputs and boot labels.
If you ever wanted to influence the labels in your GRUB menu, this is the option for you.
It can only contain letters, numbers and the following symbols:
:, _, . and -.
The default is system.nixos.tags separated by
"-" + "-" + NIXOS_LABEL_VERSION environment
variable (defaults to the value of
system.nixos.version).
Can be overridden by setting NIXOS_LABEL.
Useful for not loosing track of configurations built from different nixos branches/revisions, e.g.:
#!/bin/sh
today=`date +%Y%m%d`
branch=`(cd nixpkgs ; git branch 2>/dev/null | sed -n '/^\* / { s|^\* ||; p; }')`
revision=`(cd nixpkgs ; git rev-parse HEAD)`
export NIXOS_LABEL_VERSION="$today.$branch-${revision:0:7}"
nixos-rebuild switch
Type: string matching the pattern [a-zA-Z0-9:_\.-]*
Declared by:
<nixpkgs/nixos/modules/misc/label.nix>
|
system.nixos.releaseThe NixOS release (e.g. 16.03).
Type: string (read only)
Default: "23.05"
Declared by:
<nixpkgs/nixos/modules/misc/version.nix>
|
system.nixos.tagsStrings to prefix to the default
system.nixos.label.
Useful for not loosing track of configurations built with different options, e.g.:
{
system.nixos.tags = [ "with-xen" ];
virtualisation.xen.enable = true;
}
Type: list of string
Default: [ ]
Example:
[ "with-xen" ]
Declared by:
<nixpkgs/nixos/modules/misc/label.nix>
|
system.nssDatabases.groupList of group entries to configure in /etc/nsswitch.conf.
Note that "files" is always prepended while "systemd" is appended if nscd is enabled.
This option only takes effect if nscd is enabled.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/config/nsswitch.nix>
|
system.nssDatabases.hostsList of hosts entries to configure in /etc/nsswitch.conf.
Note that "files" is always prepended, and "dns" and "myhostname" are always appended.
This option only takes effect if nscd is enabled.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/config/nsswitch.nix>
|
system.nssDatabases.passwdList of passwd entries to configure in /etc/nsswitch.conf.
Note that "files" is always prepended while "systemd" is appended if nscd is enabled.
This option only takes effect if nscd is enabled.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/config/nsswitch.nix>
|
system.nssDatabases.servicesList of services entries to configure in /etc/nsswitch.conf.
Note that "files" is always prepended.
This option only takes effect if nscd is enabled.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/config/nsswitch.nix>
|
system.nssDatabases.shadowList of shadow entries to configure in /etc/nsswitch.conf.
Note that "files" is always prepended.
This option only takes effect if nscd is enabled.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/config/nsswitch.nix>
|
system.replaceRuntimeDependenciesList of packages to override without doing a full rebuild. The original derivation and replacement derivation must have the same name length, and ideally should have close-to-identical directory layout.
Type: list of (submodule)
Default: [ ]
Example: [ ({ original = pkgs.openssl; replacement = pkgs.callPackage /path/to/openssl { }; }) ]
Declared by:
<nixpkgs/nixos/modules/system/activation/top-level.nix>
|
system.replaceRuntimeDependencies.*.originalThe original package to override.
Type: package
Declared by:
<nixpkgs/nixos/modules/system/activation/top-level.nix>
|
system.replaceRuntimeDependencies.*.replacementThe replacement package.
Type: package
Declared by:
<nixpkgs/nixos/modules/system/activation/top-level.nix>
|
system.stateVersionEvery once in a while, a new NixOS release may change configuration defaults in a way incompatible with stateful data. For instance, if the default version of PostgreSQL changes, the new version will probably be unable to read your existing databases. To prevent such breakage, you should set the value of this option to the NixOS release with which you want to be compatible. The effect is that NixOS will use defaults corresponding to the specified release (such as using an older version of PostgreSQL). It‘s perfectly fine and recommended to leave this value at the release version of the first install of this system. Changing this option will not upgrade your system. In fact it is meant to stay constant exactly when you upgrade your system. You should only bump this option, if you are sure that you can or have migrated all state on your system which is affected by this option.
Type: string
Default: config.system.nixos.release
Declared by:
<nixpkgs/nixos/modules/misc/version.nix>
|
system.userActivationScriptsA set of shell script fragments that are executed by a systemd user service when a NixOS system configuration is activated. Examples are rebuilding the .desktop file cache for showing applications in the menu. Since these are executed every time you run nixos-rebuild, it's important that they are idempotent and fast.
Type: attribute set of (string or (submodule))
Default: { }
Example:
{ plasmaSetup = {
text = ''
${pkgs.libsForQt5.kservice}/bin/kbuildsycoca5"
'';
deps = [];
};
}
Declared by:
<nixpkgs/nixos/modules/system/activation/activation-script.nix>
|
systemd.enableCgroupAccountingWhether to enable cgroup accounting.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.enableEmergencyModeWhether to enable emergency mode, which is an sulogin shell started on the console if mounting a filesystem fails. Since some machines (like EC2 instances) have no console of any kind, emergency mode doesn't make sense, and it's better to continue with the boot insofar as possible.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/system/boot/emergency-mode.nix>
|
systemd.enableUnifiedCgroupHierarchyWhether to enable the unified cgroup hierarchy (cgroupsv2).
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.packageThe systemd package.
Type: package
Default: pkgs.systemd
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.packagesPackages providing systemd units and hooks.
Type: list of package
Default: [ ]
Example: [ pkgs.systemd-cryptsetup-generator ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.additionalUpstreamSystemUnitsAdditional units shipped with systemd that shall be enabled.
Type: list of string
Default: [ ]
Example:
[ "debug-shell.service" "systemd-quotacheck.service" ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.automountsDefinition of systemd automount units. This is a list instead of an attrSet, because systemd mandates the names to be derived from the 'where' attribute.
Type: list of (submodule)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.automounts.*.enableIf set to false, this unit will be a symlink to
/dev/null. This is primarily useful to prevent specific
template instances
(e.g. serial-getty@ttyS0) from being
started. Note that enable=true does not
make a unit start by default at boot; if you want that, see
wantedBy.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.automounts.*.afterIf the specified units are started at the same time as this unit, delay this unit until they have started.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.automounts.*.aliasesAliases of that unit.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.automounts.*.automountConfigEach attribute in this set specifies an option in the
[Automount] section of the unit. See
systemd.automount(5) for details.
Type: attribute set of (systemd option)
Default: { }
Example:
{
DirectoryMode = "0775";
}Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.automounts.*.beforeIf the specified units are started at the same time as this unit, delay them until this unit has started.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.automounts.*.bindsToLike ‘requires’, but in addition, if the specified units unexpectedly disappear, this unit will be stopped as well.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.automounts.*.conflictsIf the specified units are started, then this unit is stopped and vice versa.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.automounts.*.descriptionDescription of this unit used in systemd messages and progress indicators.
Type: (optionally newline-terminated) single-line string
Default: ""
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.automounts.*.documentationA list of URIs referencing documentation for this unit or its configuration.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.automounts.*.onFailureA list of one or more units that are activated when this unit enters the "failed" state.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.automounts.*.onSuccessA list of one or more units that are activated when this unit enters the "inactive" state.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.automounts.*.overrideStrategyDefines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise a drop-in file name overrides.conf.
asDropin creates a drop-in file named overrides.conf.
Mainly needed to define instances for systemd template units (e.g. systemd-nspawn@mycontainer.service).
See also systemd.unit(1).
Type: one of "asDropinIfExists", "asDropin"
Default: "asDropinIfExists"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.automounts.*.partOfIf the specified units are stopped or restarted, then this unit is stopped or restarted as well.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.automounts.*.reloadTriggersAn arbitrary list of items such as derivations. If any item in the list changes between reconfigurations, the service will be reloaded. If anything but a reload trigger changes in the unit file, the unit will be restarted instead.
Type: list of (systemd option)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.automounts.*.requiredByUnits that require (i.e. depend on and need to go down with) this unit.
As discussed in the wantedBy option description this also creates
.requires symlinks automatically.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.automounts.*.requiresStart the specified units when this unit is started, and stop this unit when the specified units are stopped or fail.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.automounts.*.requisiteSimilar to requires. However if the units listed are not started, they will not be started and the transaction will fail.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.automounts.*.restartTriggersAn arbitrary list of items such as derivations. If any item in the list changes between reconfigurations, the service will be restarted.
Type: list of unspecified value
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.automounts.*.startLimitBurstConfigure unit start rate limiting. Units which are started more than startLimitBurst times within an interval time interval are not permitted to start any more.
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.automounts.*.startLimitIntervalSecConfigure unit start rate limiting. Units which are started more than startLimitBurst times within an interval time interval are not permitted to start any more.
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.automounts.*.unitConfigEach attribute in this set specifies an option in the
[Unit] section of the unit. See
systemd.unit(5) for details.
Type: attribute set of (systemd option)
Default: { }
Example:
{
RequiresMountsFor = "/data";
}Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.automounts.*.wantedByUnits that want (i.e. depend on) this unit. The default method for
starting a unit by default at boot time is to set this option to
'["multi-user.target"]' for system services. Likewise for user units
(systemd.user.<name>.*) set it to ["default.target"] to make a unit
start by default when the user <name> logs on.
This option creates a .wants symlink in the given target that exists
statelessly without the need for running systemctl enable.
The in systemd.unit(5) manpage described [Install] section however is
not supported because it is a stateful process that does not fit well
into the NixOS design.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.automounts.*.wantsStart the specified units when this unit is started.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.automounts.*.whereAbsolute path of a directory of the mount point. Will be created if it doesn't exist. (Mandatory)
Type: string
Example: "/mnt"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.coredump.enableWhether core dumps should be processed by systemd-coredump. If disabled, core dumps appear in the current directory of the crashing process.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/coredump.nix>
|
systemd.coredump.extraConfigExtra config options for systemd-coredump. See coredump.conf(5) man page for available options.
Type: strings concatenated with "\n"
Default: ""
Example: "Storage=journal"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/coredump.nix>
|
systemd.ctrlAltDelUnitTarget that should be started when Ctrl-Alt-Delete is pressed.
Type: string
Default: "reboot.target"
Example: "poweroff.target"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.defaultUnitDefault unit started when the system boots.
Type: string
Default: "multi-user.target"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.extraConfigExtra config options for systemd. See systemd-system.conf(5) man page for available options.
Type: strings concatenated with "\n"
Default: ""
Example: "DefaultLimitCORE=infinity"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.generatorsDefinition of systemd generators.
For each NAME = VALUE pair of the attrSet, a link is generated from
/etc/systemd/system-generators/NAME to VALUE.
Type: attribute set of path
Default: { }
Example:
{
systemd-gpt-auto-generator = "/dev/null";
}Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.globalEnvironmentEnvironment variables passed to all systemd units.
Type: attribute set of (null or string or path or package)
Default: { }
Example:
{
TZ = "CET";
}Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.managerEnvironmentEnvironment variables of PID 1. These variables are not passed to started units.
Type: attribute set of (null or string or path or package)
Default: { }
Example:
{
SYSTEMD_LOG_LEVEL = "debug";
}Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.mountsDefinition of systemd mount units. This is a list instead of an attrSet, because systemd mandates the names to be derived from the 'where' attribute.
Type: list of (submodule)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.mounts.*.enableIf set to false, this unit will be a symlink to
/dev/null. This is primarily useful to prevent specific
template instances
(e.g. serial-getty@ttyS0) from being
started. Note that enable=true does not
make a unit start by default at boot; if you want that, see
wantedBy.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.mounts.*.afterIf the specified units are started at the same time as this unit, delay this unit until they have started.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.mounts.*.aliasesAliases of that unit.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.mounts.*.beforeIf the specified units are started at the same time as this unit, delay them until this unit has started.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.mounts.*.bindsToLike ‘requires’, but in addition, if the specified units unexpectedly disappear, this unit will be stopped as well.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.mounts.*.conflictsIf the specified units are started, then this unit is stopped and vice versa.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.mounts.*.descriptionDescription of this unit used in systemd messages and progress indicators.
Type: (optionally newline-terminated) single-line string
Default: ""
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.mounts.*.documentationA list of URIs referencing documentation for this unit or its configuration.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.mounts.*.mountConfigEach attribute in this set specifies an option in the
[Mount] section of the unit. See
systemd.mount(5) for details.
Type: attribute set of (systemd option)
Default: { }
Example:
{
DirectoryMode = "0775";
}Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.mounts.*.onFailureA list of one or more units that are activated when this unit enters the "failed" state.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.mounts.*.onSuccessA list of one or more units that are activated when this unit enters the "inactive" state.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.mounts.*.optionsOptions used to mount the file system.
Type: strings concatenated with ","
Default: ""
Example: "noatime"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.mounts.*.overrideStrategyDefines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise a drop-in file name overrides.conf.
asDropin creates a drop-in file named overrides.conf.
Mainly needed to define instances for systemd template units (e.g. systemd-nspawn@mycontainer.service).
See also systemd.unit(1).
Type: one of "asDropinIfExists", "asDropin"
Default: "asDropinIfExists"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.mounts.*.partOfIf the specified units are stopped or restarted, then this unit is stopped or restarted as well.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.mounts.*.reloadTriggersAn arbitrary list of items such as derivations. If any item in the list changes between reconfigurations, the service will be reloaded. If anything but a reload trigger changes in the unit file, the unit will be restarted instead.
Type: list of (systemd option)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.mounts.*.requiredByUnits that require (i.e. depend on and need to go down with) this unit.
As discussed in the wantedBy option description this also creates
.requires symlinks automatically.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.mounts.*.requiresStart the specified units when this unit is started, and stop this unit when the specified units are stopped or fail.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.mounts.*.requisiteSimilar to requires. However if the units listed are not started, they will not be started and the transaction will fail.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.mounts.*.restartTriggersAn arbitrary list of items such as derivations. If any item in the list changes between reconfigurations, the service will be restarted.
Type: list of unspecified value
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.mounts.*.startLimitBurstConfigure unit start rate limiting. Units which are started more than startLimitBurst times within an interval time interval are not permitted to start any more.
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.mounts.*.startLimitIntervalSecConfigure unit start rate limiting. Units which are started more than startLimitBurst times within an interval time interval are not permitted to start any more.
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.mounts.*.typeFile system type.
Type: string
Default: ""
Example: "ext4"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.mounts.*.unitConfigEach attribute in this set specifies an option in the
[Unit] section of the unit. See
systemd.unit(5) for details.
Type: attribute set of (systemd option)
Default: { }
Example:
{
RequiresMountsFor = "/data";
}Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.mounts.*.wantedByUnits that want (i.e. depend on) this unit. The default method for
starting a unit by default at boot time is to set this option to
'["multi-user.target"]' for system services. Likewise for user units
(systemd.user.<name>.*) set it to ["default.target"] to make a unit
start by default when the user <name> logs on.
This option creates a .wants symlink in the given target that exists
statelessly without the need for running systemctl enable.
The in systemd.unit(5) manpage described [Install] section however is
not supported because it is a stateful process that does not fit well
into the NixOS design.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.mounts.*.wantsStart the specified units when this unit is started.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.mounts.*.whatAbsolute path of device node, file or other resource. (Mandatory)
Type: string
Example: "/dev/sda1"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.mounts.*.whereAbsolute path of a directory of the mount point. Will be created if it doesn't exist. (Mandatory)
Type: string
Example: "/mnt"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.network.enableWhether to enable networkd or not.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.configDefinition of global systemd network config.
Type: submodule
Default: { }
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.config.addRouteTablesToIPRoute2If true and routeTables are set, then the specified route tables will also be installed into /etc/iproute2/rt_tables.
Type: boolean
Default: true
Example: false
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.config.dhcpV4ConfigEach attribute in this set specifies an option in the
[DHCPv4] section of the networkd config.
See networkd.conf(5) for details.
Type: attribute set of (systemd option)
Default: { }
Example:
{
DUIDType = "vendor";
}Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.config.dhcpV6ConfigEach attribute in this set specifies an option in the
[DHCPv6] section of the networkd config.
See networkd.conf(5) for details.
Type: attribute set of (systemd option)
Default: { }
Example:
{
DUIDType = "vendor";
}Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.config.networkConfigEach attribute in this set specifies an option in the
[Network] section of the networkd config.
See networkd.conf(5) for details.
Type: attribute set of (systemd option)
Default: { }
Example:
{
ManageForeignRoutingPolicyRules = false;
SpeedMeter = true;
}Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.config.routeTablesDefines route table names as an attrset of name to number. See networkd.conf(5) for details.
Type: attribute set of signed integer
Default: { }
Example:
{
foo = 27;
}Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.linksDefinition of systemd network links.
Type: attribute set of (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.links.<name>.enableWhether to enable this .link unit. It's handled by udev no matter if systemd-networkd is enabled or not
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.links.<name>.extraConfigExtra configuration append to unit
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.links.<name>.linkConfigEach attribute in this set specifies an option in the
[Link] section of the unit. See
systemd.link(5) for details.
Type: attribute set of (systemd option)
Default: { }
Example:
{
MACAddress = "00:ff:ee:aa:cc:dd";
}Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.links.<name>.matchConfigEach attribute in this set specifies an option in the
[Match] section of the unit. See
systemd.link(5)
systemd.netdev(5)
systemd.network(5)
for details.
Type: attribute set of (systemd option)
Default: { }
Example:
{
Name = "eth0";
}Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.netdevsDefinition of systemd network devices.
Type: attribute set of (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.netdevs.<name>.enableWhether to manage network configuration using systemd-network.
This also enables systemd.networkd.enable.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.netdevs.<name>.batmanAdvancedConfigEach attribute in this set specifies an option in the
[BatmanAdvanced] section of the unit. See
systemd.netdev(5) for details.
Type: attribute set of (systemd option)
Default: { }
Example:
{
GatewayMode = "server";
RoutingAlgorithm = "batman-v";
}Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.netdevs.<name>.bondConfigEach attribute in this set specifies an option in the
[Bond] section of the unit. See
systemd.netdev(5) for details.
Type: attribute set of (systemd option)
Default: { }
Example:
{
Mode = "802.3ad";
}Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.netdevs.<name>.extraConfigExtra configuration append to unit
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.netdevs.<name>.fooOverUDPConfigEach attribute in this set specifies an option in the
[FooOverUDP] section of the unit. See
systemd.netdev(5) for details.
Type: attribute set of (systemd option)
Default: { }
Example:
{
Port = 9001;
}Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.netdevs.<name>.macvlanConfigEach attribute in this set specifies an option in the
[MACVLAN] section of the unit. See
systemd.netdev(5) for details.
Type: attribute set of (systemd option)
Default: { }
Example:
{
Mode = "private";
}Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.netdevs.<name>.matchConfigEach attribute in this set specifies an option in the
[Match] section of the unit. See
systemd.link(5)
systemd.netdev(5)
systemd.network(5)
for details.
Type: attribute set of (systemd option)
Default: { }
Example:
{
Name = "eth0";
}Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.netdevs.<name>.netdevConfigEach attribute in this set specifies an option in the
[Netdev] section of the unit. See
systemd.netdev(5) for details.
Type: attribute set of (systemd option)
Example:
{
Kind = "bridge";
Name = "mybridge";
}Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.netdevs.<name>.peerConfigEach attribute in this set specifies an option in the
[Peer] section of the unit. See
systemd.netdev(5) for details.
Type: attribute set of (systemd option)
Default: { }
Example:
{
Name = "veth2";
}Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.netdevs.<name>.tapConfigEach attribute in this set specifies an option in the
[Tap] section of the unit. See
systemd.netdev(5) for details.
Type: attribute set of (systemd option)
Default: { }
Example:
{
User = "openvpn";
}Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.netdevs.<name>.tunConfigEach attribute in this set specifies an option in the
[Tun] section of the unit. See
systemd.netdev(5) for details.
Type: attribute set of (systemd option)
Default: { }
Example:
{
User = "openvpn";
}Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.netdevs.<name>.tunnelConfigEach attribute in this set specifies an option in the
[Tunnel] section of the unit. See
systemd.netdev(5) for details.
Type: attribute set of (systemd option)
Default: { }
Example:
{
Remote = "192.168.1.1";
}Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.netdevs.<name>.vlanConfigEach attribute in this set specifies an option in the
[VLAN] section of the unit. See
systemd.netdev(5) for details.
Type: attribute set of (systemd option)
Default: { }
Example:
{
Id = 4;
}Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.netdevs.<name>.vrfConfigEach attribute in this set specifies an option in the
[VRF] section of the unit. See
systemd.netdev(5) for details.
A detailed explanation about how VRFs work can be found in the
kernel docs.
Type: attribute set of (systemd option)
Default: { }
Example:
{
Table = 2342;
}Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.netdevs.<name>.vxlanConfigEach attribute in this set specifies an option in the
[VXLAN] section of the unit. See
systemd.netdev(5) for details.
Type: attribute set of (systemd option)
Default: { }
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.netdevs.<name>.wireguardConfigEach attribute in this set specifies an option in the
[WireGuard] section of the unit. See
systemd.netdev(5) for details.
Use PrivateKeyFile instead of
PrivateKey: the nix store is
world-readable.
Type: attribute set of (systemd option)
Default: { }
Example:
{
FirewallMark = 42;
ListenPort = 51820;
PrivateKeyFile = "/etc/wireguard/secret.key";
}Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.netdevs.<name>.wireguardPeersEach item in this array specifies an option in the
[WireGuardPeer] section of the unit. See
systemd.netdev(5) for details.
Use PresharedKeyFile instead of
PresharedKey: the nix store is
world-readable.
Type: list of (submodule)
Default: [ ]
Example:
[
{
wireguardPeerConfig = {
AllowedIPs = [
"10.0.0.1/32"
];
Endpoint = "192.168.1.1:51820";
PersistentKeepalive = 15;
PresharedKeyFile = "/etc/wireguard/psk.key";
PublicKey = "27s0OvaBBdHoJYkH9osZpjpgSOVNw+RaKfboT/Sfq0g=";
};
}
]Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.netdevs.<name>.wireguardPeers.*.wireguardPeerConfigEach attribute in this set specifies an option in the
[WireGuardPeer] section of the unit. See
systemd.network(5) for details.
Type: attribute set of (systemd option)
Default: { }
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.netdevs.<name>.xfrmConfigEach attribute in this set specifies an option in the
[Xfrm] section of the unit. See
systemd.netdev(5) for details.
Type: attribute set of (systemd option)
Default: { }
Example:
{
InterfaceId = 1;
}Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.networksDefinition of systemd networks.
Type: attribute set of (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.networks.<name>.enableWhether to manage network configuration using systemd-network.
This also enables systemd.networkd.enable.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.networks.<name>.DHCPWhether to enable DHCP on the interfaces matched.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.networks.<name>.addressA list of addresses to be added to the network section of the unit. See systemd.network(5) for details.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.networks.<name>.addressesA list of address sections to be added to the unit. See systemd.network(5) for details.
Type: list of (submodule)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.networks.<name>.addresses.*.addressConfigEach attribute in this set specifies an option in the
[Address] section of the unit. See
systemd.network(5) for details.
Type: attribute set of (systemd option)
Example:
{
Address = "192.168.0.100/24";
}Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.networks.<name>.bondA list of bond interfaces to be added to the network section of the unit. See systemd.network(5) for details.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.networks.<name>.bridgeA list of bridge interfaces to be added to the network section of the unit. See systemd.network(5) for details.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.networks.<name>.dhcpPrefixDelegationConfigEach attribute in this set specifies an option in the
[DHCPPrefixDelegation] section of the unit. See
systemd.network(5) for details.
Type: attribute set of (systemd option)
Default: { }
Example:
{
Announce = true;
SubnetId = "auto";
}Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.networks.<name>.dhcpServerConfigEach attribute in this set specifies an option in the
[DHCPServer] section of the unit. See
systemd.network(5) for details.
Type: attribute set of (systemd option)
Default: { }
Example:
{
EmitDNS = false;
PoolOffset = 50;
}Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.networks.<name>.dhcpServerStaticLeasesA list of DHCPServerStaticLease sections to be added to the unit. See systemd.network(5) for details.
Type: list of (submodule)
Default: [ ]
Example:
[
{
dhcpServerStaticLeaseConfig = {
Address = "192.168.1.42";
MACAddress = "65:43:4a:5b:d8:5f";
};
}
]Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.networks.<name>.dhcpServerStaticLeases.*.dhcpServerStaticLeaseConfigEach attribute in this set specifies an option in the
[DHCPServerStaticLease] section of the unit. See
systemd.network(5) for details.
Make sure to configure the corresponding client interface to use
ClientIdentifier=mac.
Type: attribute set of (systemd option)
Default: { }
Example:
{
Address = "192.168.1.42";
MACAddress = "65:43:4a:5b:d8:5f";
}Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.networks.<name>.dhcpV4ConfigEach attribute in this set specifies an option in the
[DHCPv4] section of the unit. See
systemd.network(5) for details.
Type: attribute set of (systemd option)
Default: { }
Example:
{
UseDNS = true;
UseRoutes = true;
}Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.networks.<name>.dhcpV6ConfigEach attribute in this set specifies an option in the
[DHCPv6] section of the unit. See
systemd.network(5) for details.
Type: attribute set of (systemd option)
Default: { }
Example:
{
UseDNS = true;
}Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.networks.<name>.dnsA list of dns servers to be added to the network section of the unit. See systemd.network(5) for details.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.networks.<name>.domainsA list of domains to pass to the network config.
Type: null or (list of string)
Default: null
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.networks.<name>.extraConfigExtra configuration append to unit
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.networks.<name>.gatewayA list of gateways to be added to the network section of the unit. See systemd.network(5) for details.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.networks.<name>.ipv6AcceptRAConfigEach attribute in this set specifies an option in the
[IPv6AcceptRA] section of the unit. See
systemd.network(5) for details.
Type: attribute set of (systemd option)
Default: { }
Example:
{
DHCPv6Client = "always";
UseDNS = true;
}Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.networks.<name>.ipv6PrefixesA list of ipv6Prefix sections to be added to the unit. See systemd.network(5) for details.
Type: list of (submodule)
Default: [ ]
Example:
[
{
ipv6PrefixConfig = {
AddressAutoconfiguration = true;
OnLink = true;
};
}
]Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.networks.<name>.ipv6Prefixes.*.ipv6PrefixConfigEach attribute in this set specifies an option in the
[IPv6Prefix] section of the unit. See
systemd.network(5) for details.
Type: attribute set of (systemd option)
Default: { }
Example:
{
Prefix = "fd00::/64";
}Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.networks.<name>.ipv6RoutePrefixesA list of ipv6RoutePrefix sections to be added to the unit. See systemd.network(5) for details.
Type: list of (submodule)
Default: [ ]
Example:
[
{
ipv6RoutePrefixConfig = {
LifetimeSec = 3600;
Route = "fd00::/64";
};
}
]Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.networks.<name>.ipv6RoutePrefixes.*.ipv6RoutePrefixConfigEach attribute in this set specifies an option in the
[IPv6RoutePrefix] section of the unit. See
systemd.network(5) for details.
Type: attribute set of (systemd option)
Default: { }
Example:
{
Route = "fd00::/64";
}Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.networks.<name>.ipv6SendRAConfigEach attribute in this set specifies an option in the
[IPv6SendRA] section of the unit. See
systemd.network(5) for details.
Type: attribute set of (systemd option)
Default: { }
Example:
{
EmitDNS = true;
Managed = true;
OtherInformation = true;
}Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.networks.<name>.linkConfigEach attribute in this set specifies an option in the
[Link] section of the unit. See
systemd.network(5) for details.
Type: attribute set of (systemd option)
Default: { }
Example:
{
Unmanaged = true;
}Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.networks.<name>.macvlanA list of macvlan interfaces to be added to the network section of the unit. See systemd.network(5) for details.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.networks.<name>.matchConfigEach attribute in this set specifies an option in the
[Match] section of the unit. See
systemd.link(5)
systemd.netdev(5)
systemd.network(5)
for details.
Type: attribute set of (systemd option)
Default: { }
Example:
{
Name = "eth0";
}Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.networks.<name>.nameThe name of the network interface to match against.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.networks.<name>.networkConfigEach attribute in this set specifies an option in the
[Network] section of the unit. See
systemd.network(5) for details.
Type: attribute set of (systemd option)
Default: { }
Example:
{
Description = "My Network";
}Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.networks.<name>.ntpA list of ntp servers to be added to the network section of the unit. See systemd.network(5) for details.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.networks.<name>.routesA list of route sections to be added to the unit. See systemd.network(5) for details.
Type: list of (submodule)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.networks.<name>.routes.*.routeConfigEach attribute in this set specifies an option in the
[Route] section of the unit. See
systemd.network(5) for details.
Type: attribute set of (systemd option)
Default: { }
Example:
{
Gateway = "192.168.0.1";
}Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.networks.<name>.routingPolicyRulesA list of routing policy rules sections to be added to the unit. See systemd.network(5) for details.
Type: list of (submodule)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.networks.<name>.routingPolicyRules.*.routingPolicyRuleConfigEach attribute in this set specifies an option in the
[RoutingPolicyRule] section of the unit. See
systemd.network(5) for details.
Type: attribute set of (systemd option)
Default: { }
Example:
{
Family = "both";
IncomingInterface = "eth1";
Table = 10;
}Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.networks.<name>.tunnelA list of tunnel interfaces to be added to the network section of the unit. See systemd.network(5) for details.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.networks.<name>.vlanA list of vlan interfaces to be added to the network section of the unit. See systemd.network(5) for details.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.networks.<name>.vrfA list of vrf interfaces to be added to the network section of the unit. See systemd.network(5) for details.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.networks.<name>.vxlanA list of vxlan interfaces to be added to the network section of the unit. See systemd.network(5) for details.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.networks.<name>.xfrmA list of xfrm interfaces to be added to the network section of the unit. See systemd.network(5) for details.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.wait-online.enableWhether to enable the systemd-networkd-wait-online service.
systemd-networkd-wait-online can timeout and fail if there are no network interfaces available for it to manage. When systemd-networkd is enabled but a different service is responsible for managing the system's internet connection (for example, NetworkManager or connman are used to manage WiFi connections), this service is unnecessary and can be disabled.
Type: boolean
Default: true
Example: false
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.wait-online.anyInterfaceWhether to consider the network online when any interface is online, as opposed to all of them. This is useful on portable machines with a wired and a wireless interface, for example.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.wait-online.extraArgsExtra command-line arguments to pass to systemd-networkd-wait-online.
These also affect per-interface systemd-network-wait-online@ services.
See systemd-networkd-wait-online.service(8) for all available options.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.wait-online.ignoredInterfacesNetwork interfaces to be ignored when deciding if the system is online.
Type: list of string
Default: [ ]
Example:
[ "wg0" ]
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.network.wait-online.timeoutTime to wait for the network to come online, in seconds. Set to 0 to disable.
Type: unsigned integer, meaning >=0
Default: 120
Example: 0
Declared by:
<nixpkgs/nixos/modules/system/boot/networkd.nix>
|
systemd.nspawnDefinition of systemd-nspawn configurations.
Type: attribute set of (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/nspawn.nix>
|
systemd.nspawn.<name>.enableIf set to false, this unit will be a symlink to
/dev/null. This is primarily useful to prevent specific
template instances
(e.g. serial-getty@ttyS0) from being
started. Note that enable=true does not
make a unit start by default at boot; if you want that, see
wantedBy.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/nspawn.nix>
|
systemd.nspawn.<name>.execConfigEach attribute in this set specifies an option in the
[Exec] section of this unit. See
systemd.nspawn(5) for details.
Type: attribute set of (systemd option)
Default: { }
Example:
{
Parameters = "/bin/sh";
}Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/nspawn.nix>
|
systemd.nspawn.<name>.filesConfigEach attribute in this set specifies an option in the
[Files] section of this unit. See
systemd.nspawn(5) for details.
Type: attribute set of (systemd option)
Default: { }
Example:
{
Bind = [
"/home/alice"
];
}Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/nspawn.nix>
|
systemd.nspawn.<name>.networkConfigEach attribute in this set specifies an option in the
[Network] section of this unit. See
systemd.nspawn(5) for details.
Type: attribute set of (systemd option)
Default: { }
Example:
{
Private = false;
}Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/nspawn.nix>
|
systemd.oomd.enableWhether to enable the systemd-oomd OOM killer.
Type: boolean
Default: true
Example: true
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/oomd.nix>
|
systemd.oomd.enableRootSliceWhether to enable oomd on the root slice (-.slice).
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/oomd.nix>
|
systemd.oomd.enableSystemSliceWhether to enable oomd on the system slice (system.slice).
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/oomd.nix>
|
systemd.oomd.enableUserServicesWhether to enable oomd on all user services (user@.service).
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/oomd.nix>
|
systemd.oomd.extraConfigExtra config options for systemd-oomd. See man oomd.conf
for available options.
Type: attribute set of (string or signed integer or boolean)
Default: { }
Example: { DefaultMemoryPressureDurationSec = "20s"; }
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/oomd.nix>
|
systemd.pathsDefinition of systemd path units.
Type: attribute set of (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.paths.<name>.enableIf set to false, this unit will be a symlink to
/dev/null. This is primarily useful to prevent specific
template instances
(e.g. serial-getty@ttyS0) from being
started. Note that enable=true does not
make a unit start by default at boot; if you want that, see
wantedBy.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.paths.<name>.afterIf the specified units are started at the same time as this unit, delay this unit until they have started.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.paths.<name>.aliasesAliases of that unit.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.paths.<name>.beforeIf the specified units are started at the same time as this unit, delay them until this unit has started.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.paths.<name>.bindsToLike ‘requires’, but in addition, if the specified units unexpectedly disappear, this unit will be stopped as well.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.paths.<name>.conflictsIf the specified units are started, then this unit is stopped and vice versa.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.paths.<name>.descriptionDescription of this unit used in systemd messages and progress indicators.
Type: (optionally newline-terminated) single-line string
Default: ""
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.paths.<name>.documentationA list of URIs referencing documentation for this unit or its configuration.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.paths.<name>.onFailureA list of one or more units that are activated when this unit enters the "failed" state.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.paths.<name>.onSuccessA list of one or more units that are activated when this unit enters the "inactive" state.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.paths.<name>.overrideStrategyDefines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise a drop-in file name overrides.conf.
asDropin creates a drop-in file named overrides.conf.
Mainly needed to define instances for systemd template units (e.g. systemd-nspawn@mycontainer.service).
See also systemd.unit(1).
Type: one of "asDropinIfExists", "asDropin"
Default: "asDropinIfExists"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.paths.<name>.partOfIf the specified units are stopped or restarted, then this unit is stopped or restarted as well.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.paths.<name>.pathConfigEach attribute in this set specifies an option in the
[Path] section of the unit. See
systemd.path(5) for details.
Type: attribute set of (systemd option)
Default: { }
Example:
{
PathChanged = "/some/path";
Unit = "changedpath.service";
}Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.paths.<name>.reloadTriggersAn arbitrary list of items such as derivations. If any item in the list changes between reconfigurations, the service will be reloaded. If anything but a reload trigger changes in the unit file, the unit will be restarted instead.
Type: list of (systemd option)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.paths.<name>.requiredByUnits that require (i.e. depend on and need to go down with) this unit.
As discussed in the wantedBy option description this also creates
.requires symlinks automatically.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.paths.<name>.requiresStart the specified units when this unit is started, and stop this unit when the specified units are stopped or fail.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.paths.<name>.requisiteSimilar to requires. However if the units listed are not started, they will not be started and the transaction will fail.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.paths.<name>.restartTriggersAn arbitrary list of items such as derivations. If any item in the list changes between reconfigurations, the service will be restarted.
Type: list of unspecified value
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.paths.<name>.startLimitBurstConfigure unit start rate limiting. Units which are started more than startLimitBurst times within an interval time interval are not permitted to start any more.
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.paths.<name>.startLimitIntervalSecConfigure unit start rate limiting. Units which are started more than startLimitBurst times within an interval time interval are not permitted to start any more.
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.paths.<name>.unitConfigEach attribute in this set specifies an option in the
[Unit] section of the unit. See
systemd.unit(5) for details.
Type: attribute set of (systemd option)
Default: { }
Example:
{
RequiresMountsFor = "/data";
}Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.paths.<name>.wantedByUnits that want (i.e. depend on) this unit. The default method for
starting a unit by default at boot time is to set this option to
'["multi-user.target"]' for system services. Likewise for user units
(systemd.user.<name>.*) set it to ["default.target"] to make a unit
start by default when the user <name> logs on.
This option creates a .wants symlink in the given target that exists
statelessly without the need for running systemctl enable.
The in systemd.unit(5) manpage described [Install] section however is
not supported because it is a stateful process that does not fit well
into the NixOS design.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.paths.<name>.wantsStart the specified units when this unit is started.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.servicesDefinition of systemd service units.
Type: attribute set of (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/testing/service-runner.nix>
|
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
<nixpkgs/nixos/modules/security/systemd-confinement.nix>
|
systemd.services.<name>.enableIf set to false, this unit will be a symlink to
/dev/null. This is primarily useful to prevent specific
template instances
(e.g. serial-getty@ttyS0) from being
started. Note that enable=true does not
make a unit start by default at boot; if you want that, see
wantedBy.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.services.<name>.afterIf the specified units are started at the same time as this unit, delay this unit until they have started.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.services.<name>.aliasesAliases of that unit.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.services.<name>.beforeIf the specified units are started at the same time as this unit, delay them until this unit has started.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.services.<name>.bindsToLike ‘requires’, but in addition, if the specified units unexpectedly disappear, this unit will be stopped as well.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.services.<name>.confinement.enableIf set, all the required runtime store paths for this service are
bind-mounted into a tmpfs-based
chroot(2).
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/systemd-confinement.nix>
|
systemd.services.<name>.confinement.packagesAdditional packages or strings with context to add to the closure of
the chroot. By default, this includes all the packages from the
serviceConfig.ExecReload, serviceConfig.ExecStartPost, serviceConfig.ExecStartPre, serviceConfig.ExecStop, serviceConfig.ExecStopPost and serviceConfig.ExecStart options. If you want to have all the
dependencies of this systemd unit, you can use
confinement.fullUnit.
The store paths listed in path are
not included in the closure as
well as paths from other options except those listed
above.
Type: list of (string or package)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/security/systemd-confinement.nix>
|
systemd.services.<name>.confinement.binShThe program to make available as /bin/sh inside
the chroot. If this is set to null, no
/bin/sh is provided at all.
This is useful for some applications, which for example use the system(3) library function to execute commands.
Type: null or path
Default: config.environment.binsh
Example: "${pkgs.dash}/bin/dash"
Declared by:
<nixpkgs/nixos/modules/security/systemd-confinement.nix>
|
systemd.services.<name>.confinement.fullUnitWhether to include the full closure of the systemd unit file into the chroot, instead of just the dependencies for the executables.
While it may be tempting to just enable this option to
make things work quickly, please be aware that this might add paths
to the closure of the chroot that you didn't anticipate. It's better
to use confinement.packages to explicitly add additional store paths to the
chroot.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/security/systemd-confinement.nix>
|
systemd.services.<name>.confinement.modeThe value full-apivfs (the default) sets up
private /dev, /proc,
/sys and /tmp file systems in a separate user
name space.
If this is set to chroot-only, only the file
system name space is set up along with the call to
chroot(2).
This doesn't cover network namespaces and is solely for file system level isolation.
Type: one of "full-apivfs", "chroot-only"
Default: "full-apivfs"
Declared by:
<nixpkgs/nixos/modules/security/systemd-confinement.nix>
|
systemd.services.<name>.conflictsIf the specified units are started, then this unit is stopped and vice versa.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.services.<name>.descriptionDescription of this unit used in systemd messages and progress indicators.
Type: (optionally newline-terminated) single-line string
Default: ""
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.services.<name>.documentationA list of URIs referencing documentation for this unit or its configuration.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.services.<name>.environmentEnvironment variables passed to the service's processes.
Type: attribute set of (null or string or path or package)
Default: { }
Example:
{
LANG = "nl_NL.UTF-8";
PATH = "/foo/bar/bin";
}Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.services.<name>.onFailureA list of one or more units that are activated when this unit enters the "failed" state.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.services.<name>.onSuccessA list of one or more units that are activated when this unit enters the "inactive" state.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.services.<name>.overrideStrategyDefines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise a drop-in file name overrides.conf.
asDropin creates a drop-in file named overrides.conf.
Mainly needed to define instances for systemd template units (e.g. systemd-nspawn@mycontainer.service).
See also systemd.unit(1).
Type: one of "asDropinIfExists", "asDropin"
Default: "asDropinIfExists"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.services.<name>.partOfIf the specified units are stopped or restarted, then this unit is stopped or restarted as well.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.services.<name>.pathPackages added to the service's PATH
environment variable. Both the bin
and sbin subdirectories of each
package are added.
Type: list of (package or string)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.services.<name>.postStartShell commands executed after the service's main process is started.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.services.<name>.postStopShell commands executed after the service's main process has exited.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.services.<name>.preStartShell commands executed before the service's main process is started.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.services.<name>.preStopShell commands executed to stop the service.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.services.<name>.reloadShell commands executed when the service's main process is reloaded.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.services.<name>.reloadIfChangedWhether the service should be reloaded during a NixOS
configuration switch if its definition has changed. If
enabled, the value of restartIfChanged is
ignored.
This option should not be used anymore in favor of
reloadTriggers which allows more granular
control of when a service is reloaded and when a service
is restarted.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.services.<name>.reloadTriggersAn arbitrary list of items such as derivations. If any item in the list changes between reconfigurations, the service will be reloaded. If anything but a reload trigger changes in the unit file, the unit will be restarted instead.
Type: list of (systemd option)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.services.<name>.requiredByUnits that require (i.e. depend on and need to go down with) this unit.
As discussed in the wantedBy option description this also creates
.requires symlinks automatically.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.services.<name>.requiresStart the specified units when this unit is started, and stop this unit when the specified units are stopped or fail.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.services.<name>.requisiteSimilar to requires. However if the units listed are not started, they will not be started and the transaction will fail.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.services.<name>.restartIfChangedWhether the service should be restarted during a NixOS configuration switch if its definition has changed.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.services.<name>.restartTriggersAn arbitrary list of items such as derivations. If any item in the list changes between reconfigurations, the service will be restarted.
Type: list of unspecified value
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.services.<name>.scriptShell commands executed as the service's main process.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.services.<name>.scriptArgsArguments passed to the main process script.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.services.<name>.serviceConfigEach attribute in this set specifies an option in the
[Service] section of the unit. See
systemd.service(5) for details.
Type: attribute set of (systemd option)
Default: { }
Example:
{
RestartSec = 5;
}Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.services.<name>.startAtAutomatically start this unit at the given date/time, which
must be in the format described in
systemd.time(7). This is equivalent
to adding a corresponding timer unit with
OnCalendar set to the value given here.
Type: string or list of string
Default: [ ]
Example: "Sun 14:00:00"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.services.<name>.startLimitBurstConfigure unit start rate limiting. Units which are started more than startLimitBurst times within an interval time interval are not permitted to start any more.
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.services.<name>.startLimitIntervalSecConfigure unit start rate limiting. Units which are started more than startLimitBurst times within an interval time interval are not permitted to start any more.
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.services.<name>.stopIfChangedIf set, a changed unit is restarted by calling
systemctl stop in the old configuration,
then systemctl start in the new one.
Otherwise, it is restarted in a single step using
systemctl restart in the new configuration.
The latter is less correct because it runs the
ExecStop commands from the new
configuration.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.services.<name>.unitConfigEach attribute in this set specifies an option in the
[Unit] section of the unit. See
systemd.unit(5) for details.
Type: attribute set of (systemd option)
Default: { }
Example:
{
RequiresMountsFor = "/data";
}Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.services.<name>.wantedByUnits that want (i.e. depend on) this unit. The default method for
starting a unit by default at boot time is to set this option to
'["multi-user.target"]' for system services. Likewise for user units
(systemd.user.<name>.*) set it to ["default.target"] to make a unit
start by default when the user <name> logs on.
This option creates a .wants symlink in the given target that exists
statelessly without the need for running systemctl enable.
The in systemd.unit(5) manpage described [Install] section however is
not supported because it is a stateful process that does not fit well
into the NixOS design.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.services.<name>.wantsStart the specified units when this unit is started.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.shutdownDefinition of systemd shutdown executables.
For each NAME = VALUE pair of the attrSet, a link is generated from
/etc/systemd/system-shutdown/NAME to VALUE.
Type: attribute set of path
Default: { }
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.shutdownRamfs.enableWhether to enable pivoting back to an initramfs for shutdown.
Type: boolean
Default: true
Example: true
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/shutdown.nix>
|
systemd.shutdownRamfs.contentsSet of files that have to be linked into the shutdown ramfs
Type: attribute set of (submodule)
Example:
{
"/lib/systemd/system-shutdown/zpool-sync-shutdown".source = writeShellScript "zpool" "exec ${zfs}/bin/zpool sync"
}
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/shutdown.nix>
|
systemd.shutdownRamfs.contents.<name>.enableWhether to enable copying of this file and symlinking it.
Type: boolean
Default: true
Example: true
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/shutdown.nix>
|
systemd.shutdownRamfs.contents.<name>.sourcePath of the source file.
Type: path
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/shutdown.nix>
|
systemd.shutdownRamfs.contents.<name>.targetPath of the symlink.
Type: path
Default: "‹name›"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/shutdown.nix>
|
systemd.shutdownRamfs.contents.<name>.textText of the file.
Type: null or strings concatenated with "\n"
Default: null
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/shutdown.nix>
|
systemd.shutdownRamfs.storePathsStore paths to copy into the shutdown ramfs as well.
Type: list of (optionally newline-terminated) single-line string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/shutdown.nix>
|
systemd.sleep.extraConfigExtra config options for systemd sleep state logic. See sleep.conf.d(5) man page for available options.
Type: strings concatenated with "\n"
Default: ""
Example: "HibernateDelaySec=1h"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.slicesDefinition of slice configurations.
Type: attribute set of (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.slices.<name>.enableIf set to false, this unit will be a symlink to
/dev/null. This is primarily useful to prevent specific
template instances
(e.g. serial-getty@ttyS0) from being
started. Note that enable=true does not
make a unit start by default at boot; if you want that, see
wantedBy.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.slices.<name>.afterIf the specified units are started at the same time as this unit, delay this unit until they have started.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.slices.<name>.aliasesAliases of that unit.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.slices.<name>.beforeIf the specified units are started at the same time as this unit, delay them until this unit has started.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.slices.<name>.bindsToLike ‘requires’, but in addition, if the specified units unexpectedly disappear, this unit will be stopped as well.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.slices.<name>.conflictsIf the specified units are started, then this unit is stopped and vice versa.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.slices.<name>.descriptionDescription of this unit used in systemd messages and progress indicators.
Type: (optionally newline-terminated) single-line string
Default: ""
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.slices.<name>.documentationA list of URIs referencing documentation for this unit or its configuration.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.slices.<name>.onFailureA list of one or more units that are activated when this unit enters the "failed" state.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.slices.<name>.onSuccessA list of one or more units that are activated when this unit enters the "inactive" state.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.slices.<name>.overrideStrategyDefines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise a drop-in file name overrides.conf.
asDropin creates a drop-in file named overrides.conf.
Mainly needed to define instances for systemd template units (e.g. systemd-nspawn@mycontainer.service).
See also systemd.unit(1).
Type: one of "asDropinIfExists", "asDropin"
Default: "asDropinIfExists"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.slices.<name>.partOfIf the specified units are stopped or restarted, then this unit is stopped or restarted as well.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.slices.<name>.reloadTriggersAn arbitrary list of items such as derivations. If any item in the list changes between reconfigurations, the service will be reloaded. If anything but a reload trigger changes in the unit file, the unit will be restarted instead.
Type: list of (systemd option)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.slices.<name>.requiredByUnits that require (i.e. depend on and need to go down with) this unit.
As discussed in the wantedBy option description this also creates
.requires symlinks automatically.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.slices.<name>.requiresStart the specified units when this unit is started, and stop this unit when the specified units are stopped or fail.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.slices.<name>.requisiteSimilar to requires. However if the units listed are not started, they will not be started and the transaction will fail.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.slices.<name>.restartTriggersAn arbitrary list of items such as derivations. If any item in the list changes between reconfigurations, the service will be restarted.
Type: list of unspecified value
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.slices.<name>.sliceConfigEach attribute in this set specifies an option in the
[Slice] section of the unit. See
systemd.slice(5) for details.
Type: attribute set of (systemd option)
Default: { }
Example:
{
MemoryMax = "2G";
}Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.slices.<name>.startLimitBurstConfigure unit start rate limiting. Units which are started more than startLimitBurst times within an interval time interval are not permitted to start any more.
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.slices.<name>.startLimitIntervalSecConfigure unit start rate limiting. Units which are started more than startLimitBurst times within an interval time interval are not permitted to start any more.
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.slices.<name>.unitConfigEach attribute in this set specifies an option in the
[Unit] section of the unit. See
systemd.unit(5) for details.
Type: attribute set of (systemd option)
Default: { }
Example:
{
RequiresMountsFor = "/data";
}Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.slices.<name>.wantedByUnits that want (i.e. depend on) this unit. The default method for
starting a unit by default at boot time is to set this option to
'["multi-user.target"]' for system services. Likewise for user units
(systemd.user.<name>.*) set it to ["default.target"] to make a unit
start by default when the user <name> logs on.
This option creates a .wants symlink in the given target that exists
statelessly without the need for running systemctl enable.
The in systemd.unit(5) manpage described [Install] section however is
not supported because it is a stateful process that does not fit well
into the NixOS design.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.slices.<name>.wantsStart the specified units when this unit is started.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.socketsDefinition of systemd socket units.
Type: attribute set of (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.sockets.<name>.enableIf set to false, this unit will be a symlink to
/dev/null. This is primarily useful to prevent specific
template instances
(e.g. serial-getty@ttyS0) from being
started. Note that enable=true does not
make a unit start by default at boot; if you want that, see
wantedBy.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.sockets.<name>.afterIf the specified units are started at the same time as this unit, delay this unit until they have started.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.sockets.<name>.aliasesAliases of that unit.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.sockets.<name>.beforeIf the specified units are started at the same time as this unit, delay them until this unit has started.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.sockets.<name>.bindsToLike ‘requires’, but in addition, if the specified units unexpectedly disappear, this unit will be stopped as well.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.sockets.<name>.conflictsIf the specified units are started, then this unit is stopped and vice versa.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.sockets.<name>.descriptionDescription of this unit used in systemd messages and progress indicators.
Type: (optionally newline-terminated) single-line string
Default: ""
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.sockets.<name>.documentationA list of URIs referencing documentation for this unit or its configuration.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.sockets.<name>.listenDatagramsFor each item in this list, a ListenDatagram
option in the [Socket] section will be created.
Type: list of string
Default: [ ]
Example:
[ "0.0.0.0:993" "/run/my-socket" ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.sockets.<name>.listenStreamsFor each item in this list, a ListenStream
option in the [Socket] section will be created.
Type: list of string
Default: [ ]
Example:
[ "0.0.0.0:993" "/run/my-socket" ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.sockets.<name>.onFailureA list of one or more units that are activated when this unit enters the "failed" state.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.sockets.<name>.onSuccessA list of one or more units that are activated when this unit enters the "inactive" state.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.sockets.<name>.overrideStrategyDefines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise a drop-in file name overrides.conf.
asDropin creates a drop-in file named overrides.conf.
Mainly needed to define instances for systemd template units (e.g. systemd-nspawn@mycontainer.service).
See also systemd.unit(1).
Type: one of "asDropinIfExists", "asDropin"
Default: "asDropinIfExists"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.sockets.<name>.partOfIf the specified units are stopped or restarted, then this unit is stopped or restarted as well.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.sockets.<name>.reloadTriggersAn arbitrary list of items such as derivations. If any item in the list changes between reconfigurations, the service will be reloaded. If anything but a reload trigger changes in the unit file, the unit will be restarted instead.
Type: list of (systemd option)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.sockets.<name>.requiredByUnits that require (i.e. depend on and need to go down with) this unit.
As discussed in the wantedBy option description this also creates
.requires symlinks automatically.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.sockets.<name>.requiresStart the specified units when this unit is started, and stop this unit when the specified units are stopped or fail.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.sockets.<name>.requisiteSimilar to requires. However if the units listed are not started, they will not be started and the transaction will fail.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.sockets.<name>.restartTriggersAn arbitrary list of items such as derivations. If any item in the list changes between reconfigurations, the service will be restarted.
Type: list of unspecified value
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.sockets.<name>.socketConfigEach attribute in this set specifies an option in the
[Socket] section of the unit. See
systemd.socket(5) for details.
Type: attribute set of (systemd option)
Default: { }
Example:
{
ListenStream = "/run/my-socket";
}Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.sockets.<name>.startLimitBurstConfigure unit start rate limiting. Units which are started more than startLimitBurst times within an interval time interval are not permitted to start any more.
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.sockets.<name>.startLimitIntervalSecConfigure unit start rate limiting. Units which are started more than startLimitBurst times within an interval time interval are not permitted to start any more.
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.sockets.<name>.unitConfigEach attribute in this set specifies an option in the
[Unit] section of the unit. See
systemd.unit(5) for details.
Type: attribute set of (systemd option)
Default: { }
Example:
{
RequiresMountsFor = "/data";
}Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.sockets.<name>.wantedByUnits that want (i.e. depend on) this unit. The default method for
starting a unit by default at boot time is to set this option to
'["multi-user.target"]' for system services. Likewise for user units
(systemd.user.<name>.*) set it to ["default.target"] to make a unit
start by default when the user <name> logs on.
This option creates a .wants symlink in the given target that exists
statelessly without the need for running systemctl enable.
The in systemd.unit(5) manpage described [Install] section however is
not supported because it is a stateful process that does not fit well
into the NixOS design.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.sockets.<name>.wantsStart the specified units when this unit is started.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.suppressedSystemUnitsA list of units to skip when generating system systemd configuration directory. This has
priority over upstream units, systemd.units, and
systemd.additionalUpstreamSystemUnits. The main purpose of this is to
prevent a upstream systemd unit from being added to the initrd with any modifications made to it
by other NixOS modules.
Type: list of string
Default: [ ]
Example:
[ "systemd-backlight@.service" ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.targetsDefinition of systemd target units.
Type: attribute set of (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.targets.<name>.enableIf set to false, this unit will be a symlink to
/dev/null. This is primarily useful to prevent specific
template instances
(e.g. serial-getty@ttyS0) from being
started. Note that enable=true does not
make a unit start by default at boot; if you want that, see
wantedBy.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.targets.<name>.afterIf the specified units are started at the same time as this unit, delay this unit until they have started.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.targets.<name>.aliasesAliases of that unit.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.targets.<name>.beforeIf the specified units are started at the same time as this unit, delay them until this unit has started.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.targets.<name>.bindsToLike ‘requires’, but in addition, if the specified units unexpectedly disappear, this unit will be stopped as well.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.targets.<name>.conflictsIf the specified units are started, then this unit is stopped and vice versa.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.targets.<name>.descriptionDescription of this unit used in systemd messages and progress indicators.
Type: (optionally newline-terminated) single-line string
Default: ""
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.targets.<name>.documentationA list of URIs referencing documentation for this unit or its configuration.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.targets.<name>.onFailureA list of one or more units that are activated when this unit enters the "failed" state.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.targets.<name>.onSuccessA list of one or more units that are activated when this unit enters the "inactive" state.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.targets.<name>.overrideStrategyDefines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise a drop-in file name overrides.conf.
asDropin creates a drop-in file named overrides.conf.
Mainly needed to define instances for systemd template units (e.g. systemd-nspawn@mycontainer.service).
See also systemd.unit(1).
Type: one of "asDropinIfExists", "asDropin"
Default: "asDropinIfExists"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.targets.<name>.partOfIf the specified units are stopped or restarted, then this unit is stopped or restarted as well.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.targets.<name>.reloadTriggersAn arbitrary list of items such as derivations. If any item in the list changes between reconfigurations, the service will be reloaded. If anything but a reload trigger changes in the unit file, the unit will be restarted instead.
Type: list of (systemd option)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.targets.<name>.requiredByUnits that require (i.e. depend on and need to go down with) this unit.
As discussed in the wantedBy option description this also creates
.requires symlinks automatically.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.targets.<name>.requiresStart the specified units when this unit is started, and stop this unit when the specified units are stopped or fail.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.targets.<name>.requisiteSimilar to requires. However if the units listed are not started, they will not be started and the transaction will fail.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.targets.<name>.restartTriggersAn arbitrary list of items such as derivations. If any item in the list changes between reconfigurations, the service will be restarted.
Type: list of unspecified value
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.targets.<name>.startLimitBurstConfigure unit start rate limiting. Units which are started more than startLimitBurst times within an interval time interval are not permitted to start any more.
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.targets.<name>.startLimitIntervalSecConfigure unit start rate limiting. Units which are started more than startLimitBurst times within an interval time interval are not permitted to start any more.
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.targets.<name>.unitConfigEach attribute in this set specifies an option in the
[Unit] section of the unit. See
systemd.unit(5) for details.
Type: attribute set of (systemd option)
Default: { }
Example:
{
RequiresMountsFor = "/data";
}Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.targets.<name>.wantedByUnits that want (i.e. depend on) this unit. The default method for
starting a unit by default at boot time is to set this option to
'["multi-user.target"]' for system services. Likewise for user units
(systemd.user.<name>.*) set it to ["default.target"] to make a unit
start by default when the user <name> logs on.
This option creates a .wants symlink in the given target that exists
statelessly without the need for running systemctl enable.
The in systemd.unit(5) manpage described [Install] section however is
not supported because it is a stateful process that does not fit well
into the NixOS design.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.targets.<name>.wantsStart the specified units when this unit is started.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.timersDefinition of systemd timer units.
Type: attribute set of (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.timers.<name>.enableIf set to false, this unit will be a symlink to
/dev/null. This is primarily useful to prevent specific
template instances
(e.g. serial-getty@ttyS0) from being
started. Note that enable=true does not
make a unit start by default at boot; if you want that, see
wantedBy.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.timers.<name>.afterIf the specified units are started at the same time as this unit, delay this unit until they have started.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.timers.<name>.aliasesAliases of that unit.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.timers.<name>.beforeIf the specified units are started at the same time as this unit, delay them until this unit has started.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.timers.<name>.bindsToLike ‘requires’, but in addition, if the specified units unexpectedly disappear, this unit will be stopped as well.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.timers.<name>.conflictsIf the specified units are started, then this unit is stopped and vice versa.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.timers.<name>.descriptionDescription of this unit used in systemd messages and progress indicators.
Type: (optionally newline-terminated) single-line string
Default: ""
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.timers.<name>.documentationA list of URIs referencing documentation for this unit or its configuration.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.timers.<name>.onFailureA list of one or more units that are activated when this unit enters the "failed" state.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.timers.<name>.onSuccessA list of one or more units that are activated when this unit enters the "inactive" state.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.timers.<name>.overrideStrategyDefines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise a drop-in file name overrides.conf.
asDropin creates a drop-in file named overrides.conf.
Mainly needed to define instances for systemd template units (e.g. systemd-nspawn@mycontainer.service).
See also systemd.unit(1).
Type: one of "asDropinIfExists", "asDropin"
Default: "asDropinIfExists"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.timers.<name>.partOfIf the specified units are stopped or restarted, then this unit is stopped or restarted as well.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.timers.<name>.reloadTriggersAn arbitrary list of items such as derivations. If any item in the list changes between reconfigurations, the service will be reloaded. If anything but a reload trigger changes in the unit file, the unit will be restarted instead.
Type: list of (systemd option)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.timers.<name>.requiredByUnits that require (i.e. depend on and need to go down with) this unit.
As discussed in the wantedBy option description this also creates
.requires symlinks automatically.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.timers.<name>.requiresStart the specified units when this unit is started, and stop this unit when the specified units are stopped or fail.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.timers.<name>.requisiteSimilar to requires. However if the units listed are not started, they will not be started and the transaction will fail.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.timers.<name>.restartTriggersAn arbitrary list of items such as derivations. If any item in the list changes between reconfigurations, the service will be restarted.
Type: list of unspecified value
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.timers.<name>.startLimitBurstConfigure unit start rate limiting. Units which are started more than startLimitBurst times within an interval time interval are not permitted to start any more.
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.timers.<name>.startLimitIntervalSecConfigure unit start rate limiting. Units which are started more than startLimitBurst times within an interval time interval are not permitted to start any more.
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.timers.<name>.timerConfigEach attribute in this set specifies an option in the
[Timer] section of the unit. See
systemd.timer(5) and
systemd.time(7) for details.
Type: attribute set of (systemd option)
Default: { }
Example:
{
OnCalendar = "Sun 14:00:00";
Unit = "foo.service";
}Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.timers.<name>.unitConfigEach attribute in this set specifies an option in the
[Unit] section of the unit. See
systemd.unit(5) for details.
Type: attribute set of (systemd option)
Default: { }
Example:
{
RequiresMountsFor = "/data";
}Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.timers.<name>.wantedByUnits that want (i.e. depend on) this unit. The default method for
starting a unit by default at boot time is to set this option to
'["multi-user.target"]' for system services. Likewise for user units
(systemd.user.<name>.*) set it to ["default.target"] to make a unit
start by default when the user <name> logs on.
This option creates a .wants symlink in the given target that exists
statelessly without the need for running systemctl enable.
The in systemd.unit(5) manpage described [Install] section however is
not supported because it is a stateful process that does not fit well
into the NixOS design.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.timers.<name>.wantsStart the specified units when this unit is started.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.tmpfiles.packagesList of packages containing systemd-tmpfiles rules.
All files ending in .conf found in
«pkg»/lib/tmpfiles.d
will be included.
If this folder does not exist or does not contain any files an error will be returned instead.
If a lib output is available, rules are searched there and only there.
If there is no lib output it will fall back to out
and if that does not exist either, the default output will be used.
Type: list of package
Default: [ ]
Example: [ pkgs.lvm2 ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/tmpfiles.nix>
|
systemd.tmpfiles.rulesRules for creation, deletion and cleaning of volatile and temporary files automatically. See tmpfiles.d(5) for the exact format.
Type: list of string
Default: [ ]
Example:
[ "d /tmp 1777 root root 10d" ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/tmpfiles.nix>
|
systemd.unitsDefinition of systemd units.
Type: attribute set of (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.units.<name>.enableIf set to false, this unit will be a symlink to
/dev/null. This is primarily useful to prevent specific
template instances
(e.g. serial-getty@ttyS0) from being
started. Note that enable=true does not
make a unit start by default at boot; if you want that, see
wantedBy.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.units.<name>.aliasesAliases of that unit.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.units.<name>.overrideStrategyDefines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise a drop-in file name overrides.conf.
asDropin creates a drop-in file named overrides.conf.
Mainly needed to define instances for systemd template units (e.g. systemd-nspawn@mycontainer.service).
See also systemd.unit(1).
Type: one of "asDropinIfExists", "asDropin"
Default: "asDropinIfExists"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.units.<name>.requiredByUnits that require (i.e. depend on and need to go down with) this unit.
As discussed in the wantedBy option description this also creates
.requires symlinks automatically.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.units.<name>.textText of this systemd unit.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.units.<name>.wantedByUnits that want (i.e. depend on) this unit. The default method for
starting a unit by default at boot time is to set this option to
'["multi-user.target"]' for system services. Likewise for user units
(systemd.user.<name>.*) set it to ["default.target"] to make a unit
start by default when the user <name> logs on.
This option creates a .wants symlink in the given target that exists
statelessly without the need for running systemctl enable.
The in systemd.unit(5) manpage described [Install] section however is
not supported because it is a stateful process that does not fit well
into the NixOS design.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.user.extraConfigExtra config options for systemd user instances. See man systemd-user.conf for available options.
Type: strings concatenated with "\n"
Default: ""
Example: "DefaultCPUAccounting=yes"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.pathsDefinition of systemd per-user path units.
Type: attribute set of (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.paths.<name>.enableIf set to false, this unit will be a symlink to
/dev/null. This is primarily useful to prevent specific
template instances
(e.g. serial-getty@ttyS0) from being
started. Note that enable=true does not
make a unit start by default at boot; if you want that, see
wantedBy.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.paths.<name>.afterIf the specified units are started at the same time as this unit, delay this unit until they have started.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.paths.<name>.aliasesAliases of that unit.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.paths.<name>.beforeIf the specified units are started at the same time as this unit, delay them until this unit has started.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.paths.<name>.bindsToLike ‘requires’, but in addition, if the specified units unexpectedly disappear, this unit will be stopped as well.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.paths.<name>.conflictsIf the specified units are started, then this unit is stopped and vice versa.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.paths.<name>.descriptionDescription of this unit used in systemd messages and progress indicators.
Type: (optionally newline-terminated) single-line string
Default: ""
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.paths.<name>.documentationA list of URIs referencing documentation for this unit or its configuration.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.paths.<name>.onFailureA list of one or more units that are activated when this unit enters the "failed" state.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.paths.<name>.onSuccessA list of one or more units that are activated when this unit enters the "inactive" state.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.paths.<name>.overrideStrategyDefines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise a drop-in file name overrides.conf.
asDropin creates a drop-in file named overrides.conf.
Mainly needed to define instances for systemd template units (e.g. systemd-nspawn@mycontainer.service).
See also systemd.unit(1).
Type: one of "asDropinIfExists", "asDropin"
Default: "asDropinIfExists"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.paths.<name>.partOfIf the specified units are stopped or restarted, then this unit is stopped or restarted as well.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.paths.<name>.pathConfigEach attribute in this set specifies an option in the
[Path] section of the unit. See
systemd.path(5) for details.
Type: attribute set of (systemd option)
Default: { }
Example:
{
PathChanged = "/some/path";
Unit = "changedpath.service";
}Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.paths.<name>.reloadTriggersAn arbitrary list of items such as derivations. If any item in the list changes between reconfigurations, the service will be reloaded. If anything but a reload trigger changes in the unit file, the unit will be restarted instead.
Type: list of (systemd option)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.paths.<name>.requiredByUnits that require (i.e. depend on and need to go down with) this unit.
As discussed in the wantedBy option description this also creates
.requires symlinks automatically.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.paths.<name>.requiresStart the specified units when this unit is started, and stop this unit when the specified units are stopped or fail.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.paths.<name>.requisiteSimilar to requires. However if the units listed are not started, they will not be started and the transaction will fail.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.paths.<name>.restartTriggersAn arbitrary list of items such as derivations. If any item in the list changes between reconfigurations, the service will be restarted.
Type: list of unspecified value
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.paths.<name>.startLimitBurstConfigure unit start rate limiting. Units which are started more than startLimitBurst times within an interval time interval are not permitted to start any more.
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.paths.<name>.startLimitIntervalSecConfigure unit start rate limiting. Units which are started more than startLimitBurst times within an interval time interval are not permitted to start any more.
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.paths.<name>.unitConfigEach attribute in this set specifies an option in the
[Unit] section of the unit. See
systemd.unit(5) for details.
Type: attribute set of (systemd option)
Default: { }
Example:
{
RequiresMountsFor = "/data";
}Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.paths.<name>.wantedByUnits that want (i.e. depend on) this unit. The default method for
starting a unit by default at boot time is to set this option to
'["multi-user.target"]' for system services. Likewise for user units
(systemd.user.<name>.*) set it to ["default.target"] to make a unit
start by default when the user <name> logs on.
This option creates a .wants symlink in the given target that exists
statelessly without the need for running systemctl enable.
The in systemd.unit(5) manpage described [Install] section however is
not supported because it is a stateful process that does not fit well
into the NixOS design.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.paths.<name>.wantsStart the specified units when this unit is started.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.servicesDefinition of systemd per-user service units.
Type: attribute set of (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.services.<name>.enableIf set to false, this unit will be a symlink to
/dev/null. This is primarily useful to prevent specific
template instances
(e.g. serial-getty@ttyS0) from being
started. Note that enable=true does not
make a unit start by default at boot; if you want that, see
wantedBy.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.services.<name>.afterIf the specified units are started at the same time as this unit, delay this unit until they have started.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.services.<name>.aliasesAliases of that unit.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.services.<name>.beforeIf the specified units are started at the same time as this unit, delay them until this unit has started.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.services.<name>.bindsToLike ‘requires’, but in addition, if the specified units unexpectedly disappear, this unit will be stopped as well.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.services.<name>.conflictsIf the specified units are started, then this unit is stopped and vice versa.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.services.<name>.descriptionDescription of this unit used in systemd messages and progress indicators.
Type: (optionally newline-terminated) single-line string
Default: ""
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.services.<name>.documentationA list of URIs referencing documentation for this unit or its configuration.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.services.<name>.environmentEnvironment variables passed to the service's processes.
Type: attribute set of (null or string or path or package)
Default: { }
Example:
{
LANG = "nl_NL.UTF-8";
PATH = "/foo/bar/bin";
}Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.services.<name>.onFailureA list of one or more units that are activated when this unit enters the "failed" state.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.services.<name>.onSuccessA list of one or more units that are activated when this unit enters the "inactive" state.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.services.<name>.overrideStrategyDefines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise a drop-in file name overrides.conf.
asDropin creates a drop-in file named overrides.conf.
Mainly needed to define instances for systemd template units (e.g. systemd-nspawn@mycontainer.service).
See also systemd.unit(1).
Type: one of "asDropinIfExists", "asDropin"
Default: "asDropinIfExists"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.services.<name>.partOfIf the specified units are stopped or restarted, then this unit is stopped or restarted as well.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.services.<name>.pathPackages added to the service's PATH
environment variable. Both the bin
and sbin subdirectories of each
package are added.
Type: list of (package or string)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.services.<name>.postStartShell commands executed after the service's main process is started.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.services.<name>.postStopShell commands executed after the service's main process has exited.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.services.<name>.preStartShell commands executed before the service's main process is started.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.services.<name>.preStopShell commands executed to stop the service.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.services.<name>.reloadShell commands executed when the service's main process is reloaded.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.services.<name>.reloadIfChangedWhether the service should be reloaded during a NixOS
configuration switch if its definition has changed. If
enabled, the value of restartIfChanged is
ignored.
This option should not be used anymore in favor of
reloadTriggers which allows more granular
control of when a service is reloaded and when a service
is restarted.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.services.<name>.reloadTriggersAn arbitrary list of items such as derivations. If any item in the list changes between reconfigurations, the service will be reloaded. If anything but a reload trigger changes in the unit file, the unit will be restarted instead.
Type: list of (systemd option)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.services.<name>.requiredByUnits that require (i.e. depend on and need to go down with) this unit.
As discussed in the wantedBy option description this also creates
.requires symlinks automatically.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.services.<name>.requiresStart the specified units when this unit is started, and stop this unit when the specified units are stopped or fail.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.services.<name>.requisiteSimilar to requires. However if the units listed are not started, they will not be started and the transaction will fail.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.services.<name>.restartIfChangedWhether the service should be restarted during a NixOS configuration switch if its definition has changed.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.services.<name>.restartTriggersAn arbitrary list of items such as derivations. If any item in the list changes between reconfigurations, the service will be restarted.
Type: list of unspecified value
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.services.<name>.scriptShell commands executed as the service's main process.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.services.<name>.scriptArgsArguments passed to the main process script.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.services.<name>.serviceConfigEach attribute in this set specifies an option in the
[Service] section of the unit. See
systemd.service(5) for details.
Type: attribute set of (systemd option)
Default: { }
Example:
{
RestartSec = 5;
}Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.services.<name>.startAtAutomatically start this unit at the given date/time, which
must be in the format described in
systemd.time(7). This is equivalent
to adding a corresponding timer unit with
OnCalendar set to the value given here.
Type: string or list of string
Default: [ ]
Example: "Sun 14:00:00"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.services.<name>.startLimitBurstConfigure unit start rate limiting. Units which are started more than startLimitBurst times within an interval time interval are not permitted to start any more.
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.services.<name>.startLimitIntervalSecConfigure unit start rate limiting. Units which are started more than startLimitBurst times within an interval time interval are not permitted to start any more.
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.services.<name>.stopIfChangedIf set, a changed unit is restarted by calling
systemctl stop in the old configuration,
then systemctl start in the new one.
Otherwise, it is restarted in a single step using
systemctl restart in the new configuration.
The latter is less correct because it runs the
ExecStop commands from the new
configuration.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.services.<name>.unitConfigEach attribute in this set specifies an option in the
[Unit] section of the unit. See
systemd.unit(5) for details.
Type: attribute set of (systemd option)
Default: { }
Example:
{
RequiresMountsFor = "/data";
}Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.services.<name>.wantedByUnits that want (i.e. depend on) this unit. The default method for
starting a unit by default at boot time is to set this option to
'["multi-user.target"]' for system services. Likewise for user units
(systemd.user.<name>.*) set it to ["default.target"] to make a unit
start by default when the user <name> logs on.
This option creates a .wants symlink in the given target that exists
statelessly without the need for running systemctl enable.
The in systemd.unit(5) manpage described [Install] section however is
not supported because it is a stateful process that does not fit well
into the NixOS design.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.services.<name>.wantsStart the specified units when this unit is started.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.slicesDefinition of systemd per-user slice units.
Type: attribute set of (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.slices.<name>.enableIf set to false, this unit will be a symlink to
/dev/null. This is primarily useful to prevent specific
template instances
(e.g. serial-getty@ttyS0) from being
started. Note that enable=true does not
make a unit start by default at boot; if you want that, see
wantedBy.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.slices.<name>.afterIf the specified units are started at the same time as this unit, delay this unit until they have started.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.slices.<name>.aliasesAliases of that unit.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.slices.<name>.beforeIf the specified units are started at the same time as this unit, delay them until this unit has started.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.slices.<name>.bindsToLike ‘requires’, but in addition, if the specified units unexpectedly disappear, this unit will be stopped as well.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.slices.<name>.conflictsIf the specified units are started, then this unit is stopped and vice versa.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.slices.<name>.descriptionDescription of this unit used in systemd messages and progress indicators.
Type: (optionally newline-terminated) single-line string
Default: ""
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.slices.<name>.documentationA list of URIs referencing documentation for this unit or its configuration.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.slices.<name>.onFailureA list of one or more units that are activated when this unit enters the "failed" state.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.slices.<name>.onSuccessA list of one or more units that are activated when this unit enters the "inactive" state.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.slices.<name>.overrideStrategyDefines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise a drop-in file name overrides.conf.
asDropin creates a drop-in file named overrides.conf.
Mainly needed to define instances for systemd template units (e.g. systemd-nspawn@mycontainer.service).
See also systemd.unit(1).
Type: one of "asDropinIfExists", "asDropin"
Default: "asDropinIfExists"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.slices.<name>.partOfIf the specified units are stopped or restarted, then this unit is stopped or restarted as well.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.slices.<name>.reloadTriggersAn arbitrary list of items such as derivations. If any item in the list changes between reconfigurations, the service will be reloaded. If anything but a reload trigger changes in the unit file, the unit will be restarted instead.
Type: list of (systemd option)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.slices.<name>.requiredByUnits that require (i.e. depend on and need to go down with) this unit.
As discussed in the wantedBy option description this also creates
.requires symlinks automatically.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.slices.<name>.requiresStart the specified units when this unit is started, and stop this unit when the specified units are stopped or fail.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.slices.<name>.requisiteSimilar to requires. However if the units listed are not started, they will not be started and the transaction will fail.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.slices.<name>.restartTriggersAn arbitrary list of items such as derivations. If any item in the list changes between reconfigurations, the service will be restarted.
Type: list of unspecified value
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.slices.<name>.sliceConfigEach attribute in this set specifies an option in the
[Slice] section of the unit. See
systemd.slice(5) for details.
Type: attribute set of (systemd option)
Default: { }
Example:
{
MemoryMax = "2G";
}Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.slices.<name>.startLimitBurstConfigure unit start rate limiting. Units which are started more than startLimitBurst times within an interval time interval are not permitted to start any more.
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.slices.<name>.startLimitIntervalSecConfigure unit start rate limiting. Units which are started more than startLimitBurst times within an interval time interval are not permitted to start any more.
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.slices.<name>.unitConfigEach attribute in this set specifies an option in the
[Unit] section of the unit. See
systemd.unit(5) for details.
Type: attribute set of (systemd option)
Default: { }
Example:
{
RequiresMountsFor = "/data";
}Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.slices.<name>.wantedByUnits that want (i.e. depend on) this unit. The default method for
starting a unit by default at boot time is to set this option to
'["multi-user.target"]' for system services. Likewise for user units
(systemd.user.<name>.*) set it to ["default.target"] to make a unit
start by default when the user <name> logs on.
This option creates a .wants symlink in the given target that exists
statelessly without the need for running systemctl enable.
The in systemd.unit(5) manpage described [Install] section however is
not supported because it is a stateful process that does not fit well
into the NixOS design.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.slices.<name>.wantsStart the specified units when this unit is started.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.socketsDefinition of systemd per-user socket units.
Type: attribute set of (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.sockets.<name>.enableIf set to false, this unit will be a symlink to
/dev/null. This is primarily useful to prevent specific
template instances
(e.g. serial-getty@ttyS0) from being
started. Note that enable=true does not
make a unit start by default at boot; if you want that, see
wantedBy.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.sockets.<name>.afterIf the specified units are started at the same time as this unit, delay this unit until they have started.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.sockets.<name>.aliasesAliases of that unit.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.sockets.<name>.beforeIf the specified units are started at the same time as this unit, delay them until this unit has started.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.sockets.<name>.bindsToLike ‘requires’, but in addition, if the specified units unexpectedly disappear, this unit will be stopped as well.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.sockets.<name>.conflictsIf the specified units are started, then this unit is stopped and vice versa.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.sockets.<name>.descriptionDescription of this unit used in systemd messages and progress indicators.
Type: (optionally newline-terminated) single-line string
Default: ""
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.sockets.<name>.documentationA list of URIs referencing documentation for this unit or its configuration.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.sockets.<name>.listenDatagramsFor each item in this list, a ListenDatagram
option in the [Socket] section will be created.
Type: list of string
Default: [ ]
Example:
[ "0.0.0.0:993" "/run/my-socket" ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.sockets.<name>.listenStreamsFor each item in this list, a ListenStream
option in the [Socket] section will be created.
Type: list of string
Default: [ ]
Example:
[ "0.0.0.0:993" "/run/my-socket" ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.sockets.<name>.onFailureA list of one or more units that are activated when this unit enters the "failed" state.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.sockets.<name>.onSuccessA list of one or more units that are activated when this unit enters the "inactive" state.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.sockets.<name>.overrideStrategyDefines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise a drop-in file name overrides.conf.
asDropin creates a drop-in file named overrides.conf.
Mainly needed to define instances for systemd template units (e.g. systemd-nspawn@mycontainer.service).
See also systemd.unit(1).
Type: one of "asDropinIfExists", "asDropin"
Default: "asDropinIfExists"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.sockets.<name>.partOfIf the specified units are stopped or restarted, then this unit is stopped or restarted as well.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.sockets.<name>.reloadTriggersAn arbitrary list of items such as derivations. If any item in the list changes between reconfigurations, the service will be reloaded. If anything but a reload trigger changes in the unit file, the unit will be restarted instead.
Type: list of (systemd option)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.sockets.<name>.requiredByUnits that require (i.e. depend on and need to go down with) this unit.
As discussed in the wantedBy option description this also creates
.requires symlinks automatically.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.sockets.<name>.requiresStart the specified units when this unit is started, and stop this unit when the specified units are stopped or fail.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.sockets.<name>.requisiteSimilar to requires. However if the units listed are not started, they will not be started and the transaction will fail.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.sockets.<name>.restartTriggersAn arbitrary list of items such as derivations. If any item in the list changes between reconfigurations, the service will be restarted.
Type: list of unspecified value
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.sockets.<name>.socketConfigEach attribute in this set specifies an option in the
[Socket] section of the unit. See
systemd.socket(5) for details.
Type: attribute set of (systemd option)
Default: { }
Example:
{
ListenStream = "/run/my-socket";
}Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.sockets.<name>.startLimitBurstConfigure unit start rate limiting. Units which are started more than startLimitBurst times within an interval time interval are not permitted to start any more.
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.sockets.<name>.startLimitIntervalSecConfigure unit start rate limiting. Units which are started more than startLimitBurst times within an interval time interval are not permitted to start any more.
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.sockets.<name>.unitConfigEach attribute in this set specifies an option in the
[Unit] section of the unit. See
systemd.unit(5) for details.
Type: attribute set of (systemd option)
Default: { }
Example:
{
RequiresMountsFor = "/data";
}Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.sockets.<name>.wantedByUnits that want (i.e. depend on) this unit. The default method for
starting a unit by default at boot time is to set this option to
'["multi-user.target"]' for system services. Likewise for user units
(systemd.user.<name>.*) set it to ["default.target"] to make a unit
start by default when the user <name> logs on.
This option creates a .wants symlink in the given target that exists
statelessly without the need for running systemctl enable.
The in systemd.unit(5) manpage described [Install] section however is
not supported because it is a stateful process that does not fit well
into the NixOS design.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.sockets.<name>.wantsStart the specified units when this unit is started.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.targetsDefinition of systemd per-user target units.
Type: attribute set of (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.targets.<name>.enableIf set to false, this unit will be a symlink to
/dev/null. This is primarily useful to prevent specific
template instances
(e.g. serial-getty@ttyS0) from being
started. Note that enable=true does not
make a unit start by default at boot; if you want that, see
wantedBy.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.targets.<name>.afterIf the specified units are started at the same time as this unit, delay this unit until they have started.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.targets.<name>.aliasesAliases of that unit.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.targets.<name>.beforeIf the specified units are started at the same time as this unit, delay them until this unit has started.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.targets.<name>.bindsToLike ‘requires’, but in addition, if the specified units unexpectedly disappear, this unit will be stopped as well.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.targets.<name>.conflictsIf the specified units are started, then this unit is stopped and vice versa.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.targets.<name>.descriptionDescription of this unit used in systemd messages and progress indicators.
Type: (optionally newline-terminated) single-line string
Default: ""
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.targets.<name>.documentationA list of URIs referencing documentation for this unit or its configuration.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.targets.<name>.onFailureA list of one or more units that are activated when this unit enters the "failed" state.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.targets.<name>.onSuccessA list of one or more units that are activated when this unit enters the "inactive" state.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.targets.<name>.overrideStrategyDefines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise a drop-in file name overrides.conf.
asDropin creates a drop-in file named overrides.conf.
Mainly needed to define instances for systemd template units (e.g. systemd-nspawn@mycontainer.service).
See also systemd.unit(1).
Type: one of "asDropinIfExists", "asDropin"
Default: "asDropinIfExists"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.targets.<name>.partOfIf the specified units are stopped or restarted, then this unit is stopped or restarted as well.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.targets.<name>.reloadTriggersAn arbitrary list of items such as derivations. If any item in the list changes between reconfigurations, the service will be reloaded. If anything but a reload trigger changes in the unit file, the unit will be restarted instead.
Type: list of (systemd option)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.targets.<name>.requiredByUnits that require (i.e. depend on and need to go down with) this unit.
As discussed in the wantedBy option description this also creates
.requires symlinks automatically.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.targets.<name>.requiresStart the specified units when this unit is started, and stop this unit when the specified units are stopped or fail.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.targets.<name>.requisiteSimilar to requires. However if the units listed are not started, they will not be started and the transaction will fail.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.targets.<name>.restartTriggersAn arbitrary list of items such as derivations. If any item in the list changes between reconfigurations, the service will be restarted.
Type: list of unspecified value
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.targets.<name>.startLimitBurstConfigure unit start rate limiting. Units which are started more than startLimitBurst times within an interval time interval are not permitted to start any more.
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.targets.<name>.startLimitIntervalSecConfigure unit start rate limiting. Units which are started more than startLimitBurst times within an interval time interval are not permitted to start any more.
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.targets.<name>.unitConfigEach attribute in this set specifies an option in the
[Unit] section of the unit. See
systemd.unit(5) for details.
Type: attribute set of (systemd option)
Default: { }
Example:
{
RequiresMountsFor = "/data";
}Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.targets.<name>.wantedByUnits that want (i.e. depend on) this unit. The default method for
starting a unit by default at boot time is to set this option to
'["multi-user.target"]' for system services. Likewise for user units
(systemd.user.<name>.*) set it to ["default.target"] to make a unit
start by default when the user <name> logs on.
This option creates a .wants symlink in the given target that exists
statelessly without the need for running systemctl enable.
The in systemd.unit(5) manpage described [Install] section however is
not supported because it is a stateful process that does not fit well
into the NixOS design.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.targets.<name>.wantsStart the specified units when this unit is started.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.timersDefinition of systemd per-user timer units.
Type: attribute set of (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.timers.<name>.enableIf set to false, this unit will be a symlink to
/dev/null. This is primarily useful to prevent specific
template instances
(e.g. serial-getty@ttyS0) from being
started. Note that enable=true does not
make a unit start by default at boot; if you want that, see
wantedBy.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.timers.<name>.afterIf the specified units are started at the same time as this unit, delay this unit until they have started.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.timers.<name>.aliasesAliases of that unit.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.timers.<name>.beforeIf the specified units are started at the same time as this unit, delay them until this unit has started.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.timers.<name>.bindsToLike ‘requires’, but in addition, if the specified units unexpectedly disappear, this unit will be stopped as well.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.timers.<name>.conflictsIf the specified units are started, then this unit is stopped and vice versa.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.timers.<name>.descriptionDescription of this unit used in systemd messages and progress indicators.
Type: (optionally newline-terminated) single-line string
Default: ""
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.timers.<name>.documentationA list of URIs referencing documentation for this unit or its configuration.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.timers.<name>.onFailureA list of one or more units that are activated when this unit enters the "failed" state.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.timers.<name>.onSuccessA list of one or more units that are activated when this unit enters the "inactive" state.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.timers.<name>.overrideStrategyDefines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise a drop-in file name overrides.conf.
asDropin creates a drop-in file named overrides.conf.
Mainly needed to define instances for systemd template units (e.g. systemd-nspawn@mycontainer.service).
See also systemd.unit(1).
Type: one of "asDropinIfExists", "asDropin"
Default: "asDropinIfExists"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.timers.<name>.partOfIf the specified units are stopped or restarted, then this unit is stopped or restarted as well.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.timers.<name>.reloadTriggersAn arbitrary list of items such as derivations. If any item in the list changes between reconfigurations, the service will be reloaded. If anything but a reload trigger changes in the unit file, the unit will be restarted instead.
Type: list of (systemd option)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.timers.<name>.requiredByUnits that require (i.e. depend on and need to go down with) this unit.
As discussed in the wantedBy option description this also creates
.requires symlinks automatically.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.timers.<name>.requiresStart the specified units when this unit is started, and stop this unit when the specified units are stopped or fail.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.timers.<name>.requisiteSimilar to requires. However if the units listed are not started, they will not be started and the transaction will fail.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.timers.<name>.restartTriggersAn arbitrary list of items such as derivations. If any item in the list changes between reconfigurations, the service will be restarted.
Type: list of unspecified value
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.timers.<name>.startLimitBurstConfigure unit start rate limiting. Units which are started more than startLimitBurst times within an interval time interval are not permitted to start any more.
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.timers.<name>.startLimitIntervalSecConfigure unit start rate limiting. Units which are started more than startLimitBurst times within an interval time interval are not permitted to start any more.
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.timers.<name>.timerConfigEach attribute in this set specifies an option in the
[Timer] section of the unit. See
systemd.timer(5) and
systemd.time(7) for details.
Type: attribute set of (systemd option)
Default: { }
Example:
{
OnCalendar = "Sun 14:00:00";
Unit = "foo.service";
}Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.timers.<name>.unitConfigEach attribute in this set specifies an option in the
[Unit] section of the unit. See
systemd.unit(5) for details.
Type: attribute set of (systemd option)
Default: { }
Example:
{
RequiresMountsFor = "/data";
}Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.timers.<name>.wantedByUnits that want (i.e. depend on) this unit. The default method for
starting a unit by default at boot time is to set this option to
'["multi-user.target"]' for system services. Likewise for user units
(systemd.user.<name>.*) set it to ["default.target"] to make a unit
start by default when the user <name> logs on.
This option creates a .wants symlink in the given target that exists
statelessly without the need for running systemctl enable.
The in systemd.unit(5) manpage described [Install] section however is
not supported because it is a stateful process that does not fit well
into the NixOS design.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.timers.<name>.wantsStart the specified units when this unit is started.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.unitsDefinition of systemd per-user units.
Type: attribute set of (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.units.<name>.enableIf set to false, this unit will be a symlink to
/dev/null. This is primarily useful to prevent specific
template instances
(e.g. serial-getty@ttyS0) from being
started. Note that enable=true does not
make a unit start by default at boot; if you want that, see
wantedBy.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.units.<name>.aliasesAliases of that unit.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.units.<name>.overrideStrategyDefines how unit configuration is provided for systemd:
asDropinIfExists creates a unit file when no unit file is provided by the package
otherwise a drop-in file name overrides.conf.
asDropin creates a drop-in file named overrides.conf.
Mainly needed to define instances for systemd template units (e.g. systemd-nspawn@mycontainer.service).
See also systemd.unit(1).
Type: one of "asDropinIfExists", "asDropin"
Default: "asDropinIfExists"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.units.<name>.requiredByUnits that require (i.e. depend on and need to go down with) this unit.
As discussed in the wantedBy option description this also creates
.requires symlinks automatically.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.units.<name>.textText of this systemd unit.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.user.units.<name>.wantedByUnits that want (i.e. depend on) this unit. The default method for
starting a unit by default at boot time is to set this option to
'["multi-user.target"]' for system services. Likewise for user units
(systemd.user.<name>.*) set it to ["default.target"] to make a unit
start by default when the user <name> logs on.
This option creates a .wants symlink in the given target that exists
statelessly without the need for running systemctl enable.
The in systemd.unit(5) manpage described [Install] section however is
not supported because it is a stateful process that does not fit well
into the NixOS design.
Type: list of string matching the pattern [a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd/user.nix>
|
systemd.watchdog.deviceThe path to a hardware watchdog device which will be managed by systemd. If not specified, systemd will default to /dev/watchdog.
Type: null or path
Default: null
Example: "/dev/watchdog"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.watchdog.kexecTimeThe amount of time which can elapse when kexec is being executed before a watchdog hardware device will automatically reboot the system. This option should only be enabled if reloadTime is also enabled. Valid time units include "ms", "s", "min", "h", "d", and "w".
Type: null or string
Default: null
Example: "10m"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.watchdog.rebootTimeThe amount of time which can elapse after a reboot has been triggered before a watchdog hardware device will automatically reboot the system. Valid time units include "ms", "s", "min", "h", "d", and "w".
Type: null or string
Default: null
Example: "10m"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
systemd.watchdog.runtimeTimeThe amount of time which can elapse before a watchdog hardware device will automatically reboot the system. Valid time units include "ms", "s", "min", "h", "d", and "w".
Type: null or string
Default: null
Example: "30s"
Declared by:
<nixpkgs/nixos/modules/system/boot/systemd.nix>
|
time.hardwareClockInLocalTimeIf set, keep the hardware clock in local time instead of UTC.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/config/locale.nix>
|
time.timeZoneThe time zone used when displaying times and dates. See https://en.wikipedia.org/wiki/List_of_tz_database_time_zones for a comprehensive list of possible values for this setting.
If null, the timezone will default to UTC and can be set imperatively using timedatectl.
Type: null or string without spaces
Default: null
Example: "America/New_York"
Declared by:
<nixpkgs/nixos/modules/config/locale.nix>
|
users.allowNoPasswordLoginDisable checking that at least the root user or a user in the wheel group can log in using
a password or an SSH key.
WARNING: enabling this can lock you out of your system. Enable this only if you know what are you doing.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.defaultUserShellThis option defines the default shell assigned to user accounts. This can be either a full system path or a shell package.
This must not be a store path, since the path is used outside the store (in particular in /etc/passwd).
Type: path or package
Example: pkgs.zsh
Declared by:
<nixpkgs/nixos/modules/programs/shadow.nix>
|
users.enforceIdUniquenessWhether to require that no two users/groups share the same uid/gid.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.extraGroupsAlias of users.groups.
Type: attribute set of (submodule)
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.extraGroups.<name>.gidThe group GID. If the GID is null, a free GID is picked on activation.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.extraGroups.<name>.membersThe user names of the group members, added to the
/etc/group file.
Type: list of string, not containing newlines or colons
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.extraGroups.<name>.nameThe name of the group. If undefined, the name of the attribute set will be used.
Type: string, not containing newlines or colons
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.extraUsersAlias of users.users.
Type: attribute set of (submodule)
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.extraUsers.<name>.packagesThe set of packages that should be made available to the user.
This is in contrast to environment.systemPackages,
which adds packages to all users.
Type: list of package
Default: [ ]
Example: [ pkgs.firefox pkgs.thunderbird ]
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.extraUsers.<name>.autoSubUidGidRangeAutomatically allocate subordinate user and group ids for this user. Allocated range is currently always of size 65536.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.extraUsers.<name>.createHomeWhether to create the home directory and ensure ownership as well as permissions to match the user.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.extraUsers.<name>.cryptHomeLuksPath to encrypted luks device that contains the user's home directory.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.extraUsers.<name>.descriptionA short description of the user account, typically the
user's full name. This is actually the “GECOS” or “comment”
field in /etc/passwd.
Type: string, not containing newlines or colons
Default: ""
Example: "Alice Q. User"
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.extraUsers.<name>.extraGroupsThe user's auxiliary groups.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.extraUsers.<name>.groupThe user's primary group.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.extraUsers.<name>.hashedPasswordSpecifies the hashed password for the user.
The options hashedPassword,
password and passwordFile
controls what password is set for the user.
hashedPassword overrides both
password and passwordFile.
password overrides passwordFile.
If none of these three options are set, no password is assigned to
the user, and the user will not be able to do password logins.
If the option users.mutableUsers is true, the
password defined in one of the three options will only be set when
the user is created for the first time. After that, you are free to
change the password with the ordinary user management commands. If
users.mutableUsers is false, you cannot change
user passwords, they will always be set according to the password
options.
To generate a hashed password run mkpasswd.
If set to an empty string (""), this user will
be able to log in without being asked for a password (but not via remote
services such as SSH, or indirectly via su or
sudo). This should only be used for e.g. bootable
live systems. Note: this is different from setting an empty password,
which can be achieved using users.users.<name?>.password.
If set to null (default) this user will not
be able to log in using a password (i.e. via login
command).
Type: null or string, not containing newlines or colons
Default: null
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.extraUsers.<name>.homeThe user's home directory.
Type: path, not containing newlines or colons
Default: "/var/empty"
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.extraUsers.<name>.homeModeThe user's home directory mode in numeric format. See chmod(1). The mode is only applied if users.users.<name>.createHome is true.
Type: string matching the pattern [0-7]{1,5}
Default: "700"
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.extraUsers.<name>.initialHashedPasswordSpecifies the initial hashed password for the user, i.e. the
hashed password assigned if the user does not already
exist. If users.mutableUsers is true, the
password can be changed subsequently using the
passwd command. Otherwise, it's
equivalent to setting the hashedPassword option.
To generate a hashed password run mkpasswd.
If set to an empty string (""), this user will
be able to log in without being asked for a password (but not via remote
services such as SSH, or indirectly via su or
sudo). This should only be used for e.g. bootable
live systems. Note: this is different from setting an empty password,
which can be achieved using users.users.<name?>.password.
If set to null (default) this user will not
be able to log in using a password (i.e. via login
command).
Type: null or string, not containing newlines or colons
Default: null
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.extraUsers.<name>.initialPasswordSpecifies the initial password for the user, i.e. the
password assigned if the user does not already exist. If
users.mutableUsers is true, the password
can be changed subsequently using the
passwd command. Otherwise, it's
equivalent to setting the password
option. The same caveat applies: the password specified here
is world-readable in the Nix store, so it should only be
used for guest accounts or passwords that will be changed
promptly.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.extraUsers.<name>.isNormalUserIndicates whether this is an account for a “real” user. This
automatically sets group to
users, createHome to
true, home to
/home/«username»,
useDefaultShell to true,
and isSystemUser to
false.
Exactly one of isNormalUser and
isSystemUser must be true.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.extraUsers.<name>.isSystemUserIndicates if the user is a system user or not. This option
only has an effect if uid is
null, in which case it determines whether
the user's UID is allocated in the range for system users
(below 500) or in the range for normal users (starting at
1000).
Exactly one of isNormalUser and
isSystemUser must be true.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.extraUsers.<name>.nameThe name of the user account. If undefined, the name of the attribute set will be used.
Type: string, not containing newlines or colons
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.extraUsers.<name>.openssh.authorizedKeys.keyFilesA list of files each containing one OpenSSH public key that should be
added to the user's authorized keys. The contents of the files are
read at build time and added to a file that the SSH daemon reads in
addition to the the user's authorized_keys file. You can combine the
keyFiles and keys options.
Type: list of path
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
|
users.extraUsers.<name>.openssh.authorizedKeys.keysA list of verbatim OpenSSH public keys that should be added to the
user's authorized keys. The keys are added to a file that the SSH
daemon reads in addition to the the user's authorized_keys file.
You can combine the keys and
keyFiles options.
Warning: If you are using NixOps then don't use this
option since it will replace the key required for deployment via ssh.
Type: list of (optionally newline-terminated) single-line string
Default: [ ]
Example:
[ "ssh-rsa AAAAB3NzaC1yc2etc/etc/etcjwrsh8e596z6J0l7 example@host" "ssh-ed25519 AAAAC3NzaCetcetera/etceteraJZMfk3QPfQ foo@bar" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
|
users.extraUsers.<name>.pamMountAttributes for user's entry in
pam_mount.conf.xml.
Useful attributes might include path,
options, fstype, and server.
See http://pam-mount.sourceforge.net/pam_mount.conf.5.html
for more information.
Type: attribute set of string
Default: { }
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.extraUsers.<name>.passwordSpecifies the (clear text) password for the user.
Warning: do not set confidential information here
because it is world-readable in the Nix store. This option
should only be used for public accounts.
The options hashedPassword,
password and passwordFile
controls what password is set for the user.
hashedPassword overrides both
password and passwordFile.
password overrides passwordFile.
If none of these three options are set, no password is assigned to
the user, and the user will not be able to do password logins.
If the option users.mutableUsers is true, the
password defined in one of the three options will only be set when
the user is created for the first time. After that, you are free to
change the password with the ordinary user management commands. If
users.mutableUsers is false, you cannot change
user passwords, they will always be set according to the password
options.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.extraUsers.<name>.passwordFileThe full path to a file that contains the user's password. The password
file is read on each system activation. The file should contain
exactly one line, which should be the password in an encrypted form
that is suitable for the chpasswd -e command.
The options hashedPassword,
password and passwordFile
controls what password is set for the user.
hashedPassword overrides both
password and passwordFile.
password overrides passwordFile.
If none of these three options are set, no password is assigned to
the user, and the user will not be able to do password logins.
If the option users.mutableUsers is true, the
password defined in one of the three options will only be set when
the user is created for the first time. After that, you are free to
change the password with the ordinary user management commands. If
users.mutableUsers is false, you cannot change
user passwords, they will always be set according to the password
options.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.extraUsers.<name>.shellThe path to the user's shell. Can use shell derivations,
like pkgs.bashInteractive. Don’t
forget to enable your shell in
programs if necessary,
like programs.zsh.enable = true;.
Type: null or package or path, not containing newlines or colons
Default: pkgs.shadow
Example: pkgs.bashInteractive
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.extraUsers.<name>.subGidRangesSubordinate group ids that user is allowed to use.
They are set into /etc/subgid and are used
by newgidmap for user namespaces.
Type: list of (submodule)
Default: [ ]
Example:
[
{
count = 1;
startGid = 100;
}
{
count = 999;
startGid = 1001;
}
]Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.extraUsers.<name>.subGidRanges.*.countCount of subordinate group ids
Type: signed integer
Default: 1
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.extraUsers.<name>.subGidRanges.*.startGidStart of the range of subordinate group ids that user is allowed to use.
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.extraUsers.<name>.subUidRangesSubordinate user ids that user is allowed to use.
They are set into /etc/subuid and are used
by newuidmap for user namespaces.
Type: list of (submodule)
Default: [ ]
Example:
[
{
count = 1;
startUid = 1000;
}
{
count = 65534;
startUid = 100001;
}
]Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.extraUsers.<name>.subUidRanges.*.countCount of subordinate user ids
Type: signed integer
Default: 1
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.extraUsers.<name>.subUidRanges.*.startUidStart of the range of subordinate user ids that user is allowed to use.
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.extraUsers.<name>.uidThe account UID. If the UID is null, a free UID is picked on activation.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.extraUsers.<name>.useDefaultShellIf true, the user's shell will be set to
users.defaultUserShell.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.groupsAdditional groups to be created automatically by the system.
Type: attribute set of (submodule)
Default: { }
Example:
{
hackers = { };
students = {
gid = 1001;
};
}Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.groups.<name>.gidThe group GID. If the GID is null, a free GID is picked on activation.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.groups.<name>.membersThe user names of the group members, added to the
/etc/group file.
Type: list of string, not containing newlines or colons
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.groups.<name>.nameThe name of the group. If undefined, the name of the attribute set will be used.
Type: string, not containing newlines or colons
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.ldap.enableWhether to enable authentication against an LDAP server.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/config/ldap.nix>
|
users.ldap.baseThe distinguished name of the search base.
Type: string
Example: "dc=example,dc=org"
Declared by:
<nixpkgs/nixos/modules/config/ldap.nix>
|
users.ldap.bind.distinguishedNameThe distinguished name to bind to the LDAP server with. If this is not specified, an anonymous bind will be done.
Type: string
Default: ""
Example: "cn=admin,dc=example,dc=com"
Declared by:
<nixpkgs/nixos/modules/config/ldap.nix>
|
users.ldap.bind.passwordFileThe path to a file containing the credentials to use when binding to the LDAP server (if not binding anonymously).
Type: string
Default: "/etc/ldap/bind.password"
Declared by:
<nixpkgs/nixos/modules/config/ldap.nix>
|
users.ldap.bind.policySpecifies the policy to use for reconnecting to an unavailable
LDAP server. The default is hard_open, which
reconnects if opening the connection to the directory server
failed. By contrast, hard_init reconnects if
initializing the connection failed. Initializing may not
actually contact the directory server, and it is possible that
a malformed configuration file will trigger reconnection. If
soft is specified, then
nss_ldap will return immediately on server
failure. All hard reconnect policies block with exponential
backoff before retrying.
Type: one of "hard_open", "hard_init", "soft"
Default: "hard_open"
Declared by:
<nixpkgs/nixos/modules/config/ldap.nix>
|
users.ldap.bind.timeLimitSpecifies the time limit (in seconds) to use when connecting
to the directory server. This is distinct from the time limit
specified in users.ldap.timeLimit and affects
the initial server connection only.
Type: signed integer
Default: 30
Declared by:
<nixpkgs/nixos/modules/config/ldap.nix>
|
users.ldap.daemon.enableWhether to let the nslcd daemon (nss-pam-ldapd) handle the LDAP lookups for NSS and PAM. This can improve performance, and if you need to bind to the LDAP server with a password, it increases security, since only the nslcd user needs to have access to the bindpw file, not everyone that uses NSS and/or PAM. If this option is enabled, a local nscd user is created automatically, and the nslcd service is started automatically when the network get up.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/config/ldap.nix>
|
users.ldap.daemon.extraConfigExtra configuration options that will be added verbatim at
the end of the nslcd configuration file (nslcd.conf(5)).
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/config/ldap.nix>
|
users.ldap.daemon.rootpwmoddnThe distinguished name to use to bind to the LDAP server when the root user tries to modify a user's password.
Type: string
Default: ""
Example: "cn=admin,dc=example,dc=com"
Declared by:
<nixpkgs/nixos/modules/config/ldap.nix>
|
users.ldap.daemon.rootpwmodpwFileThe path to a file containing the credentials with which to bind to the LDAP server if the root user tries to change a user's password.
Type: string
Default: ""
Example: "/run/keys/nslcd.rootpwmodpw"
Declared by:
<nixpkgs/nixos/modules/config/ldap.nix>
|
users.ldap.extraConfigExtra configuration options that will be added verbatim at
the end of the ldap configuration file (ldap.conf(5)).
If users.ldap.daemon is enabled, this
configuration will not be used. In that case, use
users.ldap.daemon.extraConfig instead.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/config/ldap.nix>
|
users.ldap.loginPamWhether to include authentication against LDAP in login PAM.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/config/ldap.nix>
|
users.ldap.nsswitchWhether to include lookup against LDAP in NSS.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/config/ldap.nix>
|
users.ldap.serverThe URL of the LDAP server.
Type: string
Example: "ldap://ldap.example.org/"
Declared by:
<nixpkgs/nixos/modules/config/ldap.nix>
|
users.ldap.timeLimitSpecifies the time limit (in seconds) to use when performing searches. A value of zero (0), which is the default, is to wait indefinitely for searches to be completed.
Type: signed integer
Default: 0
Declared by:
<nixpkgs/nixos/modules/config/ldap.nix>
|
users.ldap.useTLSIf enabled, use TLS (encryption) over an LDAP (port 389)
connection. The alternative is to specify an LDAPS server (port
636) in users.ldap.server or to forego
security.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/config/ldap.nix>
|
users.motdMessage of the day shown to users when they log in.
Type: null or strings concatenated with "\n"
Default: null
Example: "Today is Sweetmorn, the 4th day of The Aftermath in the YOLD 3178."
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
users.motdFileA file containing the message of the day shown to users when they log in.
Type: null or path
Default: null
Example: "/etc/motd"
Declared by:
<nixpkgs/nixos/modules/security/pam.nix>
|
users.mutableUsersIf set to true, you are free to add new users and groups to the system
with the ordinary useradd and
groupadd commands. On system activation, the
existing contents of the /etc/passwd and
/etc/group files will be merged with the
contents generated from the users.users and
users.groups options.
The initial password for a user will be set
according to users.users, but existing passwords
will not be changed.
If set to false, the contents of the user and
group files will simply be replaced on system activation. This also
holds for the user passwords; all changed
passwords will be reset according to the
users.users configuration on activation.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.mysql.enableWhether to enable Authentication against a MySQL/MariaDB database.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/config/mysql.nix>
|
users.mysql.databaseThe name of the database containing the users
Type: string
Example: "auth"
Declared by:
<nixpkgs/nixos/modules/config/mysql.nix>
|
users.mysql.hostThe hostname of the MySQL/MariaDB server
Type: string
Example: "localhost"
Declared by:
<nixpkgs/nixos/modules/config/mysql.nix>
|
users.mysql.nssSettings for libnss-mysql.
All examples are from the minimal example
of libnss-mysql, but they are modified with NixOS paths for bash.
Type: submodule
Declared by:
<nixpkgs/nixos/modules/config/mysql.nix>
|
users.mysql.nss.getgrentSQL query for the getgrent syscall.
Type: null or string
Default: null
Example:
SELECT name,password,gid FROM groups
Declared by:
<nixpkgs/nixos/modules/config/mysql.nix>
|
users.mysql.nss.getgrgidSQL query for the getgrgid syscall.
Type: null or string
Default: null
Example:
SELECT name,password,gid FROM groups WHERE gid='%1$u' LIMIT 1
Declared by:
<nixpkgs/nixos/modules/config/mysql.nix>
|
users.mysql.nss.getgrnamSQL query for the getgrnam syscall.
Type: null or string
Default: null
Example:
SELECT name,password,gid FROM groups WHERE name='%1$s' LIMIT 1
Declared by:
<nixpkgs/nixos/modules/config/mysql.nix>
|
users.mysql.nss.getpwentSQL query for the getpwent syscall.
Type: null or string
Default: null
Example:
SELECT username,'x',uid,'5000','MySQL User', CONCAT('/home/',username),'/run/sw/current-system/bin/bash' FROM users
Declared by:
<nixpkgs/nixos/modules/config/mysql.nix>
|
users.mysql.nss.getpwnamSQL query for the getpwnam syscall.
Type: null or string
Default: null
Example:
SELECT username,'x',uid,'5000','MySQL User', CONCAT('/home/',username),'/run/sw/current-system/bin/bash' \
FROM users \
WHERE username='%1$s' \
LIMIT 1
Declared by:
<nixpkgs/nixos/modules/config/mysql.nix>
|
users.mysql.nss.getpwuidSQL query for the getpwuid syscall.
Type: null or string
Default: null
Example:
SELECT username,'x',uid,'5000','MySQL User', CONCAT('/home/',username),'/run/sw/current-system/bin/bash' \
FROM users \
WHERE uid='%1$u' \
LIMIT 1
Declared by:
<nixpkgs/nixos/modules/config/mysql.nix>
|
users.mysql.nss.getspentSQL query for the getspent syscall.
Type: null or string
Default: null
Example:
SELECT username,password,'1','0','99999','0','0','-1','0' FROM users
Declared by:
<nixpkgs/nixos/modules/config/mysql.nix>
|
users.mysql.nss.getspnamSQL query for the getspnam syscall.
Type: null or string
Default: null
Example:
SELECT username,password,'1','0','99999','0','0','-1','0' \ FROM users \ WHERE username='%1$s' \ LIMIT 1
Declared by:
<nixpkgs/nixos/modules/config/mysql.nix>
|
users.mysql.nss.gidsbymemSQL query for the gidsbymem syscall.
Type: null or string
Default: null
Example:
SELECT gid FROM grouplist WHERE username='%1$s'
Declared by:
<nixpkgs/nixos/modules/config/mysql.nix>
|
users.mysql.nss.memsbygidSQL query for the memsbygid syscall.
Type: null or string
Default: null
Example:
SELECT username FROM grouplist WHERE gid='%1$u'
Declared by:
<nixpkgs/nixos/modules/config/mysql.nix>
|
users.mysql.pamSettings for pam_mysql
Type: submodule
Declared by:
<nixpkgs/nixos/modules/config/mysql.nix>
|
users.mysql.pam.cryptDefaultThe default encryption method to use for passwordCrypt = 1.
Type: null or one of "md5", "sha256", "sha512", "blowfish"
Default: null
Example: "blowfish"
Declared by:
<nixpkgs/nixos/modules/config/mysql.nix>
|
users.mysql.pam.disconnectEveryOperationBy default, pam_mysql keeps the connection to the MySQL
database until the session is closed. If this option is set to true it
disconnects every time the PAM operation has finished. This option may
be useful in case the session lasts quite long.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/config/mysql.nix>
|
users.mysql.pam.logging.enableEnables logging of authentication attempts in the MySQL database.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/config/mysql.nix>
|
users.mysql.pam.logging.hostColumnThe name of the column in the log table to which the name of the user being authenticated is stored.
Type: string
Example: "host"
Declared by:
<nixpkgs/nixos/modules/config/mysql.nix>
|
users.mysql.pam.logging.msgColumnThe name of the column in the log table to which the description of the performed operation is stored.
Type: string
Example: "msg"
Declared by:
<nixpkgs/nixos/modules/config/mysql.nix>
|
users.mysql.pam.logging.pidColumnThe name of the column in the log table to which the pid of the
process utilising the pam_mysql's authentication
service is stored.
Type: string
Example: "pid"
Declared by:
<nixpkgs/nixos/modules/config/mysql.nix>
|
users.mysql.pam.logging.rHostColumnThe name of the column in the log table to which the name of the remote
host that initiates the session is stored. The value is supposed to be
set by the PAM-aware application with pam_set_item(PAM_RHOST).
Type: string
Example: "rhost"
Declared by:
<nixpkgs/nixos/modules/config/mysql.nix>
|
users.mysql.pam.logging.tableThe name of the table to which logs are written.
Type: string
Example: "logs"
Declared by:
<nixpkgs/nixos/modules/config/mysql.nix>
|
users.mysql.pam.logging.timeColumnThe name of the column in the log table to which the timestamp of the log entry is stored.
Type: string
Example: "timestamp"
Declared by:
<nixpkgs/nixos/modules/config/mysql.nix>
|
users.mysql.pam.logging.userColumnThe name of the column in the log table to which the name of the user being authenticated is stored.
Type: string
Example: "user"
Declared by:
<nixpkgs/nixos/modules/config/mysql.nix>
|
users.mysql.pam.passwordColumnThe name of the column that contains a (encrypted) password string.
Type: string
Example: "password"
Declared by:
<nixpkgs/nixos/modules/config/mysql.nix>
|
users.mysql.pam.passwordCryptThe method to encrypt the user's password:
0 (or "plain"):
No encryption. Passwords are stored in plaintext. HIGHLY DISCOURAGED.
1 (or "Y"):
Use crypt(3) function.
2 (or "mysql"):
Use the MySQL PASSWORD() function. It is possible that the encryption function used
by pam_mysql is different from that of the MySQL server, as
pam_mysql uses the function defined in MySQL's C-client API
instead of using PASSWORD() SQL function in the query.
3 (or "md5"):
Use plain hex MD5.
4 (or "sha1"):
Use plain hex SHA1.
5 (or "drupal7"):
Use Drupal7 salted passwords.
6 (or "joomla15"):
Use Joomla15 salted passwords.
7 (or "ssha"):
Use ssha hashed passwords.
8 (or "sha512"):
Use sha512 hashed passwords.
9 (or "sha256"):
Use sha256 hashed passwords.
Type: one of "0", "plain", "1", "Y", "2", "mysql", "3", "md5", "4", "sha1", "5", "drupal7", "6", "joomla15", "7", "ssha", "8", "sha512", "9", "sha256"
Example: "2"
Declared by:
<nixpkgs/nixos/modules/config/mysql.nix>
|
users.mysql.pam.statusColumnThe name of the column or an SQL expression that indicates the status of the user. The status is expressed by the combination of two bitfields shown below:
bit 0 (0x01):
if flagged, pam_mysql deems the account to be expired and
returns PAM_ACCT_EXPIRED. That is, the account is supposed
to no longer be available. Note this doesn't mean that pam_mysql
rejects further authentication operations.
bit 1 (0x02):
if flagged, pam_mysql deems the authentication token
(password) to be expired and returns PAM_NEW_AUTHTOK_REQD.
This ends up requiring that the user enter a new password.
Type: null or string
Default: null
Example: "status"
Declared by:
<nixpkgs/nixos/modules/config/mysql.nix>
|
users.mysql.pam.tableThe name of table that maps unique login names to the passwords.
Type: string
Example: "users"
Declared by:
<nixpkgs/nixos/modules/config/mysql.nix>
|
users.mysql.pam.updateTableThe name of the table used for password alteration. If not defined, the value
of the table option will be used instead.
Type: null or string
Default: null
Example: "users_updates"
Declared by:
<nixpkgs/nixos/modules/config/mysql.nix>
|
users.mysql.pam.userColumnThe name of the column that contains a unix login name.
Type: string
Example: "username"
Declared by:
<nixpkgs/nixos/modules/config/mysql.nix>
|
users.mysql.pam.verboseIf enabled, produces logs with detailed messages that describes what
pam_mysql is doing. May be useful for debugging.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/config/mysql.nix>
|
users.mysql.pam.whereAdditional criteria for the query.
Type: null or string
Default: null
Example: "host.name='web' AND user.active=1"
Declared by:
<nixpkgs/nixos/modules/config/mysql.nix>
|
users.mysql.passwordFileThe path to the file containing the password for the user
Type: path
Example: "/run/secrets/mysql-auth-db-passwd"
Declared by:
<nixpkgs/nixos/modules/config/mysql.nix>
|
users.mysql.userThe username to use when connecting to the database
Type: string
Example: "nss-user"
Declared by:
<nixpkgs/nixos/modules/config/mysql.nix>
|
users.usersAdditional user accounts to be created automatically by the system. This can also be used to set options for root.
Type: attribute set of (submodule)
Default: { }
Example:
{
alice = {
createHome = true;
description = "Alice Q. User";
extraGroups = [
"wheel"
];
group = "users";
home = "/home/alice";
shell = "/bin/sh";
uid = 1234;
};
}Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
|
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.users.<name>.packagesThe set of packages that should be made available to the user.
This is in contrast to environment.systemPackages,
which adds packages to all users.
Type: list of package
Default: [ ]
Example: [ pkgs.firefox pkgs.thunderbird ]
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.users.<name>.autoSubUidGidRangeAutomatically allocate subordinate user and group ids for this user. Allocated range is currently always of size 65536.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.users.<name>.createHomeWhether to create the home directory and ensure ownership as well as permissions to match the user.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.users.<name>.cryptHomeLuksPath to encrypted luks device that contains the user's home directory.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.users.<name>.descriptionA short description of the user account, typically the
user's full name. This is actually the “GECOS” or “comment”
field in /etc/passwd.
Type: string, not containing newlines or colons
Default: ""
Example: "Alice Q. User"
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.users.<name>.extraGroupsThe user's auxiliary groups.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.users.<name>.groupThe user's primary group.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.users.<name>.hashedPasswordSpecifies the hashed password for the user.
The options hashedPassword,
password and passwordFile
controls what password is set for the user.
hashedPassword overrides both
password and passwordFile.
password overrides passwordFile.
If none of these three options are set, no password is assigned to
the user, and the user will not be able to do password logins.
If the option users.mutableUsers is true, the
password defined in one of the three options will only be set when
the user is created for the first time. After that, you are free to
change the password with the ordinary user management commands. If
users.mutableUsers is false, you cannot change
user passwords, they will always be set according to the password
options.
To generate a hashed password run mkpasswd.
If set to an empty string (""), this user will
be able to log in without being asked for a password (but not via remote
services such as SSH, or indirectly via su or
sudo). This should only be used for e.g. bootable
live systems. Note: this is different from setting an empty password,
which can be achieved using users.users.<name?>.password.
If set to null (default) this user will not
be able to log in using a password (i.e. via login
command).
Type: null or string, not containing newlines or colons
Default: null
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.users.<name>.homeThe user's home directory.
Type: path, not containing newlines or colons
Default: "/var/empty"
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.users.<name>.homeModeThe user's home directory mode in numeric format. See chmod(1). The mode is only applied if users.users.<name>.createHome is true.
Type: string matching the pattern [0-7]{1,5}
Default: "700"
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.users.<name>.initialHashedPasswordSpecifies the initial hashed password for the user, i.e. the
hashed password assigned if the user does not already
exist. If users.mutableUsers is true, the
password can be changed subsequently using the
passwd command. Otherwise, it's
equivalent to setting the hashedPassword option.
To generate a hashed password run mkpasswd.
If set to an empty string (""), this user will
be able to log in without being asked for a password (but not via remote
services such as SSH, or indirectly via su or
sudo). This should only be used for e.g. bootable
live systems. Note: this is different from setting an empty password,
which can be achieved using users.users.<name?>.password.
If set to null (default) this user will not
be able to log in using a password (i.e. via login
command).
Type: null or string, not containing newlines or colons
Default: null
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.users.<name>.initialPasswordSpecifies the initial password for the user, i.e. the
password assigned if the user does not already exist. If
users.mutableUsers is true, the password
can be changed subsequently using the
passwd command. Otherwise, it's
equivalent to setting the password
option. The same caveat applies: the password specified here
is world-readable in the Nix store, so it should only be
used for guest accounts or passwords that will be changed
promptly.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.users.<name>.isNormalUserIndicates whether this is an account for a “real” user. This
automatically sets group to
users, createHome to
true, home to
/home/«username»,
useDefaultShell to true,
and isSystemUser to
false.
Exactly one of isNormalUser and
isSystemUser must be true.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.users.<name>.isSystemUserIndicates if the user is a system user or not. This option
only has an effect if uid is
null, in which case it determines whether
the user's UID is allocated in the range for system users
(below 500) or in the range for normal users (starting at
1000).
Exactly one of isNormalUser and
isSystemUser must be true.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.users.<name>.nameThe name of the user account. If undefined, the name of the attribute set will be used.
Type: string, not containing newlines or colons
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.users.<name>.openssh.authorizedKeys.keyFilesA list of files each containing one OpenSSH public key that should be
added to the user's authorized keys. The contents of the files are
read at build time and added to a file that the SSH daemon reads in
addition to the the user's authorized_keys file. You can combine the
keyFiles and keys options.
Type: list of path
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
|
users.users.<name>.openssh.authorizedKeys.keysA list of verbatim OpenSSH public keys that should be added to the
user's authorized keys. The keys are added to a file that the SSH
daemon reads in addition to the the user's authorized_keys file.
You can combine the keys and
keyFiles options.
Warning: If you are using NixOps then don't use this
option since it will replace the key required for deployment via ssh.
Type: list of (optionally newline-terminated) single-line string
Default: [ ]
Example:
[ "ssh-rsa AAAAB3NzaC1yc2etc/etc/etcjwrsh8e596z6J0l7 example@host" "ssh-ed25519 AAAAC3NzaCetcetera/etceteraJZMfk3QPfQ foo@bar" ]
Declared by:
<nixpkgs/nixos/modules/services/networking/ssh/sshd.nix>
|
users.users.<name>.pamMountAttributes for user's entry in
pam_mount.conf.xml.
Useful attributes might include path,
options, fstype, and server.
See http://pam-mount.sourceforge.net/pam_mount.conf.5.html
for more information.
Type: attribute set of string
Default: { }
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.users.<name>.passwordSpecifies the (clear text) password for the user.
Warning: do not set confidential information here
because it is world-readable in the Nix store. This option
should only be used for public accounts.
The options hashedPassword,
password and passwordFile
controls what password is set for the user.
hashedPassword overrides both
password and passwordFile.
password overrides passwordFile.
If none of these three options are set, no password is assigned to
the user, and the user will not be able to do password logins.
If the option users.mutableUsers is true, the
password defined in one of the three options will only be set when
the user is created for the first time. After that, you are free to
change the password with the ordinary user management commands. If
users.mutableUsers is false, you cannot change
user passwords, they will always be set according to the password
options.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.users.<name>.passwordFileThe full path to a file that contains the user's password. The password
file is read on each system activation. The file should contain
exactly one line, which should be the password in an encrypted form
that is suitable for the chpasswd -e command.
The options hashedPassword,
password and passwordFile
controls what password is set for the user.
hashedPassword overrides both
password and passwordFile.
password overrides passwordFile.
If none of these three options are set, no password is assigned to
the user, and the user will not be able to do password logins.
If the option users.mutableUsers is true, the
password defined in one of the three options will only be set when
the user is created for the first time. After that, you are free to
change the password with the ordinary user management commands. If
users.mutableUsers is false, you cannot change
user passwords, they will always be set according to the password
options.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.users.<name>.shellThe path to the user's shell. Can use shell derivations,
like pkgs.bashInteractive. Don’t
forget to enable your shell in
programs if necessary,
like programs.zsh.enable = true;.
Type: null or package or path, not containing newlines or colons
Default: pkgs.shadow
Example: pkgs.bashInteractive
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.users.<name>.subGidRangesSubordinate group ids that user is allowed to use.
They are set into /etc/subgid and are used
by newgidmap for user namespaces.
Type: list of (submodule)
Default: [ ]
Example:
[
{
count = 1;
startGid = 100;
}
{
count = 999;
startGid = 1001;
}
]Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.users.<name>.subGidRanges.*.countCount of subordinate group ids
Type: signed integer
Default: 1
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.users.<name>.subGidRanges.*.startGidStart of the range of subordinate group ids that user is allowed to use.
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.users.<name>.subUidRangesSubordinate user ids that user is allowed to use.
They are set into /etc/subuid and are used
by newuidmap for user namespaces.
Type: list of (submodule)
Default: [ ]
Example:
[
{
count = 1;
startUid = 1000;
}
{
count = 65534;
startUid = 100001;
}
]Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.users.<name>.subUidRanges.*.countCount of subordinate user ids
Type: signed integer
Default: 1
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.users.<name>.subUidRanges.*.startUidStart of the range of subordinate user ids that user is allowed to use.
Type: signed integer
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.users.<name>.uidThe account UID. If the UID is null, a free UID is picked on activation.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
users.users.<name>.useDefaultShellIf true, the user's shell will be set to
users.defaultUserShell.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/config/users-groups.nix>
|
virtualisation.additionalPathsA list of paths whose closure should be made available to the VM.
When 9p is used, the closure is registered in the Nix database in the VM. All other paths in the host Nix store appear in the guest Nix store as well, but are considered garbage (because they are not registered in the Nix database of the guest).
When virtualisation.useNixStoreImage is
set, the closure is copied to the Nix store image.
Type: list of path
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
|
virtualisation.anbox.enableWhether to enable Anbox.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/virtualisation/anbox.nix>
|
virtualisation.anbox.extraInitExtra shell commands to be run inside the container image during init.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/virtualisation/anbox.nix>
|
virtualisation.anbox.imageBase android image for Anbox.
Type: package
Default: pkgs.anbox.image
Declared by:
<nixpkgs/nixos/modules/virtualisation/anbox.nix>
|
virtualisation.anbox.ipv4.container.addressIPv4 Container address.
Type: string
Default: "192.168.250.2"
Declared by:
<nixpkgs/nixos/modules/virtualisation/anbox.nix>
|
virtualisation.anbox.ipv4.container.prefixLengthSubnet mask of the Container address, specified as the number of
bits in the prefix (24).
Type: signed integer
Default: 24
Declared by:
<nixpkgs/nixos/modules/virtualisation/anbox.nix>
|
virtualisation.anbox.ipv4.dnsContainer DNS server.
Type: string
Default: "1.1.1.1"
Declared by:
<nixpkgs/nixos/modules/virtualisation/anbox.nix>
|
virtualisation.anbox.ipv4.gateway.addressIPv4 Host address.
Type: string
Default: "192.168.250.1"
Declared by:
<nixpkgs/nixos/modules/virtualisation/anbox.nix>
|
virtualisation.anbox.ipv4.gateway.prefixLengthSubnet mask of the Host address, specified as the number of
bits in the prefix (24).
Type: signed integer
Default: 24
Declared by:
<nixpkgs/nixos/modules/virtualisation/anbox.nix>
|
virtualisation.appvm.enableThis enables AppVMs and related virtualisation settings.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/virtualisation/appvm.nix>
|
virtualisation.appvm.userAppVM user login. Currently only AppVMs are supported for a single user only.
Type: string
Declared by:
<nixpkgs/nixos/modules/virtualisation/appvm.nix>
|
virtualisation.biosAn alternate BIOS (such as qboot) with which to start the VM.
Should contain a file named bios.bin.
If null, QEMU's builtin SeaBIOS will be used.
Type: null or package
Default: null
Declared by:
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
|
virtualisation.bootDeviceThe disk to be used for the root filesystem.
Type: path
Example: "/dev/vda"
Declared by:
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
|
virtualisation.containerd.enableWhether to enable containerd container runtime.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/virtualisation/containerd.nix>
|
virtualisation.containerd.argsextra args to append to the containerd cmdline
Type: attribute set of string
Default: { }
Declared by:
<nixpkgs/nixos/modules/virtualisation/containerd.nix>
|
virtualisation.containerd.configFilePath to containerd config file. Setting this option will override any configuration applied by the settings option.
Type: null or path
Default: null
Declared by:
<nixpkgs/nixos/modules/virtualisation/containerd.nix>
|
virtualisation.containerd.settingsVerbatim lines to add to containerd.toml
Type: TOML value
Default: { }
Declared by:
<nixpkgs/nixos/modules/virtualisation/containerd.nix>
|
virtualisation.containers.enableThis option enables the common /etc/containers configuration module.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/virtualisation/containers.nix>
|
virtualisation.containers.containersConf.cniPluginsCNI plugins to install on the system.
Type: list of package
Example:
[ pkgs.cniPlugins.dnsname ]
Declared by:
<nixpkgs/nixos/modules/virtualisation/containers.nix>
|
virtualisation.containers.containersConf.settingscontainers.conf configuration
Type: TOML value
Default: { }
Declared by:
<nixpkgs/nixos/modules/virtualisation/containers.nix>
|
virtualisation.containers.ociSeccompBpfHook.enableEnable the OCI seccomp BPF hook
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/virtualisation/containers.nix>
|
virtualisation.containers.policySignature verification policy file.
If this option is empty the default policy file from
skopeo will be used.
Type: attribute set
Default: { }
Example:
{
default = [ { type = "insecureAcceptAnything"; } ];
transports = {
docker-daemon = {
"" = [ { type = "insecureAcceptAnything"; } ];
};
};
}
Declared by:
<nixpkgs/nixos/modules/virtualisation/containers.nix>
|
virtualisation.containers.registries.blockList of blocked repositories.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/virtualisation/containers.nix>
|
virtualisation.containers.registries.insecureList of insecure repositories.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/virtualisation/containers.nix>
|
virtualisation.containers.registries.searchList of repositories to search.
Type: list of string
Default:
[ "docker.io" "quay.io" ]
Declared by:
<nixpkgs/nixos/modules/virtualisation/containers.nix>
|
virtualisation.containers.storage.settingsstorage.conf configuration
Type: TOML value
Default:
{
storage = {
driver = "overlay";
graphroot = "/var/lib/containers/storage";
runroot = "/run/containers/storage";
};
}Declared by:
<nixpkgs/nixos/modules/virtualisation/containers.nix>
|
virtualisation.coresSpecify the number of cores the guest is permitted to use. The number can be higher than the available cores on the host system.
Type: positive integer, meaning >0
Default: 1
Declared by:
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
|
virtualisation.cri-o.enableWhether to enable Container Runtime Interface for OCI (CRI-O).
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/virtualisation/cri-o.nix>
|
virtualisation.cri-o.extraPackagesExtra packages to be installed in the CRI-O wrapper.
Type: list of package
Default: [ ]
Example:
[ pkgs.gvisor ]
Declared by:
<nixpkgs/nixos/modules/virtualisation/cri-o.nix>
|
virtualisation.cri-o.logLevelLog level to be used
Type: one of "trace", "debug", "info", "warn", "error", "fatal"
Default: "info"
Declared by:
<nixpkgs/nixos/modules/virtualisation/cri-o.nix>
|
virtualisation.cri-o.pauseCommandOverride the default pause command
Type: null or string
Default: null
Example: "/pause"
Declared by:
<nixpkgs/nixos/modules/virtualisation/cri-o.nix>
|
virtualisation.cri-o.pauseImageOverride the default pause image for pod sandboxes
Type: null or string
Default: null
Example: "k8s.gcr.io/pause:3.2"
Declared by:
<nixpkgs/nixos/modules/virtualisation/cri-o.nix>
|
virtualisation.cri-o.runtimeOverride the default runtime
Type: null or string
Default: null
Example: "crun"
Declared by:
<nixpkgs/nixos/modules/virtualisation/cri-o.nix>
|
virtualisation.cri-o.settingsConfiguration for cri-o, see https://github.com/cri-o/cri-o/blob/master/docs/crio.conf.5.md.
Type: TOML value
Default: { }
Declared by:
<nixpkgs/nixos/modules/virtualisation/cri-o.nix>
|
virtualisation.cri-o.storageDriverStorage driver to be used
Type: one of "btrfs", "overlay", "vfs"
Default: "overlay"
Declared by:
<nixpkgs/nixos/modules/virtualisation/cri-o.nix>
|
virtualisation.diskImagePath to the disk image containing the root filesystem. The image will be created on startup if it does not exist.
Type: string
Default: "./${config.system.name}.qcow2"
Declared by:
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
|
virtualisation.diskSizeThe disk size in megabytes of the virtual machine.
Type: null or positive integer, meaning >0
Default: 1024
Declared by:
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
|
virtualisation.docker.enableThis option enables docker, a daemon that manages linux containers. Users in the "docker" group can interact with the daemon (e.g. to start or stop containers) using the docker command line tool.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/virtualisation/docker.nix>
|
virtualisation.docker.enableNvidiaEnable nvidia-docker wrapper, supporting NVIDIA GPUs inside docker containers.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/virtualisation/docker.nix>
|
virtualisation.docker.enableOnBootWhen enabled dockerd is started on boot. This is required for
containers which are created with the
--restart=always flag to work. If this option is
disabled, docker might be started on demand by socket activation.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/virtualisation/docker.nix>
|
virtualisation.docker.packageDocker package to be used in the module.
Type: package
Default: pkgs.docker
Declared by:
<nixpkgs/nixos/modules/virtualisation/docker.nix>
|
virtualisation.docker.autoPrune.enableWhether to periodically prune Docker resources. If enabled, a
systemd timer will run docker system prune -f
as specified by the dates option.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/virtualisation/docker.nix>
|
virtualisation.docker.autoPrune.datesSpecification (in the format described by systemd.time(7)) of the time at which the prune will occur.
Type: string
Default: "weekly"
Declared by:
<nixpkgs/nixos/modules/virtualisation/docker.nix>
|
virtualisation.docker.autoPrune.flagsAny additional flags passed to docker system prune.
Type: list of string
Default: [ ]
Example:
[ "--all" ]
Declared by:
<nixpkgs/nixos/modules/virtualisation/docker.nix>
|
virtualisation.docker.daemon.settingsConfiguration for docker daemon. The attributes are serialized to JSON used as daemon.conf. See https://docs.docker.com/engine/reference/commandline/dockerd/#daemon-configuration-file
Type: JSON value
Default: { }
Example:
{
fixed-cidr-v6 = "fd00::/80";
ipv6 = true;
}Declared by:
<nixpkgs/nixos/modules/virtualisation/docker.nix>
|
virtualisation.docker.extraOptionsThe extra command-line options to pass to docker daemon.
Type: strings concatenated with " "
Default: ""
Declared by:
<nixpkgs/nixos/modules/virtualisation/docker.nix>
|
virtualisation.docker.listenOptionsA list of unix and tcp docker should listen to. The format follows ListenStream as described in systemd.socket(5).
Type: list of string
Default:
[ "/run/docker.sock" ]
Declared by:
<nixpkgs/nixos/modules/virtualisation/docker.nix>
|
virtualisation.docker.liveRestoreAllow dockerd to be restarted without affecting running container. This option is incompatible with docker swarm.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/virtualisation/docker.nix>
|
virtualisation.docker.logDriverThis option determines which Docker log driver to use.
Type: one of "none", "json-file", "syslog", "journald", "gelf", "fluentd", "awslogs", "splunk", "etwlogs", "gcplogs"
Default: "journald"
Declared by:
<nixpkgs/nixos/modules/virtualisation/docker.nix>
|
virtualisation.docker.rootless.enableThis option enables docker in a rootless mode, a daemon that manages linux containers. To interact with the daemon, one needs to set DOCKER_HOST=unix://$XDG_RUNTIME_DIR/docker.sock.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/virtualisation/docker-rootless.nix>
|
virtualisation.docker.rootless.packageDocker package to be used in the module.
Type: package
Default: pkgs.docker
Declared by:
<nixpkgs/nixos/modules/virtualisation/docker-rootless.nix>
|
virtualisation.docker.rootless.daemon.settingsConfiguration for docker daemon. The attributes are serialized to JSON used as daemon.conf. See https://docs.docker.com/engine/reference/commandline/dockerd/#daemon-configuration-file
Type: JSON value
Default: { }
Example:
{
fixed-cidr-v6 = "fd00::/80";
ipv6 = true;
}Declared by:
<nixpkgs/nixos/modules/virtualisation/docker-rootless.nix>
|
virtualisation.docker.rootless.setSocketVariablePoint DOCKER_HOST to rootless Docker instance for normal users by default.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/virtualisation/docker-rootless.nix>
|
virtualisation.docker.storageDriverThis option determines which Docker storage driver to use. By default it let's docker automatically choose preferred storage driver.
Type: null or one of "aufs", "btrfs", "devicemapper", "overlay", "overlay2", "zfs"
Default: null
Declared by:
<nixpkgs/nixos/modules/virtualisation/docker.nix>
|
virtualisation.efi.firmwareFirmware binary for EFI implementation, defaults to OVMF.
Type: path
Default: pkgs.OVMF.firmware
Declared by:
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
|
virtualisation.efi.variablesPlatform-specific flash binary for EFI variables, implementation-dependent to the EFI firmware. Defaults to OVMF.
Type: path
Default: pkgs.OVMF.variables
Declared by:
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
|
virtualisation.efiVarsPath to nvram image containing UEFI variables. The will be created on startup if it does not exist.
Type: string
Default: "./${config.system.name}-efi-vars.fd"
Declared by:
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
|
virtualisation.emptyDiskImagesAdditional disk images to provide to the VM. The value is a list of size in megabytes of each disk. These disks are writeable by the VM.
Type: list of positive integer, meaning >0
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
|
virtualisation.fileSystemsThe file systems to be mounted. It must include an entry for
the root directory (mountPoint = "/"). Each
entry in the list is an attribute set with the following fields:
mountPoint, device,
fsType (a file system type recognised by
mount; defaults to
"auto"), and options
(the mount options passed to mount using the
-o flag; defaults to [ "defaults" ]).
Instead of specifying device, you can also
specify a volume label (label) for file
systems that support it, such as ext2/ext3 (see mke2fs -L).
Type: attribute set of (submodule)
Default: { }
Example:
{
"/".device = "/dev/hda1";
"/data" = {
device = "/dev/hda2";
fsType = "ext3";
options = [ "data=journal" ];
};
"/bigdisk".label = "bigdisk";
}
Declared by:
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
|
virtualisation.fileSystems.<name>.autoFormatIf the device does not currently contain a filesystem (as
determined by blkid, then automatically
format it with the filesystem type specified in
fsType. Use with caution.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
|
virtualisation.fileSystems.<name>.autoResizeIf set, the filesystem is grown to its maximum size before being mounted. (This is typically the size of the containing partition.) This is currently only supported for ext2/3/4 filesystems that are mounted during early boot.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
|
virtualisation.fileSystems.<name>.dependsList of paths that should be mounted before this one. This filesystem's
device and mountPoint are always
checked and do not need to be included explicitly. If a path is added
to this list, any other filesystem whose mount point is a parent of
the path will be mounted before this filesystem. The paths do not need
to actually be the mountPoint of some other filesystem.
Type: list of string (with check: non-empty without trailing slash)
Default: [ ]
Example:
[ "/persist" ]
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
|
virtualisation.fileSystems.<name>.deviceLocation of the device.
Type: null or string (with check: non-empty)
Default: null
Example: "/dev/sda"
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
|
virtualisation.fileSystems.<name>.encrypted.enableThe block device is backed by an encrypted one, adds this device as a initrd luks entry.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/tasks/encrypted-devices.nix>
|
virtualisation.fileSystems.<name>.encrypted.blkDevLocation of the backing encrypted device.
Type: null or string
Default: null
Example: "/dev/sda1"
Declared by:
<nixpkgs/nixos/modules/tasks/encrypted-devices.nix>
|
virtualisation.fileSystems.<name>.encrypted.keyFilePath to a keyfile used to unlock the backing encrypted
device. At the time this keyfile is accessed, the
neededForBoot filesystems (see
fileSystems.<name?>.neededForBoot)
will have been mounted under /mnt-root,
so the keyfile path should usually start with "/mnt-root/".
Type: null or string
Default: null
Example: "/mnt-root/root/.swapkey"
Declared by:
<nixpkgs/nixos/modules/tasks/encrypted-devices.nix>
|
virtualisation.fileSystems.<name>.encrypted.labelLabel of the unlocked encrypted device. Set fileSystems.<name?>.device to /dev/mapper/<label> to mount the unlocked device.
Type: null or string
Default: null
Example: "rootfs"
Declared by:
<nixpkgs/nixos/modules/tasks/encrypted-devices.nix>
|
virtualisation.fileSystems.<name>.formatOptionsIf autoFormat option is set specifies
extra options passed to mkfs.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
|
virtualisation.fileSystems.<name>.fsTypeType of the file system.
Type: string (with check: non-empty)
Default: "auto"
Example: "ext3"
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
|
virtualisation.fileSystems.<name>.labelLabel of the device (if any).
Type: null or string (with check: non-empty)
Default: null
Example: "root-partition"
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
|
virtualisation.fileSystems.<name>.mountPointLocation of the mounted file system.
Type: string (with check: non-empty without trailing slash)
Example: "/mnt/usb"
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
|
virtualisation.fileSystems.<name>.neededForBootIf set, this file system will be mounted in the initial ramdisk.
Note that the file system will always be mounted in the initial
ramdisk if its mount point is one of the following:
/, /nix, /nix/store, /var, /var/log, /var/lib, /var/lib/nixos, /etc, /usr.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/system/boot/stage-1.nix>
|
virtualisation.fileSystems.<name>.noCheckDisable running fsck on this filesystem.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
|
virtualisation.fileSystems.<name>.optionsOptions used to mount the file system.
Type: list of string (with check: non-empty)
Default:
[ "defaults" ]
Example:
[ "data=journal" ]
Declared by:
<nixpkgs/nixos/modules/tasks/filesystems.nix>
|
virtualisation.forwardPortsWhen using the SLiRP user networking (default), this option allows to forward ports to/from the host/guest.
If the NixOS firewall on the virtual machine is enabled, you also have to open the guest ports to enable the traffic between host and guest.
Currently QEMU supports only IPv4 forwarding.
Type: list of (submodule)
Default: [ ]
Example:
[ # forward local port 2222 -> 22, to ssh into the VM
{ from = "host"; host.port = 2222; guest.port = 22; }
# forward local port 80 -> 10.0.2.10:80 in the VLAN
{ from = "guest";
guest.address = "10.0.2.10"; guest.port = 80;
host.address = "127.0.0.1"; host.port = 80;
}
]
Declared by:
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
|
virtualisation.forwardPorts.*.fromControls the direction in which the ports are mapped:
"host" means traffic from the host ports
is forwarded to the given guest port.
"guest" means traffic from the guest ports
is forwarded to the given host port.
Type: one of "host", "guest"
Default: "host"
Declared by:
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
|
virtualisation.forwardPorts.*.guest.addressThe IPv4 address on the guest VLAN.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
|
virtualisation.forwardPorts.*.guest.portThe guest port to be mapped.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Declared by:
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
|
virtualisation.forwardPorts.*.host.addressThe IPv4 address of the host.
Type: string
Default: ""
Declared by:
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
|
virtualisation.forwardPorts.*.host.portThe host port to be mapped.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Declared by:
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
|
virtualisation.forwardPorts.*.protoThe protocol to forward.
Type: one of "tcp", "udp"
Default: "tcp"
Declared by:
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
|
virtualisation.graphicsWhether to run QEMU with a graphics window, or in nographic mode. Serial console will be enabled on both settings, but this will change the preferred console.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
|
virtualisation.host.pkgspkgs set to use for the host-specific packages of the vm runner. Changing this to e.g. a Darwin package set allows running NixOS VMs on Darwin.
Type: An evaluation of Nixpkgs; the top level attribute set of packages
Default: pkgs
Example:
import pkgs.path { system = "x86_64-darwin"; }
Declared by:
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
|
virtualisation.hypervGuest.enableWhether to enable Hyper-V Guest Support.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/virtualisation/hyperv-guest.nix>
|
virtualisation.hypervGuest.videoModeResolution at which to initialize the video adapter.
Supports screen resolution up to Full HD 1920x1080 with 32 bit color on Windows Server 2012, and 1600x1200 with 16 bit color on Windows Server 2008 R2 or earlier.
Type: string
Default: "1152x864"
Example: "1024x768"
Declared by:
<nixpkgs/nixos/modules/virtualisation/hyperv-guest.nix>
|
virtualisation.kvmgt.enableWhether to enable KVMGT (iGVT-g) VGPU support. Allows Qemu/KVM guests to share host's Intel integrated graphics card.
Currently only one graphical device can be shared. To allow users to access the device without root add them
to the kvm group: users.extraUsers.<yourusername>.extraGroups = [ "kvm" ];
.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/virtualisation/kvmgt.nix>
|
virtualisation.kvmgt.devicePCI ID of graphics card. You can figure it with ls /sys/class/mdev_bus.
Type: string
Default: "0000:00:02.0"
Declared by:
<nixpkgs/nixos/modules/virtualisation/kvmgt.nix>
|
virtualisation.kvmgt.vgpusVirtual GPUs to be used in Qemu. You can find devices via ls /sys/bus/pci/devices/*/mdev_supported_types and find info about device via cat /sys/bus/pci/devices/*/mdev_supported_types/i915-GVTg_V5_4/description
Type: attribute set of (submodule)
Default: { }
Example:
{
i915-GVTg_V5_8 = {
uuid = [
"a297db4a-f4c2-11e6-90f6-d3b88d6c9525"
];
};
}Declared by:
<nixpkgs/nixos/modules/virtualisation/kvmgt.nix>
|
virtualisation.kvmgt.vgpus.<name>.uuidUUID(s) of VGPU device. You can generate one with libossp_uuid.
Type: list of string
Declared by:
<nixpkgs/nixos/modules/virtualisation/kvmgt.nix>
|
virtualisation.libvirtd.enableThis option enables libvirtd, a daemon that manages virtual machines. Users in the "libvirtd" group can interact with the daemon (e.g. to start or stop VMs) using the virsh command line tool, among others.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/virtualisation/libvirtd.nix>
|
virtualisation.libvirtd.packagelibvirt package to use.
Type: package
Default: pkgs.libvirt
Declared by:
<nixpkgs/nixos/modules/virtualisation/libvirtd.nix>
|
virtualisation.libvirtd.allowedBridgesList of bridge devices that can be used by qemu:///session
Type: list of string
Default:
[ "virbr0" ]
Declared by:
<nixpkgs/nixos/modules/virtualisation/libvirtd.nix>
|
virtualisation.libvirtd.extraConfigExtra contents appended to the libvirtd configuration file, libvirtd.conf.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/virtualisation/libvirtd.nix>
|
virtualisation.libvirtd.extraOptionsExtra command line arguments passed to libvirtd on startup.
Type: list of string
Default: [ ]
Example:
[ "--verbose" ]
Declared by:
<nixpkgs/nixos/modules/virtualisation/libvirtd.nix>
|
virtualisation.libvirtd.onBootSpecifies the action to be done to / on the guests when the host boots. The "start" option starts all guests that were running prior to shutdown regardless of their autostart settings. The "ignore" option will not start the formerly running guest on boot. However, any guest marked as autostart will still be automatically started by libvirtd.
Type: one of "start", "ignore"
Default: "start"
Declared by:
<nixpkgs/nixos/modules/virtualisation/libvirtd.nix>
|
virtualisation.libvirtd.onShutdownWhen shutting down / restarting the host what method should be used to gracefully halt the guests. Setting to "shutdown" will cause an ACPI shutdown of each guest. "suspend" will attempt to save the state of the guests ready to restore on boot.
Type: one of "shutdown", "suspend"
Default: "suspend"
Declared by:
<nixpkgs/nixos/modules/virtualisation/libvirtd.nix>
|
virtualisation.libvirtd.qemuQEMU related options.
Type: submodule
Default: { }
Declared by:
<nixpkgs/nixos/modules/virtualisation/libvirtd.nix>
|
virtualisation.libvirtd.qemu.packageQemu package to use with libvirt.
pkgs.qemu can emulate alien architectures (e.g. aarch64 on x86)
pkgs.qemu_kvm saves disk space allowing to emulate only host architectures.
Type: package
Default: pkgs.qemu
Declared by:
<nixpkgs/nixos/modules/virtualisation/libvirtd.nix>
|
virtualisation.libvirtd.qemu.ovmfQEMU's OVMF options.
Type: submodule
Default: { }
Declared by:
<nixpkgs/nixos/modules/virtualisation/libvirtd.nix>
|
virtualisation.libvirtd.qemu.ovmf.enableAllows libvirtd to take advantage of OVMF when creating new QEMU VMs with UEFI boot.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/virtualisation/libvirtd.nix>
|
virtualisation.libvirtd.qemu.ovmf.packagesList of OVMF packages to use. Each listed package must contain files names FV/OVMF_CODE.fd and FV/OVMF_VARS.fd or FV/AAVMF_CODE.fd and FV/AAVMF_VARS.fd
Type: list of package
Default: [ pkgs.OVMF.fd ]
Example: [ pkgs.OVMFFull.fd pkgs.pkgsCross.aarch64-multiplatform.OVMF.fd ]
Declared by:
<nixpkgs/nixos/modules/virtualisation/libvirtd.nix>
|
virtualisation.libvirtd.qemu.runAsRootIf true, libvirtd runs qemu as root. If false, libvirtd runs qemu as unprivileged user qemu-libvirtd. Changing this option to false may cause file permission issues for existing guests. To fix these, manually change ownership of affected files in /var/lib/libvirt/qemu to qemu-libvirtd.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/virtualisation/libvirtd.nix>
|
virtualisation.libvirtd.qemu.swtpmQEMU's swtpm options.
Type: submodule
Default: { }
Declared by:
<nixpkgs/nixos/modules/virtualisation/libvirtd.nix>
|
virtualisation.libvirtd.qemu.swtpm.enableAllows libvirtd to use swtpm to create an emulated TPM.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/virtualisation/libvirtd.nix>
|
virtualisation.libvirtd.qemu.swtpm.packageswtpm package to use.
Type: package
Default: pkgs.swtpm
Declared by:
<nixpkgs/nixos/modules/virtualisation/libvirtd.nix>
|
virtualisation.libvirtd.qemu.verbatimConfigContents written to the qemu configuration file, qemu.conf. Make sure to include a proper namespace configuration when supplying custom configuration.
Type: strings concatenated with "\n"
Default:
'' namespaces = [] ''
Declared by:
<nixpkgs/nixos/modules/virtualisation/libvirtd.nix>
|
virtualisation.lxc.enableThis enables Linux Containers (LXC), which provides tools for creating and managing system or application containers on Linux.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/virtualisation/lxc.nix>
|
virtualisation.lxc.defaultConfigDefault config (default.conf) for new containers, i.e. for network config. See lxc.container.conf(5).
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/virtualisation/lxc.nix>
|
virtualisation.lxc.lxcfs.enableThis enables LXCFS, a FUSE filesystem for LXC. To use lxcfs in include the following configuration in your container configuration:
virtualisation.lxc.defaultConfig = "lxc.include = ${pkgs.lxcfs}/share/lxc/config/common.conf.d/00-lxcfs.conf";
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/virtualisation/lxcfs.nix>
|
virtualisation.lxc.systemConfigThis is the system-wide LXC config. See lxc.system.conf(5).
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/virtualisation/lxc.nix>
|
virtualisation.lxc.usernetConfigThis is the config file for managing unprivileged user network administration access in LXC. See lxc-usernet(5).
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/virtualisation/lxc.nix>
|
virtualisation.lxd.enableThis option enables lxd, a daemon that manages containers. Users in the "lxd" group can interact with the daemon (e.g. to start or stop containers) using the lxc command line tool, among others.
Most of the time, you'll also want to start lxcfs, so that containers can "see" the limits:
virtualisation.lxc.lxcfs.enable = true;
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/virtualisation/lxd.nix>
|
virtualisation.lxd.packageThe LXD package to use.
Type: package
Default: pkgs.lxd
Declared by:
<nixpkgs/nixos/modules/virtualisation/lxd.nix>
|
virtualisation.lxd.lxcPackageThe LXC package to use with LXD (required for AppArmor profiles).
Type: package
Default: pkgs.lxc
Declared by:
<nixpkgs/nixos/modules/virtualisation/lxd.nix>
|
virtualisation.lxd.recommendedSysctlSettingsEnables various settings to avoid common pitfalls when running containers requiring many file operations. Fixes errors like "Too many open files" or "neighbour: ndisc_cache: neighbor table overflow!". See https://lxd.readthedocs.io/en/latest/production-setup/ for details.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/virtualisation/lxd.nix>
|
virtualisation.lxd.startTimeoutTime to wait (in seconds) for LXD to become ready to process requests. If LXD does not reply within the configured time, lxd.service will be considered failed and systemd will attempt to restart it.
Type: signed integer
Default: 600
Declared by:
<nixpkgs/nixos/modules/virtualisation/lxd.nix>
|
virtualisation.lxd.zfsSupportEnables lxd to use zfs as a storage for containers.
This option is enabled by default if a zfs pool is configured with nixos.
Type: boolean
Default: config.boot.zfs.enabled
Declared by:
<nixpkgs/nixos/modules/virtualisation/lxd.nix>
|
virtualisation.memorySizeThe memory size in megabytes of the virtual machine.
Type: positive integer, meaning >0
Default: 1024
Declared by:
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
|
virtualisation.msizeThe msize (maximum packet size) option passed to 9p file systems, in bytes. Increasing this should increase performance significantly, at the cost of higher RAM usage.
Type: positive integer, meaning >0
Default: 16384
Declared by:
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
|
virtualisation.oci-containers.backendThe underlying Docker implementation to use.
Type: one of "podman", "docker"
Default: "podman"
Declared by:
<nixpkgs/nixos/modules/virtualisation/oci-containers.nix>
|
virtualisation.oci-containers.containersOCI (Docker) containers to run as systemd services.
Type: attribute set of (submodule)
Default: { }
Declared by:
<nixpkgs/nixos/modules/virtualisation/oci-containers.nix>
|
virtualisation.oci-containers.containers.<name>.autoStartWhen enabled, the container is automatically started on boot. If this option is set to false, the container has to be started on-demand via its service.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/virtualisation/oci-containers.nix>
|
virtualisation.oci-containers.containers.<name>.cmdCommandline arguments to pass to the image's entrypoint.
Type: list of string
Default: [ ]
Example:
["--port=9000"]
Declared by:
<nixpkgs/nixos/modules/virtualisation/oci-containers.nix>
|
virtualisation.oci-containers.containers.<name>.dependsOnDefine which other containers this one depends on. They will be added to both After and Requires for the unit.
Use the same name as the attribute under virtualisation.oci-containers.containers.
Type: list of string
Default: [ ]
Example:
virtualisation.oci-containers.containers = {
node1 = {};
node2 = {
dependsOn = [ "node1" ];
}
}
Declared by:
<nixpkgs/nixos/modules/virtualisation/oci-containers.nix>
|
virtualisation.oci-containers.containers.<name>.entrypointOverride the default entrypoint of the image.
Type: null or string
Default: null
Example: "/bin/my-app"
Declared by:
<nixpkgs/nixos/modules/virtualisation/oci-containers.nix>
|
virtualisation.oci-containers.containers.<name>.environmentEnvironment variables to set for this container.
Type: attribute set of string
Default: { }
Example:
{
DATABASE_HOST = "db.example.com";
DATABASE_PORT = "3306";
}
Declared by:
<nixpkgs/nixos/modules/virtualisation/oci-containers.nix>
|
virtualisation.oci-containers.containers.<name>.environmentFilesEnvironment files for this container.
Type: list of path
Default: [ ]
Example:
[ /path/to/.env /path/to/.env.secret ]
Declared by:
<nixpkgs/nixos/modules/virtualisation/oci-containers.nix>
|
virtualisation.oci-containers.containers.<name>.extraOptionsExtra options for podman run.
Type: list of string
Default: [ ]
Example:
["--network=host"]
Declared by:
<nixpkgs/nixos/modules/virtualisation/oci-containers.nix>
|
virtualisation.oci-containers.containers.<name>.imageOCI image to run.
Type: string
Example: "library/hello-world"
Declared by:
<nixpkgs/nixos/modules/virtualisation/oci-containers.nix>
|
virtualisation.oci-containers.containers.<name>.imageFilePath to an image file to load before running the image. This can be used to bypass pulling the image from the registry.
The image attribute must match the name and
tag of the image contained in this file, as they will be used to
run the container with that image. If they do not match, the
image will be pulled from the registry as usual.
Type: null or package
Default: null
Example: pkgs.dockerTools.buildImage {...};
Declared by:
<nixpkgs/nixos/modules/virtualisation/oci-containers.nix>
|
virtualisation.oci-containers.containers.<name>.log-driverLogging driver for the container. The default of
"journald" means that the container's logs will be
handled as part of the systemd unit.
For more details and a full list of logging drivers, refer to respective backends documentation.
For Docker: Docker engine documentation
For Podman: Refer to the docker-run(1) man page.
Type: string
Default: "journald"
Declared by:
<nixpkgs/nixos/modules/virtualisation/oci-containers.nix>
|
virtualisation.oci-containers.containers.<name>.login.passwordFilePath to file containing password.
Type: null or string
Default: null
Example: "/etc/nixos/dockerhub-password.txt"
Declared by:
<nixpkgs/nixos/modules/virtualisation/oci-containers.nix>
|
virtualisation.oci-containers.containers.<name>.login.registryRegistry where to login to.
Type: null or string
Default: null
Example: "https://docker.pkg.github.com"
Declared by:
<nixpkgs/nixos/modules/virtualisation/oci-containers.nix>
|
virtualisation.oci-containers.containers.<name>.login.usernameUsername for login.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/virtualisation/oci-containers.nix>
|
virtualisation.oci-containers.containers.<name>.portsNetwork ports to publish from the container to the outer host.
Valid formats:
<ip>:<hostPort>:<containerPort>
<ip>::<containerPort>
<hostPort>:<containerPort>
<containerPort>
Both hostPort and containerPort can be specified as a range of
ports. When specifying ranges for both, the number of container
ports in the range must match the number of host ports in the
range. Example: 1234-1236:1234-1236/tcp
When specifying a range for hostPort only, the containerPort
must not be a range. In this case, the container port is published
somewhere within the specified hostPort range.
Example: 1234-1236:1234/tcp
Refer to the Docker engine documentation for full details.
Type: list of string
Default: [ ]
Example:
[ "8080:9000" ]
Declared by:
<nixpkgs/nixos/modules/virtualisation/oci-containers.nix>
|
virtualisation.oci-containers.containers.<name>.userOverride the username or UID (and optionally groupname or GID) used in the container.
Type: null or string
Default: null
Example: "nobody:nogroup"
Declared by:
<nixpkgs/nixos/modules/virtualisation/oci-containers.nix>
|
virtualisation.oci-containers.containers.<name>.volumesList of volumes to attach to this container.
Note that this is a list of "src:dst" strings to
allow for src to refer to /nix/store paths, which
would be difficult with an attribute set. There are
also a variety of mount options available as a third
field; please refer to the
docker engine documentation for details.
Type: list of string
Default: [ ]
Example:
[ "volume_name:/path/inside/container" "/path/on/host:/path/inside/container" ]
Declared by:
<nixpkgs/nixos/modules/virtualisation/oci-containers.nix>
|
virtualisation.oci-containers.containers.<name>.workdirOverride the default working directory for the container.
Type: null or string
Default: null
Example: "/var/lib/hello_world"
Declared by:
<nixpkgs/nixos/modules/virtualisation/oci-containers.nix>
|
virtualisation.podman.enableThis option enables Podman, a daemonless container engine for developing, managing, and running OCI Containers on your Linux System.
It is a drop-in replacement for the docker command.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/virtualisation/podman/default.nix>
|
virtualisation.podman.enableNvidiaEnable use of NVidia GPUs from within podman containers.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/virtualisation/podman/default.nix>
|
virtualisation.podman.defaultNetwork.dnsname.enableEnable DNS resolution in the default podman network.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/virtualisation/podman/dnsname.nix>
|
virtualisation.podman.defaultNetwork.extraPluginsExtra CNI plugin configurations to add to podman's default network.
Type: list of (JSON value)
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/virtualisation/podman/default.nix>
|
virtualisation.podman.dockerCompatCreate an alias mapping docker to podman.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/virtualisation/podman/default.nix>
|
virtualisation.podman.dockerSocket.enableMake the Podman socket available in place of the Docker socket, so Docker tools can find the Podman socket.
Podman implements the Docker API.
Users must be in the podman group in order to connect. As
with Docker, members of this group can gain root access.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/virtualisation/podman/default.nix>
|
virtualisation.podman.extraPackagesExtra packages to be installed in the Podman wrapper.
Type: list of package
Default: [ ]
Example:
[ pkgs.gvisor ]
Declared by:
<nixpkgs/nixos/modules/virtualisation/podman/default.nix>
|
virtualisation.podman.networkSocket.enableMake the Podman and Docker compatibility API available over the network with TLS client certificate authentication.
This allows Docker clients to connect with the equivalents of the Docker
CLI -H and --tls* family of options.
For certificate setup, see https://docs.docker.com/engine/security/protect-access/
This option is independent of virtualisation.podman.dockerSocket.enable.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/virtualisation/podman/network-socket.nix>
|
virtualisation.podman.networkSocket.listenAddressInterface address for receiving TLS connections.
Type: string
Default: "0.0.0.0"
Declared by:
<nixpkgs/nixos/modules/virtualisation/podman/network-socket.nix>
|
virtualisation.podman.networkSocket.openFirewallWhether to open the port in the firewall.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/virtualisation/podman/network-socket.nix>
|
virtualisation.podman.networkSocket.portTCP port number for receiving TLS connections.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 2376
Declared by:
<nixpkgs/nixos/modules/virtualisation/podman/network-socket.nix>
|
virtualisation.podman.networkSocket.serverChoice of TLS proxy server.
Type: value "ghostunnel" (singular enum)
Example: "ghostunnel"
Declared by:
<nixpkgs/nixos/modules/virtualisation/podman/network-socket-ghostunnel.nix>
|
<nixpkgs/nixos/modules/virtualisation/podman/network-socket.nix>
|
virtualisation.podman.networkSocket.tls.cacertPath to CA certificate to use for client authentication.
Type: path
Declared by:
<nixpkgs/nixos/modules/virtualisation/podman/network-socket.nix>
|
virtualisation.podman.networkSocket.tls.certPath to certificate describing the server.
Type: path
Declared by:
<nixpkgs/nixos/modules/virtualisation/podman/network-socket.nix>
|
virtualisation.podman.networkSocket.tls.keyPath to the private key corresponding to the server certificate.
Use a string for this setting. Otherwise it will be copied to the Nix store first, where it is readable by any system process.
Type: path
Declared by:
<nixpkgs/nixos/modules/virtualisation/podman/network-socket.nix>
|
virtualisation.qemu.packageQEMU package to use.
Type: package
Default: config.virtualisation.host.pkgs.qemu_kvm
Example: pkgs.qemu_test
Declared by:
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
|
virtualisation.qemu.consolesThe output console devices to pass to the kernel command line via the
console parameter, the primary console is the last
item of this list.
By default it enables both serial console and
tty0. The preferred console (last one) is based on
the value of virtualisation.graphics.
Type: list of string
Default:
[ "ttyS0,115200n8" "tty0" ]
Example:
[ "console=tty1" ]
Declared by:
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
|
virtualisation.qemu.diskInterfaceThe interface used for the virtual hard disks.
Type: one of "virtio", "scsi", "ide"
Default: "virtio"
Example: "scsi"
Declared by:
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
|
virtualisation.qemu.drivesDrives passed to qemu.
Type: list of (submodule)
Declared by:
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
|
virtualisation.qemu.drives.*.deviceExtraOptsExtra options passed to device flag.
Type: attribute set of string
Default: { }
Declared by:
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
|
virtualisation.qemu.drives.*.driveExtraOptsExtra options passed to drive flag.
Type: attribute set of string
Default: { }
Declared by:
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
|
virtualisation.qemu.drives.*.fileThe file image used for this drive.
Type: string
Declared by:
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
|
virtualisation.qemu.drives.*.nameA name for the drive. Must be unique in the drives list. Not passed to qemu.
Type: null or string
Default: null
Declared by:
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
|
virtualisation.qemu.guestAgent.enableEnable the Qemu guest agent.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
|
virtualisation.qemu.networkingOptionsNetworking-related command-line options that should be passed to qemu. The default is to use userspace networking (SLiRP).
If you override this option, be advised to keep ${QEMU_NET_OPTS:+,$QEMU_NET_OPTS} (as seen in the example) to keep the default runtime behaviour.
Type: list of string
Default: [ ]
Example:
[
"-net nic,netdev=user.0,model=virtio"
"-netdev user,id=user.0,\${QEMU_NET_OPTS:+,$QEMU_NET_OPTS}"
]Declared by:
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
|
virtualisation.qemu.optionsOptions passed to QEMU.
Type: list of string
Default: [ ]
Example:
[ "-vga std" ]
Declared by:
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
|
virtualisation.qemu.virtioKeyboardEnable the virtio-keyboard device.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
|
virtualisation.resolutionThe resolution of the virtual machine display.
Type: attribute set
Default:
{
x = 1024;
y = 768;
}Declared by:
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
|
virtualisation.rosetta.enableWhether to enable Rosetta support.
This feature requires the system to be a virtualised guest on an Apple silicon host.
The default settings are suitable for the UTM virtualisation package. Make sure to select 'Apple Virtualization' as the virtualisation engine and then tick the 'Enable Rosetta' option.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/virtualisation/rosetta.nix>
|
virtualisation.rosetta.mountTagThe VirtioFS mount tag for the Rosetta runtime, exposed by the host's virtualisation software.
If supported, your virtualisation software should provide instructions on how register the Rosetta runtime inside Linux guests. These instructions should mention the name of the mount tag used for the VirtioFS directory share that contains the Rosetta runtime.
Type: string
Default: "rosetta"
Declared by:
<nixpkgs/nixos/modules/virtualisation/rosetta.nix>
|
virtualisation.sharedDirectoriesAn attributes set of directories that will be shared with the virtual machine using VirtFS (9P filesystem over VirtIO). The attribute name will be used as the 9P mount tag.
Type: attribute set of (submodule)
Default: { }
Example:
{
my-share = {
source = "/path/to/be/shared";
target = "/mnt/shared";
};
}Declared by:
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
|
virtualisation.sharedDirectories.<name>.sourceThe path of the directory to share, can be a shell variable
Type: string
Declared by:
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
|
virtualisation.sharedDirectories.<name>.targetThe mount point of the directory inside the virtual machine
Type: path
Declared by:
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
|
virtualisation.spiceUSBRedirection.enableInstall the SPICE USB redirection helper with setuid privileges. This allows unprivileged users to pass USB devices connected to this machine to libvirt VMs, both local and remote. Note that this allows users arbitrary access to USB devices.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/virtualisation/spice-usb-redirection.nix>
|
virtualisation.useBootLoaderIf enabled, the virtual machine will be booted using the regular boot loader (i.e., GRUB 1 or 2). This allows testing of the boot loader. If disabled (the default), the VM directly boots the NixOS kernel and initial ramdisk, bypassing the boot loader altogether.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
|
virtualisation.useDefaultFilesystemsIf enabled, the boot disk of the virtual machine will be formatted and mounted with the default filesystems for testing. Swap devices and LUKS will be disabled.
If disabled, a root filesystem has to be specified and formatted (for example in the initial ramdisk).
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
|
virtualisation.useEFIBootIf enabled, the virtual machine will provide a EFI boot manager. useEFIBoot is ignored if useBootLoader == false.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
|
virtualisation.useNixStoreImageBuild and use a disk image for the Nix store, instead of accessing the host's one through 9p.
For applications which do a lot of reads from the store, this can drastically improve performance, but at the cost of disk space and image build time.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
|
virtualisation.virtualbox.guest.enableWhether to enable the VirtualBox service and other guest additions.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/virtualisation/virtualbox-guest.nix>
|
virtualisation.virtualbox.guest.x11Whether to enable x11 graphics
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/virtualisation/virtualbox-guest.nix>
|
virtualisation.virtualbox.host.enableWhether to enable VirtualBox.
In order to pass USB devices from the host to the guests, the user
needs to be in the vboxusers group.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/virtualisation/virtualbox-host.nix>
|
virtualisation.virtualbox.host.enableExtensionPackWhether to install the Oracle Extension Pack for VirtualBox.
You must set nixpkgs.config.allowUnfree = true in
order to use this. This requires you accept the VirtualBox PUEL.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/virtualisation/virtualbox-host.nix>
|
virtualisation.virtualbox.host.enableHardeningEnable hardened VirtualBox, which ensures that only the binaries in the system path get access to the devices exposed by the kernel modules instead of all users in the vboxusers group.
Disabling this can put your system's security at risk, as local users in the vboxusers group can tamper with the VirtualBox device files.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/virtualisation/virtualbox-host.nix>
|
virtualisation.virtualbox.host.enableWebServiceBuild VirtualBox web service tool (vboxwebsrv) to allow managing VMs via other webpage frontend tools. Useful for headless servers.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/virtualisation/virtualbox-host.nix>
|
virtualisation.virtualbox.host.packageWhich VirtualBox package to use.
Type: package
Default: pkgs.virtualbox
Declared by:
<nixpkgs/nixos/modules/virtualisation/virtualbox-host.nix>
|
virtualisation.virtualbox.host.addNetworkInterfaceAutomatically set up a vboxnet0 host-only network interface.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/virtualisation/virtualbox-host.nix>
|
virtualisation.virtualbox.host.headlessUse VirtualBox installation without GUI and Qt dependency. Useful to enable on servers and when virtual machines are controlled only via SSH.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/virtualisation/virtualbox-host.nix>
|
virtualisation.vlansVirtual networks to which the VM is connected. Each
number «N» in this list causes
the VM to have a virtual Ethernet interface attached to a
separate virtual network on which it will be assigned IP
address
192.168.«N».«M»,
where «M» is the index of this VM
in the list of VMs.
Type: list of unsigned integer, meaning >=0
Default:
[ 1 ]
Example:
[ 1 2 ]
Declared by:
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
|
virtualisation.vmVariantMachine configuration to be added for the vm script produced by nixos-rebuild build-vm.
Type: submodule
Default: { }
Declared by:
<nixpkgs/nixos/modules/virtualisation/build-vm.nix>
|
virtualisation.vmVariantWithBootLoaderMachine configuration to be added for the vm script produced by nixos-rebuild build-vm-with-bootloader.
Type: submodule
Default: { }
Declared by:
<nixpkgs/nixos/modules/virtualisation/build-vm.nix>
|
virtualisation.vmware.guest.enableWhether to enable VMWare Guest Support.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/virtualisation/vmware-guest.nix>
|
virtualisation.vmware.guest.headlessWhether to disable X11-related features.
Type: boolean
Default: "!config.services.xserver.enable"
Declared by:
<nixpkgs/nixos/modules/virtualisation/vmware-guest.nix>
|
virtualisation.vmware.host.enableThis enables VMware host virtualisation for running VMs.
vmware-vmx will cause kcompactd0 due to
Transparent Hugepages feature in kernel.
Apply [ "transparent_hugepage=never" ] in
option boot.kernelParams to disable them.
If that didn't work disable TRANSPARENT_HUGEPAGE,
COMPACTION configs and recompile kernel.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/virtualisation/vmware-host.nix>
|
virtualisation.vmware.host.packageVMware host virtualisation package to use
Type: package
Default: pkgs.vmware-workstation
Declared by:
<nixpkgs/nixos/modules/virtualisation/vmware-host.nix>
|
virtualisation.vmware.host.extraConfigAdd extra config to /etc/vmware/config
Type: strings concatenated with "\n"
Default: ""
Example:
'' # Allow unsupported device's OpenGL and Vulkan acceleration for guest vGPU mks.gl.allowUnsupportedDrivers = "TRUE" mks.vk.allowUnsupportedDevices = "TRUE" ''
Declared by:
<nixpkgs/nixos/modules/virtualisation/vmware-host.nix>
|
virtualisation.vmware.host.extraPackagesExtra packages to be used with VMware host.
Type: list of package
Default: [ ]
Example: "with pkgs; [ ntfs3g ]"
Declared by:
<nixpkgs/nixos/modules/virtualisation/vmware-host.nix>
|
virtualisation.vswitch.enableWhether to enable Open vSwitch. A configuration daemon (ovs-server) will be started.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/virtualisation/openvswitch.nix>
|
virtualisation.vswitch.packageOpen vSwitch package to use.
Type: package
Default: pkgs.openvswitch
Declared by:
<nixpkgs/nixos/modules/virtualisation/openvswitch.nix>
|
virtualisation.vswitch.resetOnStartWhether to reset the Open vSwitch configuration database to a default
configuration on every start of the systemd ovsdb.service.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/virtualisation/openvswitch.nix>
|
virtualisation.waydroid.enableWhether to enable Waydroid.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/virtualisation/waydroid.nix>
|
virtualisation.writableStoreIf enabled, the Nix store in the VM is made writable by layering an overlay filesystem on top of the host's Nix store.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
|
virtualisation.writableStoreUseTmpfsUse a tmpfs for the writable store instead of writing to the VM's own filesystem.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
|
virtualisation.xen.enableSetting this option enables the Xen hypervisor, a virtualisation technology that allows multiple virtual machines, known as domains, to run concurrently on the physical machine. NixOS runs as the privileged Domain 0. This option requires a reboot to take effect.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/virtualisation/xen-dom0.nix>
|
virtualisation.xen.packageThe package used for Xen binary.
Type: package
Example: pkgs.xen-light
Related packages:
Declared by:
<nixpkgs/nixos/modules/virtualisation/xen-dom0.nix>
|
virtualisation.xen.package-qemuThe package with qemu binaries for dom0 qemu and xendomains.
Type: package
Example: pkgs.qemu_xen-light
Related packages:
For use with pkgs.xen-light.
Declared by:
<nixpkgs/nixos/modules/virtualisation/xen-dom0.nix>
|
virtualisation.xen.bootParamsParameters passed to the Xen hypervisor at boot time.
Type: list of string
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/virtualisation/xen-dom0.nix>
|
virtualisation.xen.bridge.addressIPv4 address of the bridge.
Type: string
Default: "172.16.0.1"
Declared by:
<nixpkgs/nixos/modules/virtualisation/xen-dom0.nix>
|
virtualisation.xen.bridge.forwardDnsIf set to true, the DNS queries from the
hosts connected to the bridge will be forwarded to the DNS
servers specified in /etc/resolv.conf .
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/virtualisation/xen-dom0.nix>
|
virtualisation.xen.bridge.nameName of bridge the Xen domUs connect to.
Type: string
Default: "xenbr0"
Declared by:
<nixpkgs/nixos/modules/virtualisation/xen-dom0.nix>
|
virtualisation.xen.bridge.prefixLengthSubnet mask of the bridge interface, specified as the number of
bits in the prefix (24).
A DHCP server will provide IP addresses for the whole, remaining
subnet.
Type: signed integer
Default: 16
Declared by:
<nixpkgs/nixos/modules/virtualisation/xen-dom0.nix>
|
virtualisation.xen.domain0MemorySizeAmount of memory (in MiB) allocated to Domain 0 on boot. If set to 0, all memory is assigned to Domain 0.
Type: signed integer
Default: 0
Example: 512
Declared by:
<nixpkgs/nixos/modules/virtualisation/xen-dom0.nix>
|
virtualisation.xen.domains.extraConfigOptions defined here will override the defaults for xendomains. The default options can be seen in the file included from /etc/default/xendomains.
Type: strings concatenated with "\n"
Default: ""
Declared by:
<nixpkgs/nixos/modules/virtualisation/xen-dom0.nix>
|
virtualisation.xen.storedXen Store daemon to use. Defaults to oxenstored of the xen package.
Type: path
Declared by:
<nixpkgs/nixos/modules/virtualisation/xen-dom0.nix>
|
virtualisation.xen.traceWhether to enable Xen tracing.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/virtualisation/xen-dom0.nix>
|
xdg.autostart.enableWhether to install files to support the XDG Autostart specification.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/config/xdg/autostart.nix>
|
xdg.icons.enableWhether to install files to support the XDG Icon Theme specification.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/config/xdg/icons.nix>
|
xdg.menus.enableWhether to install files to support the XDG Desktop Menu specification.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/config/xdg/menus.nix>
|
xdg.mime.enableWhether to install files to support the XDG Shared MIME-info specification and the XDG MIME Applications specification.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/config/xdg/mime.nix>
|
xdg.mime.addedAssociationsAdds associations between mimetypes and applications. See the specifications for more information.
Type: attribute set of (string or ((list of string) or string) convertible to it)
Default: { }
Example:
{
"application/pdf" = "firefox.desktop";
"text/xml" = [
"nvim.desktop"
"codium.desktop"
];
}Declared by:
<nixpkgs/nixos/modules/config/xdg/mime.nix>
|
xdg.mime.defaultApplicationsSets the default applications for given mimetypes. See the specifications for more information.
Type: attribute set of (string or ((list of string) or string) convertible to it)
Default: { }
Example:
{
"application/pdf" = "firefox.desktop";
"image/png" = [
"sxiv.desktop"
"gimp.desktop"
];
}Declared by:
<nixpkgs/nixos/modules/config/xdg/mime.nix>
|
xdg.mime.removedAssociationsRemoves associations between mimetypes and applications. See the specifications for more information.
Type: attribute set of (string or ((list of string) or string) convertible to it)
Default: { }
Example:
{
"audio/mp3" = [
"mpv.desktop"
"umpv.desktop"
];
"inode/directory" = "codium.desktop";
}Declared by:
<nixpkgs/nixos/modules/config/xdg/mime.nix>
|
xdg.portal.enableWhether to enable xdg desktop integration.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/config/xdg/portal.nix>
|
xdg.portal.extraPortalsList of additional portals to add to path. Portals allow interaction
with system, like choosing files or taking screenshots. At minimum,
a desktop portal implementation should be listed. GNOME and KDE already
adds xdg-desktop-portal-gtk; and
xdg-desktop-portal-kde respectively. On other desktop
environments you probably want to add them yourself.
Type: list of package
Default: [ ]
Declared by:
<nixpkgs/nixos/modules/config/xdg/portal.nix>
|
xdg.portal.lxqt.enableWhether to enable the desktop portal for the LXQt desktop environment.
This will add the lxqt.xdg-desktop-portal-lxqt
package (with the extra Qt styles) into the
xdg.portal.extraPortals option
.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/config/xdg/portals/lxqt.nix>
|
xdg.portal.lxqt.stylesExtra Qt styles that will be available to the
lxqt.xdg-desktop-portal-lxqt.
Type: list of package
Default: [ ]
Example:
[
pkgs.libsForQt5.qtstyleplugin-kvantum
pkgs.breeze-qt5
pkgs.qtcurve
];
Declared by:
<nixpkgs/nixos/modules/config/xdg/portals/lxqt.nix>
|
xdg.portal.wlr.enableWhether to enable desktop portal for wlroots-based desktops
This will add the xdg-desktop-portal-wlr package into
the xdg.portal.extraPortals option, and provide the
configuration file
.
Type: boolean
Default: false
Example: true
Declared by:
<nixpkgs/nixos/modules/config/xdg/portals/wlr.nix>
|
xdg.portal.wlr.settingsConfiguration for xdg-desktop-portal-wlr.
See xdg-desktop-portal-wlr(5) for supported
values.
Type: attribute set of attribute set of (INI atom (null, bool, int, float or string))
Default: { }
Example:
{
screencast = {
output_name = "HDMI-A-1";
max_fps = 30;
exec_before = "disable_notifications.sh";
exec_after = "enable_notifications.sh";
chooser_type = "simple";
chooser_cmd = "${pkgs.slurp}/bin/slurp -f %o -or";
};
}
Declared by:
<nixpkgs/nixos/modules/config/xdg/portals/wlr.nix>
|
xdg.portal.xdgOpenUsePortalSets environment variable NIXOS_XDG_OPEN_USE_PORTAL to 1
This will make xdg-open use the portal to open programs, which resolves bugs involving
programs opening inside FHS envs or with unexpected env vars set from wrappers.
See #160923 for more info.
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/config/xdg/portal.nix>
|
xdg.sounds.enableWhether to install files to support the XDG Sound Theme specification.
Type: boolean
Default: true
Declared by:
<nixpkgs/nixos/modules/config/xdg/sounds.nix>
|
zramSwap.enableEnable in-memory compressed devices and swap space provided by the zram kernel module. See https://www.kernel.org/doc/Documentation/blockdev/zram.txt .
Type: boolean
Default: false
Declared by:
<nixpkgs/nixos/modules/config/zram.nix>
|
zramSwap.algorithmCompression algorithm. lzo has good compression,
but is slow. lz4 has bad compression, but is fast.
zstd is both good compression and fast, but requires newer kernel.
You can check what other algorithms are supported by your zram device with
cat /sys/class/block/zram*/comp_algorithm
Type: one of "lzo", "lz4", "zstd" or string
Default: "zstd"
Example: "lz4"
Declared by:
<nixpkgs/nixos/modules/config/zram.nix>
|
zramSwap.memoryMaxMaximum total amount of memory (in bytes) that can be stored in the zram swap devices. This doesn't define how much memory will be used by the zram swap devices.
Type: null or signed integer
Default: null
Declared by:
<nixpkgs/nixos/modules/config/zram.nix>
|
zramSwap.memoryPercentMaximum total amount of memory that can be stored in the zram swap devices
(as a percentage of your total memory). Defaults to 1/2 of your total
RAM. Run zramctl to check how good memory is compressed.
This doesn't define how much memory will be used by the zram swap devices.
Type: signed integer
Default: 50
Declared by:
<nixpkgs/nixos/modules/config/zram.nix>
|
zramSwap.numDevicesNumber of zram devices to create. See also
zramSwap.swapDevices
Type: signed integer
Default: 1
Declared by:
<nixpkgs/nixos/modules/config/zram.nix>
|
zramSwap.priorityPriority of the zram swap devices. It should be a number higher than the priority of your disk-based swap devices (so that the system will fill the zram swap devices before falling back to disk swap).
Type: signed integer
Default: 5
Declared by:
<nixpkgs/nixos/modules/config/zram.nix>
|
zramSwap.swapDevicesNumber of zram devices to be used as swap. Must be
<= zramSwap.numDevices.
Default is same as zramSwap.numDevices, recommended is 1.
Type: null or signed integer
Default: null
Example: 1
Declared by:
<nixpkgs/nixos/modules/config/zram.nix>
|